Shamhala

No threaths detected, dus dat heeft niet veel geholpen.

Maar we gaan de comp formatteren, ben er helemaal klaar mee.

Ontzettend bedankt voor alle hulp.

[ATTACH]33528[/ATTACH]

Hierna kon ik niet meer op internet met de tekst: De proxyserver reageert niet.

Dus moest systeemherstel doen en nu is alles alweer terug, sry

EamClean.log

Je moet je aanmelden meet een gebruikersnaam en een wachtwoord, klopt dat en dan zomaar wat invullen of is het belangrijk dat je deze ook onthoud?

Dat is zo te merken nu weg, maar de linkjes zijn er nog.

- - - Updated - - -

Sry, wilde daarna doorgeven dat de popups er ook nog zijn toen het probleem met het script ook weer tevoorschijn kwam.

[ATTACH]33519[/ATTACH]

Ziet er goed uit, maar dat had ik hiervoor ook

ComboFix.txt

Er staat dan :

pc-helpforum.be reageert niet vanwege een langlopend script.

Door script stoppen aan te klikken kom je dan een klein stukje verder, dan moet je wel tussendoor zo een 15/20 seconden wachten.

Hoi,

Reclamelinkjes zijn er nog, geen popups meer gezein, maar scrollen kan vooral op deze site niet, krijg ik de melding van een langlopend script. Dus moet ik meteen op reageren klikken anders moet ik in kleine stukjes naar beneden.

[ATTACH]33435[/ATTACH]

AdwCleaner[S0].txt

Het is nog niet weg, de linkjes op woorden naar een shopsite of goksites of wat dan ook zitten zelfs al op jullie site, eigenlijk op bijna alle sites die ik tegenwoordig open, alleen nog niet op startpagina.

[ATTACH]33431[/ATTACH]

zoek-results.log

Sry, virus is weer terug. Pos ups, reclame linkjes en niet kunnen scrollen. Misschien vind je nog wat in die log. Grtjs

[ATTACH]33425[/ATTACH]

- - - Updated - - -

Ziet er tot nu toe nog steeds goed uit moet ik zeggen

log.txt

Heb de scan nog een keer gedaan, moest ook kiezen voor enable of disable, en heb voor disable gekozen en hoop dat dat de goede was, maar daarna kon ik weer niet op internet en kreeg de melding: De proxyserver reageert niet, dus weer systeemherstel, maar nu lijkt alles wel weg, maar ik juich nog niet. Heb nu een programma eDealsPop version 1.0 ontdekt die ik niet wegkrijg, is dit erg of maar gewoon laten zitten.

Nogmaals ontzettend bedankt voor alle hulp.

- - - Updated - - -

sry, heb voor enable gekozen, lol, sry

[ATTACH]33407[/ATTACH]

Hoop dat ik het goed gedaan heb, want er waren 13 infected files, die heeft het programma gecleared, daarna comp opnieuw opgestart en kon met geen mogelijheid meer op internet komen, dus moest uiteindelijk systeemherstel doen en raad eens? Virus is terug, sry

log.txt

[ATTACH]33393[/ATTACH]

Heb de adwcleaner gedaan, maar virus is er nog. Ideeën? toch de link:

AdwCleaner[S0].txt

Sorry, maar het is alweer terug, zal ik eerst die adwcleaner doen, of weet je nog iets om te proberen?

[ATTACH]33352[/ATTACH]

ok, ook gedaan, virus leek eerst terug, lijkt nu weer weg, maar hier de bijlage:

- - - Updated - - -

Wel alvast ontzettend bedankt voor alle hulp, dit had ik zelf nooit gekund.

zoek-results.log

[ATTACH]33337[/ATTACH]

zoek-results.txt

Krijg nu ook steeds het bericht: langlopend script, heel lastig. Maar is dit nu goed?

