ik blijf die virussen krijgen ...

Gery · 24 aug 2012

zie in : ik krijg steeds melding virus hieronder.
Het probleem blijft.

en zoals je ziet staat alles uit op mijne c, dus die system restore... ( als ik hem opzet en naar de map ga kijken : 0 bytes )
maar hij staat af. en die map is er niet, ik scan met AVG, en niks, ik scan met malware bytes, en ik krijg die meldingen telkens opnieuw, maar dan via mijnen AVG.

en hij kan ze niet verwijderen want :

Dus nogmaals : enkel als ik scan met Malw.Bytes geeft AVG me die virusmeldingen. MB zegt dat er geen zijn.
win 7 home, system restore uitgeschakelt op al men drives, dus nu zowat einde raad.

DDragon80 · 24 aug 2012

Heb je in vorige post al een oplossing aangeboden maar ga het nogmaals doen.
Opstarten in veilige modus met netwerkmogelijkheden (F8 drukken na BIOS post en voor het Windows bootlogo)
1) Hitman Pro downloaden, éénmalige scan uitvoeren en alle malware laten verwijderen.
2) combofix downloaden en zen werk laten doen.
3) PC normaal terug opstarten

Qtex · 24 aug 2012

in het vorige topic met hetzelfde probleem gaf je te kennen dat het was opgelost ..http://www.pctuts.be/f395/windows-7...us-system-volume-42079/index2.html#post145363

dat was dus niet het geval !!!

Gery · 24 aug 2012

idd. heb 1 scan gehad ( na de laatste post in het forum hier ) en niks aan de hand, maar nu doet hij het weer zoals vanouds, elke keer in dezelfde map die virussen...)
Ik ga seffens dat van Dragon eens doen.

swake · 24 aug 2012

Voer eens het stappenplan uit.

J.W. · 24 aug 2012

Gery zei:
zie in : ik krijg steeds melding virus hieronder.
Het probleem blijft.

Bekijk bijlage 9214

en zoals je ziet staat alles uit op mijne c, dus die system restore... ( als ik hem opzet en naar de map ga kijken : 0 bytes )
maar hij staat af. en die map is er niet, ik scan met AVG, en niks, ik scan met malware bytes, en ik krijg die meldingen telkens opnieuw, maar dan via mijnen AVG.

en hij kan ze niet verwijderen want :

Bekijk bijlage 9215

Dus nogmaals : enkel als ik scan met Malw.Bytes geeft AVG me die virusmeldingen. MB zegt dat er geen zijn.
win 7 home, system restore uitgeschakelt op al men drives, dus nu zowat einde raad.

Dit zijn ex-bedreigingen die in Malwarebytes in quarantaine staan.
Maak in Malwarebytes het onderdeel quarantaine leeg en u bent van die meldingen van AVG af.

swake · 24 aug 2012

Dit zijn ex-bedreigingen die in Malwarebytes in quarantaine staan.
Maak in Malwarebytes het onderdeel quarantaine leeg en u bent van die meldingen van AVG af.

En als de oorzaak hiervan niet behandelt word blijven die maar terugkomen. Het gaat hier wel om trojan droppers !!!

Gery · 24 aug 2012

@ dragon : alles gedaan wat jij schreef ( Hitman vond 1 trojan in de folder download : en dat was dan nog een freeware prog.
nadien scan gedaan en hetzelfde..
@J.w. : ik dacht : dat is het ei van columbus : maar spijtig genoeg ( na verwijderen van alles in quarantine en meldingen in MB en AVG ) het ei was rot : na ne scan: ik heb het nog altijd.

Gery · 24 aug 2012

@ swake : jou stappenplan ook gedaan en ... niks verschil.

DDragon80 · 24 aug 2012

Gery zei:
@ dragon : alles gedaan wat jij schreef ( Hitman vond 1 trojan in de folder download : en dat was dan nog een freeware prog.
nadien scan gedaan en hetzelfde..
@J.w. : ik dacht : dat is het ei van columbus : maar spijtig genoeg ( na verwijderen van alles in quarantine en meldingen in MB en AVG ) het ei was rot : na ne scan: ik heb het nog altijd.

Bekijk bijlage 9217

Kan je even het volledige path tonen waar die bestanden zich bevinden aub?

swake · 24 aug 2012

Ik zou hiervan graag de logjes eens zien zodat de oorzaak kan behandelt worden.
HijackThis en DDS zijn analyse tools.

