Ga naar inhoud

C:\Windows\System32\services.exe - Trojaans paard Patched_c.LYU


Aanbevolen berichten

Goededag,

Mijn computer kon ik niet meer update en toen heb ik een scan uitgevoerd van AVG.

daar kwamen 5 virussen uit het scanbestand tot mijn verbazing.

4 van deze zijn gerepareerd/verwijderd door de scan maar van dit Trojaans paard kom ik niet vanaf.

Op een ander forum kwam ik een zelfde probleem tegen en daar werd iemand stap voor stap duidelijk geholpen na een scan die hij moest maken met het programma Hijjackthis.

Ik heb gelijk ook even een scan gemaakt en hoop dat iemand mij kan helpen tegen dit virus.

Zie hieronder en alvast bedankt voor de moeite!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 2:18:57, on 28-7-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Windows\Philips\SPC500NC\Monitor.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files\Samsung\Kies\Kies.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

O4 - HKLM\..\Run: [sPC500NC_Monitor] C:\Windows\Philips\SPC500NC\Monitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Program Files\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1476420548-3530872497-1026628333-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-1476420548-3530872497-1026628333-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)

O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe

--

End of file - 9720 bytes

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Kape,

Bedankt, volgens mij is hij er vanaf.

heb toch even het logbestand gekopieerd.

zitten er nog bijzonderheden tussen dat je kan zien?

ComboFix 12-07-27.03 - Frans den Hoedt 28-07-2012 11:54:51.1.4 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.2046.1271 [GMT 2:00]

Gestart vanuit: c:\users\Frans den Hoedt\Downloads\ComboFix.exe

AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Amazon.ico

c:\programdata\MercadoLivre.ico

c:\windows\Installer\{5fecd64e-dce5-3524-9709-4ef8a7f6c9cb}\@

c:\windows\Installer\{5fecd64e-dce5-3524-9709-4ef8a7f6c9cb}\U\00000001.@

c:\windows\Installer\{5fecd64e-dce5-3524-9709-4ef8a7f6c9cb}\U\80000000.@

c:\windows\Installer\{5fecd64e-dce5-3524-9709-4ef8a7f6c9cb}\U\800000cb.@

.

Besmet exemplaar van c:\windows\system32\services.exe werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-28 to 2012-07-28 ))))))))))))))))))))))))))))))

.

.

2012-07-28 10:03 . 2012-07-28 10:06 -------- d-----w- c:\users\Frans den Hoedt\AppData\Local\temp

2012-07-28 10:03 . 2012-07-28 10:03 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-28 10:03 . 2012-07-28 10:03 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-28 00:15 . 2012-07-28 00:15 388096 ----a-r- c:\users\Frans den Hoedt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-28 00:15 . 2012-07-28 00:15 -------- d-----w- c:\program files\Trend Micro

2012-07-27 23:18 . 2012-07-27 23:18 -------- d-----w- C:\$AVG

2012-07-27 23:04 . 2012-07-27 23:04 -------- d-----w- c:\users\Frans den Hoedt\AppData\Roaming\AVG2012

2012-07-27 23:03 . 2012-07-27 23:27 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-27 23:03 . 2012-07-27 23:03 -------- d-----w- c:\program files\AVG Secure Search

2012-07-27 23:03 . 2012-07-27 23:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-07-27 23:02 . 2012-07-28 09:30 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-27 23:02 . 2012-07-27 23:46 -------- d-----w- c:\programdata\AVG2012

2012-07-27 23:02 . 2012-07-27 23:02 -------- d-----w- c:\program files\AVG

2012-07-27 22:59 . 2012-07-27 22:59 -------- d--h--w- c:\programdata\Common Files

2012-07-27 22:59 . 2012-07-28 09:31 -------- d-----w- c:\programdata\MFAData

2012-07-27 21:39 . 2012-07-27 21:39 -------- d-----w- C:\Temp

2012-07-27 21:38 . 2012-07-27 22:56 -------- d-----w- c:\users\Frans den Hoedt\AppData\Local\Samsung

2012-07-27 21:38 . 2012-07-27 21:38 -------- d-----w- c:\users\Frans den Hoedt\AppData\Roaming\Samsung