Sorry, hier is het

Logfile of random's system information tool 1.10 (written by random/random)

Run by Jolanda at 2014-06-26 08:51:14

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 840 GB (89%) free of 943 GB

Total RAM: 4023 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:51:31, on 26-6-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17126)

Boot mode: Normal

Running processes:

C:\Users\Jolanda\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Users\Jolanda\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\8e91ec146fa687b.exe

C:\Program Files (x86)\DownBooster\DownBooster.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files\trend micro\Jolanda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Startpagina.nl | Jouw startpagina voor weer, verkeer en meer

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:23460

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: 216.239.32.20 google.com

O1 - Hosts: 216.239.32.20 google.com www.google.ad

O1 - Hosts: 216.239.32.20 google.com www.google.ae

O1 - Hosts: 216.239.32.20 google.com www.google.com.af

O1 - Hosts: 216.239.32.20 google.com www.google.com.ag

O1 - Hosts: 216.239.32.20 google.com www.google.com.ai

O1 - Hosts: 216.239.32.20 google.com www.google.al

O1 - Hosts: 216.239.32.20 google.com www.google.am

O1 - Hosts: 216.239.32.20 google.com www.google.co.ao

O1 - Hosts: 216.239.32.20 google.com www.google.com.ar

O1 - Hosts: 216.239.32.20 google.com www.google.as

O1 - Hosts: 216.239.32.20 google.com www.google.at

O1 - Hosts: 216.239.32.20 google.com www.google.com.au

O1 - Hosts: 216.239.32.20 google.com www.google.az

O1 - Hosts: 216.239.32.20 google.com www.google.ba

O1 - Hosts: 216.239.32.20 google.com www.google.com.bd

O1 - Hosts: 216.239.32.20 google.com www.google.be

O1 - Hosts: 216.239.32.20 google.com www.google.bf

O1 - Hosts: 216.239.32.20 google.com www.google.bg

O1 - Hosts: 216.239.32.20 google.com www.google.com.bh

O1 - Hosts: 216.239.32.20 google.com www.google.bi

O1 - Hosts: 216.239.32.20 google.com www.google.bj

O1 - Hosts: 216.239.32.20 google.com www.google.com.bn

O1 - Hosts: 216.239.32.20 google.com www.google.com.bo

O1 - Hosts: 216.239.32.20 google.com www.google.com.br

O1 - Hosts: 216.239.32.20 google.com www.google.bs

O1 - Hosts: 216.239.32.20 google.com www.google.bt

O1 - Hosts: 216.239.32.20 google.com www.google.co.bw

O1 - Hosts: 216.239.32.20 google.com www.google.by

O1 - Hosts: 216.239.32.20 google.com www.google.com.bz

O1 - Hosts: 216.239.32.20 google.com www.google.ca

O1 - Hosts: 216.239.32.20 google.com www.google.cd

O1 - Hosts: 216.239.32.20 google.com www.google.cf

O1 - Hosts: 216.239.32.20 google.com www.google.cg

O1 - Hosts: 216.239.32.20 google.com www.google.ch

O1 - Hosts: 216.239.32.20 google.com www.google.ci

O1 - Hosts: 216.239.32.20 google.com www.google.co.ck

O1 - Hosts: 216.239.32.20 google.com www.google.cl

O1 - Hosts: 216.239.32.20 google.com www.google.cm

O1 - Hosts: 216.239.32.20 google.com www.google.cn

O1 - Hosts: 216.239.32.20 google.com www.google.com.co

O1 - Hosts: 216.239.32.20 google.com www.google.co.cr

O1 - Hosts: 216.239.32.20 google.com www.google.com.cu

O1 - Hosts: 216.239.32.20 google.com www.google.cv

O1 - Hosts: 216.239.32.20 google.com www.google.com.cy

O1 - Hosts: 216.239.32.20 google.com www.google.cz

O1 - Hosts: 216.239.32.20 google.com www.google.de

O1 - Hosts: 216.239.32.20 google.com www.google.dj

O1 - Hosts: 216.239.32.20 google.com www.google.dk

O1 - Hosts: 216.239.32.20 google.com www.google.dm

O1 - Hosts: 216.239.32.20 google.com www.google.com.do

O1 - Hosts: 216.239.32.20 google.com www.google.dz

O1 - Hosts: 216.239.32.20 google.com www.google.com.ec

O1 - Hosts: 216.239.32.20 google.com www.google.ee

O1 - Hosts: 216.239.32.20 google.com www.google.com.eg

O1 - Hosts: 216.239.32.20 google.com www.google.es

O1 - Hosts: 216.239.32.20 google.com www.google.com.et

O1 - Hosts: 216.239.32.20 google.com www.google.fi

O1 - Hosts: 216.239.32.20 google.com www.google.com.fj

O1 - Hosts: 216.239.32.20 google.com www.google.fm

O1 - Hosts: 216.239.32.20 google.com www.google.fr

O1 - Hosts: 216.239.32.20 google.com www.google.ga

O1 - Hosts: 216.239.32.20 google.com www.google.ge

O1 - Hosts: 216.239.32.20 google.com www.google.gg

O1 - Hosts: 216.239.32.20 google.com www.google.com.gh

O1 - Hosts: 216.239.32.20 google.com www.google.com.gi

O1 - Hosts: 216.239.32.20 google.com www.google.gl

O1 - Hosts: 216.239.32.20 google.com www.google.gm

O1 - Hosts: 216.239.32.20 google.com www.google.gp