Gery · 24 aug 2012

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Gery at 14:47:04 on 2012-08-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4094.2594 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.be/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SPYDER~1.LNK - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 195.130.130.4 195.130.131.4
TCP: Interfaces\{F4CCC7F9-0C8F-45CA-847F-81E65F0DF6BF} : DhcpNameServer = 195.130.130.4 195.130.131.4
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: {B4B3001E-0F56-4E51-8250-BDE11547EC55} - No File
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-9-19 122880]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250568]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys --> C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys [?]
S3 BioNTDrv;BioNTDrv;C:\Program Files (x86)\Paragon Software\Migrate OS to SSD 2.0 Special Edition\program\biontdrv.sys [2011-9-23 19024]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-8-16 245760]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-8-17 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-8-17 8456]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-8-16 1038088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 Spyder3;Datacolor Spyder3;C:\Windows\system32\DRIVERS\Spyder3.sys --> C:\Windows\system32\DRIVERS\Spyder3.sys [?]
S3 SynasUSB;SynasUSB;C:\Windows\system32\drivers\SynUSB64.sys --> C:\Windows\system32\drivers\SynUSB64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-24 10:18:28 -------- d-----w- C:\Users\Gery\AppData\Local\{D3F7E5D2-8BB6-4B04-BF25-D0A106E9A4CD}
2012-08-24 09:50:29 98816 ----a-w- C:\Windows\sed.exe
2012-08-24 09:50:29 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-24 09:50:29 256000 ----a-w- C:\Windows\PEV.exe
2012-08-24 09:50:29 208896 ----a-w- C:\Windows\MBR.exe
2012-08-24 09:38:22 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-08-24 09:30:55 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-23 21:46:15 -------- d-----w- C:\Users\Gery\AppData\Local\{4CB10B12-931E-4282-BAD5-6ED824D11086}
2012-08-23 08:00:14 -------- d-----w- C:\Users\Gery\AppData\Local\{06E1A680-35B0-44AD-826E-DB63396A6B02}
2012-08-22 19:09:55 -------- d-----w- C:\Users\Gery\AppData\Local\{71D901B2-714A-4740-9E90-E2EF80D18B91}
2012-08-22 07:08:24 -------- d-----w- C:\Users\Gery\AppData\Local\{98603379-5B70-4EE6-A862-A01FA896E4F0}
2012-08-21 13:47:30 -------- d-----w- C:\Users\Gery\AppData\Local\{0FA7B2C5-6334-498D-B9CA-423CA1E1E8F2}
2012-08-21 12:32:22 -------- d-----w- C:\Users\Gery\AppData\Local\{36814100-37B4-48FF-A495-24E115B1C19C}
2012-08-20 22:19:16 -------- d-----w- C:\Users\Gery\AppData\Local\{7BB27776-A823-474A-9873-2E9E6AC3EB90}
2012-08-20 09:44:51 -------- d-----w- C:\Users\Gery\AppData\Local\{7464801B-6594-4296-B0A3-E55966DFA127}
2012-08-20 09:36:54 -------- d-----w- C:\Users\Gery\AppData\Local\{A3915445-763B-4B39-94DB-3F809243B008}
2012-08-19 17:12:47 -------- d-----w- C:\Users\Gery\AppData\Local\{4E62CDF8-7AC3-4B16-AEA0-5472F1CDD316}
2012-08-19 05:05:46 -------- d-----w- C:\Users\Gery\AppData\Local\{0C27087E-65EE-4595-8DE4-B46FF285A0F3}
2012-08-18 09:23:18 -------- d-----w- C:\Users\Gery\AppData\Local\{9968CCA7-A2A3-4366-8010-A0A3ADAACA8E}
2012-08-18 09:23:13 -------- d-----w- C:\Users\Gery\AppData\Local\{F06A27B7-8D0A-4487-85A5-AA8F56B04982}
2012-08-17 20:19:39 -------- d-----w- C:\Users\Gery\AppData\Local\{A8F4CF76-7DEE-47A6-8DE2-DB575B6AD967}