2012-07-27 21:37 . 2012-06-04 07:59 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-27 21:37 . 2012-06-04 07:59 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-07-27 21:35 . 2012-06-26 14:03 4659712 ----a-w- c:\windows\system32\Redemption.dll

2012-07-27 21:35 . 2012-07-27 22:56 -------- d-----w- c:\program files\MarkAny

2012-07-27 21:35 . 2012-06-26 14:02 821824 ----a-w- c:\windows\system32\dgderapi.dll

2012-07-27 21:34 . 2012-07-27 21:35 -------- d-----w- c:\program files\Samsung

2012-07-27 21:34 . 2012-07-27 21:35 -------- d-----w- c:\programdata\Samsung

2012-07-27 21:30 . 2012-07-27 21:30 -------- d-----w- c:\users\Frans den Hoedt\AppData\Local\Downloaded Installations

2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\program files\iPod

2012-07-27 16:32 . 2012-07-27 16:33 -------- d-----w- c:\program files\iTunes

2012-07-23 19:45 . 2012-07-23 19:45 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-23 15:41 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2BF5D319-BB5C-4C77-89AE-CA326CE04F8F}\mpengine.dll

2012-07-17 18:02 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-10 20:09 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-04 15:48 . 2012-02-13 17:00 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01DB0D9C-EDEC-4EB2-ACE6-E0932EF85825}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 16:43 . 2012-04-04 16:03 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-27 16:43 . 2011-05-14 00:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-26 14:02 . 2012-06-26 14:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-06-26 14:02 . 2012-06-26 14:02 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 14:02 . 2012-06-26 14:02 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-06-26 14:02 . 2012-06-26 14:02 974848 ----a-w- c:\windows\system32\cis-2.4.dll

2012-06-26 14:02 . 2012-06-26 14:02 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll

2012-06-26 14:02 . 2012-06-26 14:02 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll

2012-06-26 14:02 . 2012-06-26 14:02 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll

2012-06-26 14:02 . 2012-06-26 14:02 57344 ----a-w- c:\windows\system32\MK_Lyric.dll

2012-06-26 14:02 . 2012-06-26 14:02 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll

2012-06-26 14:02 . 2012-06-26 14:02 569344 ----a-w- c:\windows\system32\muzdecode.ax

2012-06-26 14:02 . 2012-06-26 14:02 491520 ----a-w- c:\windows\system32\muzapp.dll

2012-06-26 14:02 . 2012-06-26 14:02 49152 ----a-w- c:\windows\system32\MaJGUILib.dll

2012-06-26 14:02 . 2012-06-26 14:02 45320 ----a-w- c:\windows\system32\MAMACExtract.dll

2012-06-26 14:02 . 2012-06-26 14:02 45056 ----a-w- c:\windows\system32\MaXMLProto.dll

2012-06-26 14:02 . 2012-06-26 14:02 45056 ----a-w- c:\windows\system32\MACXMLProto.dll

2012-06-26 14:02 . 2012-06-26 14:02 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll

2012-06-26 14:02 . 2012-06-26 14:02 352256 ----a-w- c:\windows\system32\MSLUR71.dll

2012-06-26 14:02 . 2012-06-26 14:02 258048 ----a-w- c:\windows\system32\muzoggsp.ax

2012-06-26 14:02 . 2012-06-26 14:02 245760 ----a-w- c:\windows\system32\MSCLib.dll

2012-06-26 14:02 . 2012-06-26 14:02 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe

2012-06-26 14:02 . 2012-06-26 14:02 200704 ----a-w- c:\windows\system32\muzwmts.dll

2012-06-26 14:02 . 2012-06-26 14:02 172032 ----a-w- c:\windows\system32\muzapp.exe

2012-06-26 14:02 . 2012-06-26 14:02 155648 ----a-w- c:\windows\system32\MSFLib.dll

2012-06-26 14:02 . 2012-06-26 14:02 143360 ----a-w- c:\windows\system32\3DAudio.ax

2012-06-26 14:02 . 2012-06-26 14:02 135168 ----a-w- c:\windows\system32\muzaf1.dll

2012-06-26 14:02 . 2012-06-26 14:02 131072 ----a-w- c:\windows\system32\muzmpgsp.ax