O1 - Hosts: 216.239.32.20 google.com www.google.gr

O1 - Hosts: 216.239.32.20 google.com www.google.com.gt

O1 - Hosts: 216.239.32.20 google.com www.google.gy

O1 - Hosts: 216.239.32.20 google.com www.google.com.hk

O1 - Hosts: 216.239.32.20 google.com www.google.hn

O1 - Hosts: 216.239.32.20 google.com www.google.hr

O1 - Hosts: 216.239.32.20 google.com www.google.ht

O1 - Hosts: 216.239.32.20 google.com www.google.hu

O1 - Hosts: 216.239.32.20 google.com www.google.co.id

O1 - Hosts: 216.239.32.20 google.com www.google.ie

O1 - Hosts: 216.239.32.20 google.com www.google.co.il

O1 - Hosts: 216.239.32.20 google.com www.google.im

O1 - Hosts: 216.239.32.20 google.com www.google.co.in

O1 - Hosts: 216.239.32.20 google.com www.google.iq

O1 - Hosts: 216.239.32.20 google.com www.google.is

O1 - Hosts: 216.239.32.20 google.com www.google.it

O1 - Hosts: 216.239.32.20 google.com www.google.je

O1 - Hosts: 216.239.32.20 google.com www.google.com.jm

O1 - Hosts: 216.239.32.20 google.com www.google.jo

O1 - Hosts: 216.239.32.20 google.com www.google.co.jp

O1 - Hosts: 216.239.32.20 google.com www.google.co.ke

O1 - Hosts: 216.239.32.20 google.com www.google.com.kh

O1 - Hosts: 216.239.32.20 google.com www.google.ki

O1 - Hosts: 216.239.32.20 google.com www.google.kg

O1 - Hosts: 216.239.32.20 google.com www.google.co.kr

O1 - Hosts: 216.239.32.20 google.com www.google.com.kw

O1 - Hosts: 216.239.32.20 google.com www.google.kz

O1 - Hosts: 216.239.32.20 google.com www.google.la

O1 - Hosts: 216.239.32.20 google.com www.google.com.lb

O1 - Hosts: 216.239.32.20 google.com www.google.li

O1 - Hosts: 216.239.32.20 google.com www.google.lk

O1 - Hosts: 216.239.32.20 google.com www.google.co.ls

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (file missing)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Jolanda\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

O4 - HKLM\..\Run: [NCUpdateHelper] C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Jolanda\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: Dropbox.lnk = Jolanda\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: Facebook Messenger.lnk = Jolanda\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Rich Media Downloader - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - C:\Users\Jolanda\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (file missing)

O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (file missing)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: 242909a264524de.exe - Unknown owner - C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\242909a264524de.exe

O23 - Service: 30ebdf09de6824e.exe - Unknown owner - C:\Users\Jolanda\AppData\Local\8a96c2807ddc45c8161e296b6f20db05\30ebdf09de6824e.exe (file missing)

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Trend Micro Solution Platform (Amsp) - Unknown owner - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing)

O23 - Service: MBAMService - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WinUpd - Unknown owner - C:\Program Files (x86)\WinUpd\WinUpd.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 17902 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

wininit.exe

%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

winlogon.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

"c:\Program Files\Microsoft Security Client\MsMpEng.exe"

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

atieclxx

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\242909a264524de.exe

"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

"taskhost.exe"

"C:\Windows\system32\Dwm.exe"

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"

"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"

C:\Windows\system32\svchost.exe -k imgsvc

"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

WLIDSvcM.exe 2456

"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"

"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"C:\Users\Jolanda\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup

"C:\Users\Jolanda\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe"

"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr

"C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"

"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"

"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0

C:\Windows\system32\SearchIndexer.exe /Embedding

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:/Users/Jolanda/AppData/Local/e0241ff46e59c0cd941aaac908f135c2\8e91ec146fa687b.exe

"c:\Program Files\Microsoft Security Client\NisSrv.exe"

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

"C:\Program Files\Windows Media Player\wmpnetwk.exe"

"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-28faa834-a1c0-461a-b372-1a5d7cd5784b -SystemEventPortName:HostProcess-8ba54b15-e0ee-4347-87fd-550d39b6c6ba -IoCancelEventPortName:HostProcess-9dd47490-d3f5-4ea9-9408-08d476081c94 -NonStateChangingEventPortName:HostProcess-ec90fbc6-88df-4048-8bfb-c552112cce0d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:439d1464-0baa-4c8d-b7e1-f815ef434d2a -DeviceGroupId:WpdFsGroup

"C:\Program Files (x86)\WinUpd\WinUpd.exe"

"C:\Program Files (x86)\DownBooster\DownBooster.exe"

C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe -Embedding

"C:\Program Files\Internet Explorer\iexplore.exe" http://www.pc-helpforum.be/register.php?a=act&u=49443&i=981c481c8e79b3f9cd1797717b45684b5092df1b

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6724 CREDAT:267521 /prefetch:2

"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6724 CREDAT:595326 /prefetch:2

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\sppsvc.exe

"C:\Users\Jolanda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JT6S9331\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2222692359-2605595293-2164721788-1000Core.job - C:\Users\Jolanda\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver

C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2222692359-2605595293-2164721788-1000UA.job - C:\Users\Jolanda\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]

TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-06-26 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]

TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]

TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]

Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-09-30 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]

Windows Live Messenger Companion Helper - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}]

Rich Media Downloader - C:\Users\Jolanda\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-06-26 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]

TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-09-30 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-06-26 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-06-26 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-06-02 7834656]

"Skytel"=C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2009-06-02 1833504]

"VizorHtmlDialog.exe"=C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe DEF EULA C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html DEF DEF DEF []

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"=C:\Users\Jolanda\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-19 138096]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 336384]

"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

"RemoteControl9"=C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]

"PDVD9LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472]

"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [2009-11-19 75048]

"NCUpdateHelper"=C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe []

"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

C:\Users\Jolanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dropbox.lnk - C:\Users\Jolanda\AppData\Roaming\Dropbox\bin\Dropbox.exe

Facebook Messenger.lnk - C:\Users\Jolanda\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

OneNote 2007 Schermopname en Snel starten.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableUIADesktopToggle"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoActiveDesktop"=1

"NoActiveDesktopChanges"=1

"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-06-26 08:51:14 ----D---- C:\rsit

2014-06-26 08:51:14 ----D---- C:\Program Files\trend micro

2014-06-26 08:22:10 ----D---- C:\Program Files (x86)\WinUpd

2014-06-26 08:22:10 ----D---- C:\Program Files (x86)\DownBooster

2014-06-26 08:19:02 ----D---- C:\ProgramData\HitmanPro

2014-06-26 07:50:03 ----D---- C:\Program Files\Google

2014-06-11 20:06:19 ----A---- C:\Windows\SYSWOW64\usp10.dll

2014-06-11 20:06:19 ----A---- C:\Windows\system32\usp10.dll

2014-06-11 20:06:18 ----A---- C:\Windows\system32\drivers\tcpip.sys

2014-06-11 20:06:18 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS

2014-06-11 20:06:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll

2014-06-11 20:06:17 ----A---- C:\Windows\system32\msxml6.dll

2014-06-11 20:06:17 ----A---- C:\Windows\system32\msxml3.dll

2014-06-11 20:06:16 ----A---- C:\Windows\SYSWOW64\msxml6r.dll

2014-06-11 20:06:16 ----A---- C:\Windows\SYSWOW64\msxml3r.dll

2014-06-11 20:06:16 ----A---- C:\Windows\SYSWOW64\msxml3.dll

2014-06-11 20:06:16 ----A---- C:\Windows\system32\msxml6r.dll

2014-06-11 20:06:16 ----A---- C:\Windows\system32\msxml3r.dll

2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll

2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\mshtmled.dll

2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll

2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll

2014-06-11 20:06:14 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll

2014-06-11 20:06:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll

2014-06-11 20:06:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll

2014-06-11 20:06:13 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll

2014-06-11 20:06:13 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-11 20:06:13 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-06-11 20:06:12 ----A---- C:\Windows\SYSWOW64\jsproxy.dll