2012-06-26 14:02 . 2012-06-26 14:02 122880 ----a-w- c:\windows\system32\muzeffect.ax

2012-06-26 14:02 . 2012-06-26 14:02 118784 ----a-w- c:\windows\system32\MaDRM.dll

2012-06-26 14:02 . 2012-06-26 14:02 110592 ----a-w- c:\windows\system32\muzmp4sp.ax

2012-06-02 22:19 . 2012-06-21 14:26 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 14:26 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 14:26 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 14:26 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 14:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 14:26 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 14:26 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-21 14:26 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:12 . 2012-06-21 14:26 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-01 04:44 . 2012-06-19 16:23 164352 ----a-w- c:\windows\system32\profsvc.dll

2011-06-09 10:03 . 2011-07-27 12:26 143240 ----a-w- c:\program files\Common Files\ApnStub.exe

2010-01-26 09:11 . 2011-05-06 18:33 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe

2012-06-20 17:36 . 2011-03-24 20:01 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-27 23:03 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-07-27 1811296]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"P17RunE"="P17RunE.dll" [2008-03-28 14848]

"SPC500NC_Monitor"="c:\windows\Philips\SPC500NC\Monitor.exe" [2006-11-03 319488]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-27 939872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]

2012-07-16 11:24 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]

2012-07-16 11:23 975800 ----a-w- c:\program files\Samsung\Kies\Kies.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]

2012-07-16 11:23 3524536 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]

2012-07-27 21:26 1193176 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys [x]

R1 MpKsl0032d3ca;MpKsl0032d3ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5513944E-71E9-47EC-B3D8-72F842A02434}\MpKsl0032d3ca.sys [x]

R1 MpKsl007c5f40;MpKsl007c5f40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{609EDC06-5054-4C56-8AF1-EDD9F6A944CE}\MpKsl007c5f40.sys [x]

R1 MpKsl06311cf3;MpKsl06311cf3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D856812-FA6F-4862-8387-EF565E32C6A6}\MpKsl06311cf3.sys [x]

R1 MpKsl0897f2b9;MpKsl0897f2b9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ECA8518F-D7A4-4077-8713-66120E35262A}\MpKsl0897f2b9.sys [x]

R1 MpKsl0a7b226d;MpKsl0a7b226d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CD440D6-1FEA-4F33-BD28-833DDF0E97C7}\MpKsl0a7b226d.sys [x]

R1 MpKsl0ef6d29e;MpKsl0ef6d29e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27193409-7D00-425A-8DC7-1357C3FF8B70}\MpKsl0ef6d29e.sys [x]

R1 MpKsl0f172eea;MpKsl0f172eea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F1F8284-4A0B-4218-BF6B-DA65D9B8544F}\MpKsl0f172eea.sys [x]

R1 MpKsl0fdc280f;MpKsl0fdc280f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC5CCFC1-C679-4226-AD59-49890A45D953}\MpKsl0fdc280f.sys [x]

R1 MpKsl14595918;MpKsl14595918;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE47E76E-D410-4249-9B24-74DDC4BEB45D}\MpKsl14595918.sys [x]

R1 MpKsl169151a3;MpKsl169151a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3EA00DF1-A5EB-40F7-B73B-8B353B973193}\MpKsl169151a3.sys [x]

R1 MpKsl17066fbd;MpKsl17066fbd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3C82427C-283E-49D1-97F7-0FD04B9D35E6}\MpKsl17066fbd.sys [x]

R1 MpKsl187ca231;MpKsl187ca231;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7AC00E8-F3FA-4CD6-9C39-CA684A5D06F5}\MpKsl187ca231.sys [x]

R1 MpKsl1ee53307;MpKsl1ee53307;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{977DCA4D-D0F9-45BF-802E-123617BDA4F3}\MpKsl1ee53307.sys [x]

R1 MpKsl20d320b0;MpKsl20d320b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26675D0C-2DBD-4579-8176-101CDD7EB0BE}\MpKsl20d320b0.sys [x]

R1 MpKsl230fe61e;MpKsl230fe61e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{960E529F-985D-4B05-80FA-61095A8C4C32}\MpKsl230fe61e.sys [x]