2014-06-11 20:06:12 ----A---- C:\Windows\SYSWOW64\iesetup.dll

2014-06-11 20:06:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll

2014-06-11 20:06:12 ----A---- C:\Windows\SYSWOW64\iernonce.dll

2014-06-11 20:06:12 ----A---- C:\Windows\system32\urlmon.dll

2014-06-11 20:06:12 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-06-11 20:06:11 ----A---- C:\Windows\SYSWOW64\ieui.dll

2014-06-11 20:06:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll

2014-06-11 20:06:11 ----A---- C:\Windows\SYSWOW64\dxtrans.dll

2014-06-11 20:06:11 ----A---- C:\Windows\system32\msfeeds.dll

2014-06-11 20:06:11 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-06-11 20:06:11 ----A---- C:\Windows\system32\dxtmsft.dll

2014-06-11 20:06:10 ----A---- C:\Windows\system32\iesetup.dll

2014-06-11 20:06:10 ----A---- C:\Windows\system32\iertutil.dll

2014-06-11 20:06:10 ----A---- C:\Windows\system32\ie4uinit.exe

2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\wininet.dll

2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\vbscript.dll

2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\msrating.dll

2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll

2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\jscript9.dll

2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe

2014-06-11 20:06:09 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll

2014-06-11 20:06:09 ----A---- C:\Windows\system32\jsproxy.dll

2014-06-11 20:06:09 ----A---- C:\Windows\system32\iernonce.dll

2014-06-11 20:06:08 ----A---- C:\Windows\system32\ieui.dll

2014-06-11 20:06:08 ----A---- C:\Windows\system32\ieframe.dll

2014-06-11 20:06:08 ----A---- C:\Windows\system32\dxtrans.dll

2014-06-11 20:06:07 ----A---- C:\Windows\system32\vbscript.dll

2014-06-11 20:06:07 ----A---- C:\Windows\system32\mshtmlmedia.dll

2014-06-11 20:06:07 ----A---- C:\Windows\system32\mshtmled.dll

2014-06-11 20:06:07 ----A---- C:\Windows\system32\jscript9diag.dll

2014-06-11 20:06:07 ----A---- C:\Windows\system32\jscript9.dll

2014-06-11 20:06:07 ----A---- C:\Windows\system32\ieUnatt.exe

2014-06-11 20:06:06 ----A---- C:\Windows\system32\wininet.dll

2014-06-11 20:06:06 ----A---- C:\Windows\system32\msrating.dll

2014-06-11 20:06:06 ----A---- C:\Windows\system32\ieapfltr.dll

2014-06-11 20:06:05 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-11 20:06:05 ----A---- C:\Windows\system32\mshtml.dll

2014-06-11 20:05:55 ----A---- C:\Windows\system32\aepdu.dll

2014-06-11 20:05:54 ----A---- C:\Windows\system32\aeinv.dll

2014-06-02 12:45:13 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-06-01 20:43:38 ----D---- C:\ProgramData\Malwarebytes

======List of files/folders modified in the last 1 month======

2014-06-26 08:51:14 ----RD---- C:\Program Files

2014-06-26 08:51:05 ----D---- C:\Windows\Temp

2014-06-26 08:31:32 ----D---- C:\Windows\system32\config

2014-06-26 08:22:10 ----RD---- C:\Program Files (x86)