R1 MpKsl235f0382;MpKsl235f0382;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31F2FC45-63A7-482A-AE1A-9FB1A0B960AC}\MpKsl235f0382.sys [x]

R1 MpKsl28467d61;MpKsl28467d61;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3655FC3A-41B6-40DF-9BA3-C897CD1ACEE7}\MpKsl28467d61.sys [x]

R1 MpKsl297ab8ec;MpKsl297ab8ec;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A2FD0D0-C94F-4375-8E2C-8B64F04A1CFA}\MpKsl297ab8ec.sys [x]

R1 MpKsl2bd68102;MpKsl2bd68102;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF2C9347-F467-4296-B7E7-DFC469894094}\MpKsl2bd68102.sys [x]

R1 MpKsl3b0ca987;MpKsl3b0ca987;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA561FB0-B5F3-468A-8828-5BA8D49537BA}\MpKsl3b0ca987.sys [x]

R1 MpKsl3dfd5438;MpKsl3dfd5438;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59634699-EC1B-4B13-9EB4-5757D63D38C6}\MpKsl3dfd5438.sys [x]

R1 MpKsl3eee5d8d;MpKsl3eee5d8d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A10F4618-78A1-417A-8121-43CAF018A044}\MpKsl3eee5d8d.sys [x]

R1 MpKsl43f68938;MpKsl43f68938;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DC5CCFC1-C679-4226-AD59-49890A45D953}\MpKsl43f68938.sys [x]

R1 MpKsl49bbc9a5;MpKsl49bbc9a5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8A4F03C-7DBD-425C-8E43-D61557ACBA6F}\MpKsl49bbc9a5.sys [x]

R1 MpKsl4ab5a3ea;MpKsl4ab5a3ea;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7FB8B15-5530-48C2-877D-63908C5AD2BD}\MpKsl4ab5a3ea.sys [x]

R1 MpKsl51249803;MpKsl51249803;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93F71F65-C160-4E29-8B24-F76482BA6075}\MpKsl51249803.sys [x]

R1 MpKsl52200d8e;MpKsl52200d8e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B295E763-25A4-470F-B563-7D7043D3848E}\MpKsl52200d8e.sys [x]

R1 MpKsl52b18e05;MpKsl52b18e05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72FD88D3-1300-444C-AD84-45EB79DEE8D7}\MpKsl52b18e05.sys [x]

R1 MpKsl559700cf;MpKsl559700cf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA0C8AEB-F404-4556-BDAF-F9A4D34FC312}\MpKsl559700cf.sys [x]

R1 MpKsl559999b2;MpKsl559999b2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BCD12157-C511-47BA-B847-6F2A737E769D}\MpKsl559999b2.sys [x]

R1 MpKsl57ee7fb7;MpKsl57ee7fb7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61D57DD3-8753-4703-AACC-9846B236EA20}\MpKsl57ee7fb7.sys [x]

R1 MpKsl5812b290;MpKsl5812b290;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABD2B0AE-D457-40D7-9684-EED6BB6B15C0}\MpKsl5812b290.sys [x]

R1 MpKsl5c603428;MpKsl5c603428;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49D1DE86-B364-4C86-869F-06996174B794}\MpKsl5c603428.sys [x]

R1 MpKsl64dde1c4;MpKsl64dde1c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{312FC048-E414-47C7-9E1F-ABD3D17FE63F}\MpKsl64dde1c4.sys [x]

R1 MpKsl6711d14a;MpKsl6711d14a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C7FB8B15-5530-48C2-877D-63908C5AD2BD}\MpKsl6711d14a.sys [x]

R1 MpKsl69db0ae1;MpKsl69db0ae1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5AC92503-60BF-4285-AA48-3142E4F6E23F}\MpKsl69db0ae1.sys [x]

R1 MpKsl6a48d2e6;MpKsl6a48d2e6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E1B4A0D5-58F6-4500-BCB9-D05EE589707E}\MpKsl6a48d2e6.sys [x]

R1 MpKsl6f7d0168;MpKsl6f7d0168;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27193409-7D00-425A-8DC7-1357C3FF8B70}\MpKsl6f7d0168.sys [x]

R1 MpKsl7032f7d8;MpKsl7032f7d8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3111EC53-E5F4-4163-8F51-4A2945AFC402}\MpKsl7032f7d8.sys [x]

R1 MpKsl70ba4150;MpKsl70ba4150;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{01439D6B-3003-4FDC-9CB0-30AEA59415D8}\MpKsl70ba4150.sys [x]

R1 MpKsl73064b0f;MpKsl73064b0f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72FD88D3-1300-444C-AD84-45EB79DEE8D7}\MpKsl73064b0f.sys [x]

R1 MpKsl7467e69d;MpKsl7467e69d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CCDC233C-09FA-4CB2-9967-8AC669528226}\MpKsl7467e69d.sys [x]

R1 MpKsl74e42d40;MpKsl74e42d40;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1C774C6-3E92-4028-9570-6280E5FB96B6}\MpKsl74e42d40.sys [x]

R1 MpKsl7e60954d;MpKsl7e60954d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3111EC53-E5F4-4163-8F51-4A2945AFC402}\MpKsl7e60954d.sys [x]

R1 MpKsl7fec24a8;MpKsl7fec24a8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1E9D6E4-B0BF-45DC-8714-005F76AC24E3}\MpKsl7fec24a8.sys [x]

R1 MpKsl8716f645;MpKsl8716f645;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DB5BD0E-8DD6-4BBD-B13D-DF7FDF03BFA3}\MpKsl8716f645.sys [x]

R1 MpKsl88e9cef1;MpKsl88e9cef1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88537732-CB0E-4224-9212-11C839504FF9}\MpKsl88e9cef1.sys [x]

R1 MpKsl8a2d9af6;MpKsl8a2d9af6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{27193409-7D00-425A-8DC7-1357C3FF8B70}\MpKsl8a2d9af6.sys [x]

R1 MpKsl8d23fcf9;MpKsl8d23fcf9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78BB7497-BD82-4847-B007-AAD9352E1A36}\MpKsl8d23fcf9.sys [x]

R1 MpKsl95baa29a;MpKsl95baa29a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B876DC1F-33AD-4FB5-AF0B-50EBCDBE777F}\MpKsl95baa29a.sys [x]

R1 MpKsl96463115;MpKsl96463115;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F7920119-B3FE-4999-806D-B70B73761C5C}\MpKsl96463115.sys [x]

R1 MpKsla20622d2;MpKsla20622d2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B9AE8670-3B62-4ACD-A35B-33D044AE48BB}\MpKsla20622d2.sys [x]

R1 MpKsla5c1326f;MpKsla5c1326f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52AAF0A9-3FA6-49EC-BCE2-C9C8EB7830DA}\MpKsla5c1326f.sys [x]

R1 MpKsla66b46fb;MpKsla66b46fb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2D81DC1-12DC-40D0-BD17-B0D53CAAACF5}\MpKsla66b46fb.sys [x]

R1 MpKsla7609033;MpKsla7609033;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA5DAFA5-575E-40C4-8ADA-471D25A58073}\MpKsla7609033.sys [x]

R1 MpKslb40bed02;MpKslb40bed02;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D5A4D8A-7205-49E9-BE21-7104DD16B5AE}\MpKslb40bed02.sys [x]

R1 MpKslb6587e5f;MpKslb6587e5f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59634699-EC1B-4B13-9EB4-5757D63D38C6}\MpKslb6587e5f.sys [x]

R1 MpKslb779fdcb;MpKslb779fdcb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{41C77235-609B-46CA-BCFA-1B0277247D8A}\MpKslb779fdcb.sys [x]

R1 MpKslc144f9c4;MpKslc144f9c4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E63C813C-4326-4664-987C-E426B7CE62AC}\MpKslc144f9c4.sys [x]

R1 MpKslc411f35b;MpKslc411f35b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A2FD0D0-C94F-4375-8E2C-8B64F04A1CFA}\MpKslc411f35b.sys [x]

R1 MpKslcb88134b;MpKslcb88134b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{31F2FC45-63A7-482A-AE1A-9FB1A0B960AC}\MpKslcb88134b.sys [x]

R1 MpKslce8e7a81;MpKslce8e7a81;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{52AAF0A9-3FA6-49EC-BCE2-C9C8EB7830DA}\MpKslce8e7a81.sys [x]