2014-06-26 08:19:02 ----HD---- C:\ProgramData

2014-06-26 08:13:50 ----D---- C:\Windows\system32\Tasks

2014-06-26 07:59:01 ----SHD---- C:\Windows\Installer

2014-06-26 07:52:14 ----D---- C:\Windows\inf

2014-06-26 07:52:10 ----D---- C:\Windows\debug

2014-06-26 07:52:10 ----D---- C:\Windows

2014-06-26 07:50:53 ----D---- C:\Program Files (x86)\Google

2014-06-26 07:50:07 ----D---- C:\ProgramData\Google

2014-06-26 07:49:29 ----D---- C:\Windows\Tasks

2014-06-26 07:49:23 ----D---- C:\Windows\Prefetch

2014-06-26 07:30:38 ----D---- C:\Windows\system32\drivers

2014-06-26 07:14:51 ----D---- C:\Users\Jolanda\AppData\Roaming\Dropbox

2014-06-25 22:50:52 ----SHD---- C:\System Volume Information

2014-06-25 22:38:57 ----D---- C:\Windows\ServiceProfiles

2014-06-25 10:51:40 ----D---- C:\Windows\system32\wfp

2014-06-25 10:51:38 ----D---- C:\Windows\system32\wbem

2014-06-25 10:50:58 ----D---- C:\Windows\system32\NDF

2014-06-25 10:50:58 ----D---- C:\Windows\system32\DriverStore

2014-06-25 10:50:58 ----D---- C:\Windows\system32\catroot2

2014-06-25 10:50:58 ----D---- C:\Windows\System32

2014-06-25 10:50:58 ----D---- C:\Windows\AppCompat

2014-06-25 10:50:58 ----D---- C:\Users\Jolanda\AppData\Roaming\Tibia

2014-06-25 10:50:43 ----D---- C:\Windows\registration

2014-06-16 18:10:56 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-06-12 10:21:08 ----D---- C:\Windows\rescache

2014-06-12 09:26:53 ----D---- C:\Windows\winsxs

2014-06-12 09:23:22 ----D---- C:\Windows\SysWOW64

2014-06-12 09:23:19 ----D---- C:\Program Files\Internet Explorer

2014-06-12 09:23:18 ----D---- C:\Windows\SYSWOW64\en-US

2014-06-12 09:23:16 ----D---- C:\Windows\system32\en-US

2014-06-12 09:23:16 ----D---- C:\Program Files (x86)\Internet Explorer

2014-06-11 22:46:35 ----D---- C:\Windows\system32\MRT

2014-06-11 22:45:16 ----A---- C:\Windows\system32\MRT.exe

2014-06-11 22:45:07 ----D---- C:\ProgramData\Microsoft Help

2014-06-11 22:43:27 ----SD---- C:\Windows\system32\CompatTel

2014-06-11 20:05:49 ----D---- C:\Windows\system32\catroot

2014-06-01 21:33:51 ----D---- C:\ProgramData\Trymedia

2014-06-01 20:55:49 ----D---- C:\Windows\fr-FR

2014-06-01 20:54:56 ----D---- C:\ProgramData\Windows

2014-05-27 16:55:43 ----D---- C:\Program Files (x86)\Tibia

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]

R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2010-09-17 105552]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/07/31 19:26:11]; \??\C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2009-05-07 146928]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]

R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2010-09-17 90704]

R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2010-09-17 144464]

R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]

R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 9258496]

R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-03-09 300544]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-06-02 1766944]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []

R3 RegFltrX64;RegFltrX64; \??\C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\RegFltrX64.sys [2014-05-27 18064]

R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]

R3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]

R4 mbamchameleon;mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys []

S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []

S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-03-09 9258496]

S3 FIXUSTOR;FIXUSTOR; C:\Windows\system32\DRIVERS\fixustor.sys [2007-06-11 14592]

S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 48488]

S3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 242909a264524de.exe;242909a264524de.exe; C:\Users\Jolanda\AppData\Local\e0241ff46e59c0cd941aaac908f135c2\242909a264524de.exe [2014-05-27 93696]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-08 65432]

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-03-09 203776]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]

R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-29 935208]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-27 271760]

R2 WinUpd;WinUpd; C:\Program Files (x86)\WinUpd\WinUpd.exe [2014-05-14 59904]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]

S2 30ebdf09de6824e.exe;30ebdf09de6824e.exe; C:\Users\Jolanda\AppData\Local\8a96c2807ddc45c8161e296b6f20db05\30ebdf09de6824e.exe []

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]

S2 gupdate;Google Update-service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26 116648]

S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe []

S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe []

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]

S3 Amsp;Trend Micro Solution Platform; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -m=rb -dt=60000 []

S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-26 116648]

S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-06-26 194032]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 111616]

S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-31 1255736]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

- - - Updated - - -

sorry, dat lukt me niet, krijg steeds dit bericht:

Fatal error: Maximum execution time of 30 seconds exceeded in /home/pchelpfor/domains/pc-helpforum.be/public_html/includes/functions.php on line 2351

OK, volgens mij gelukt en nu?

Hoe verwijder ik het pirritsuggestor virus. Heb al meerdere dingen geprobeerd maar dat schijnt het alleen maar erger te maken en dan is het evengoed nog niet weg. Na een tijdje (paar weken, dacht nl eerste negeer het gewoon) kon ik zelfs niet meer op internet. dat heb ik weten te herstellen, malwarescan gedaan, pcclean gedaan, maar zoals ik zei schijnt het dat alleen maar erger te maken, dus voordat ik nog iets stoms doe, graag hulp