R1 MpKsld1fa9a48;MpKsld1fa9a48;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26675D0C-2DBD-4579-8176-101CDD7EB0BE}\MpKsld1fa9a48.sys [x]

R1 MpKsld7250ec0;MpKsld7250ec0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F1C774C6-3E92-4028-9570-6280E5FB96B6}\MpKsld7250ec0.sys [x]

R1 MpKsldf53bdeb;MpKsldf53bdeb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D856812-FA6F-4862-8387-EF565E32C6A6}\MpKsldf53bdeb.sys [x]

R1 MpKsle1e5f901;MpKsle1e5f901;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D5A4D8A-7205-49E9-BE21-7104DD16B5AE}\MpKsle1e5f901.sys [x]

R1 MpKsle3aaf291;MpKsle3aaf291;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88537732-CB0E-4224-9212-11C839504FF9}\MpKsle3aaf291.sys [x]

R1 MpKsle588d67a;MpKsle588d67a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49D1DE86-B364-4C86-869F-06996174B794}\MpKsle588d67a.sys [x]

R1 MpKsle5a5b549;MpKsle5a5b549;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9DB5BD0E-8DD6-4BBD-B13D-DF7FDF03BFA3}\MpKsle5a5b549.sys [x]

R1 MpKsle5d10605;MpKsle5d10605;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D37436D5-DEF7-43CB-AEC1-880E7ED3272B}\MpKsle5d10605.sys [x]

R1 MpKsle9312907;MpKsle9312907;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A1CCD78E-83F1-4F89-94FA-83719FB70372}\MpKsle9312907.sys [x]

R1 MpKsleb9d2d15;MpKsleb9d2d15;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B417A030-331A-4B45-A90A-B0D16B80E9C0}\MpKsleb9d2d15.sys [x]

R1 MpKslebf9453e;MpKslebf9453e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FC84575-C309-4DE2-B5CC-226119BB1C1F}\MpKslebf9453e.sys [x]

R1 MpKsled20dea0;MpKsled20dea0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6D856812-FA6F-4862-8387-EF565E32C6A6}\MpKsled20dea0.sys [x]

R1 MpKslf2777e28;MpKslf2777e28;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3111EC53-E5F4-4163-8F51-4A2945AFC402}\MpKslf2777e28.sys [x]

R1 MpKslf55c3445;MpKslf55c3445;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBAC727A-FB91-4335-A920-55F5D2ED21F0}\MpKslf55c3445.sys [x]

R1 MpKslf90846de;MpKslf90846de;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ABD2B0AE-D457-40D7-9684-EED6BB6B15C0}\MpKslf90846de.sys [x]

R1 MpKslfa633d53;MpKslfa633d53;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CD440D6-1FEA-4F33-BD28-833DDF0E97C7}\MpKslfa633d53.sys [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R4 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]

S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 SPC500NC;Philips SPC500NC Webcam;c:\windows\system32\DRIVERS\SPC500NC.SYS [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 16:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

mStart Page = hxxp://nl.woofi.info

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll

FF - ProfilePath - c:\users\Frans den Hoedt\AppData\Roaming\Mozilla\Firefox\Profiles\9ng8d4u0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B42e9cc5e-7d69-47ab-8b25-3ae2a0407973%7D&mid=e22ea4d4ce4547d0bf15d1530ba99584-f2de9f68bb51252802dcfda3d7e3ad66ba1613e3&ds=AVG&v=10.0.0.7〈=nl&pr=pr&d=2012-07-28%2001%3A03%3A21&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

SafeBoot-MsMpSvc

MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\Creative\Shared Files\CTAudSvc.exe

c:\program files\NVIDIA Corporation\Display\nvxdsync.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\taskhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\conhost.exe

c:\windows\System32\rundll32.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\DllHost.exe

c:\windows\system32\sppsvc.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-28 12:11:26 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-28 10:11

.

Pre-Run: 189.714.059.264 bytes beschikbaar

Post-Run: 189.641.936.896 bytes beschikbaar

.

- - End Of File - - D4BA3770B2840E52270EA9FFE59D2BCC

Link naar reactie
Delen op andere sites

Problemen van de baan, dan is het tijd voor de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

  • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Herstart nu de PC.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.