2012-08-17 20:19:34 -------- d-----w- C:\Users\Gery\AppData\Local\{3CD65BC9-3F6A-4B31-9877-7ACEAEC04E8A}
2012-08-17 07:08:00 -------- d-----w- C:\Users\Gery\AppData\Local\{CC77E375-5F30-425B-9513-449AC6F04206}
2012-08-17 07:07:57 -------- d-----w- C:\Users\Gery\AppData\Local\{0851ABDC-7E05-44A0-A0CE-C907281BF9EB}
2012-08-16 10:00:34 -------- d-----w- C:\Users\Gery\AppData\Local\{71F058C2-CFDE-4674-8994-34E1A755331A}
2012-08-16 10:00:21 -------- d-----w- C:\Users\Gery\AppData\Local\{5E8656C2-994D-484A-9E8B-FF11BA493F1C}
2012-08-15 21:27:28 -------- d-----w- C:\Users\Gery\AppData\Local\{A2F3ECA1-5042-4E12-96F2-4452FFADB7E2}
2012-08-15 21:27:15 -------- d-----w- C:\Users\Gery\AppData\Local\{56C2335F-602A-4C56-9B39-50F919265DB4}
2012-08-15 14:59:38 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 14:59:38 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 14:59:38 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 14:59:38 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 14:59:38 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 14:59:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 14:59:36 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 14:59:36 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 14:59:36 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 14:59:34 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 14:59:33 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-15 07:33:20 -------- d-----w- C:\Users\Gery\AppData\Local\{5593E69A-5ACC-4E61-8400-FCD7C76E48E8}
2012-08-15 07:33:16 -------- d-----w- C:\Users\Gery\AppData\Local\{ED151E5C-65D1-4261-B5F7-3FC291082E78}
2012-08-14 13:14:09 -------- d-----w- C:\Users\Gery\AppData\Local\{441FE43C-4274-4490-8DF4-8E421996B125}
2012-08-14 13:13:55 -------- d-----w- C:\Users\Gery\AppData\Local\{4806A0B1-B7E5-4CF5-BDA4-D5F0D46EFD9C}
2012-08-13 19:20:33 -------- d-----w- C:\Users\Gery\AppData\Local\{C8C84B47-054B-43EB-96D4-2491FE0C3CB8}
2012-08-13 19:20:32 -------- d-----w- C:\Users\Gery\AppData\Local\{BBB1CE41-8B7D-4AF5-B31B-B8F3BC189003}
2012-08-13 07:12:42 -------- d-----w- C:\Users\Gery\AppData\Local\{A4B7EB1B-DEAF-4C44-BF8B-48DA62326831}
2012-08-13 07:12:35 -------- d-----w- C:\Users\Gery\AppData\Local\{749398EF-7540-41A7-B34A-54622694FFEF}
2012-08-12 16:20:24 -------- d-----w- C:\Users\Gery\AppData\Local\{976904F8-1F5F-478B-9CE3-0417416151CD}
2012-08-12 16:20:11 -------- d-----w- C:\Users\Gery\AppData\Local\{874CA04A-B742-4CCB-90B6-F3786FCC4198}
2012-08-11 19:49:43 -------- d-----w- C:\Users\Gery\AppData\Local\{5F550D7E-0F14-430C-B4E4-AE3CE5F49677}
2012-08-11 19:49:31 -------- d-----w- C:\Users\Gery\AppData\Local\{159AA8EC-E721-4A92-806B-D5F014834E12}
2012-08-10 21:00:29 -------- d-----w- C:\Users\Gery\AppData\Local\{F2433DE2-F114-40B2-8C08-DA0D2EC8BF31}
2012-08-10 21:00:20 -------- d-----w- C:\Users\Gery\AppData\Local\{A53A329A-D373-4D14-958B-3BB11F2A2C3F}
2012-08-10 08:20:37 -------- d-----w- C:\Users\Gery\AppData\Local\{E3D7F742-5A0E-4F0A-9EF4-23ED3169FF4B}
2012-08-10 08:20:35 -------- d-----w- C:\Users\Gery\AppData\Local\{D7530245-43FE-43E0-BE63-E6EFCF24090B}
2012-08-09 19:54:24 -------- d-----w- C:\Users\Gery\AppData\Local\{40B57DCF-7EC3-46A3-93A4-57C687ED0472}
2012-08-09 19:54:18 -------- d-----w- C:\Users\Gery\AppData\Local\{3FB8EBB8-8821-4319-BC7C-AC006B7B5D0A}
2012-08-09 07:15:32 -------- d-----w- C:\Users\Gery\AppData\Local\{08C1AA74-2FD3-4359-9CE3-FC09437D9F32}
2012-08-09 07:15:26 -------- d-----w- C:\Users\Gery\AppData\Local\{4C525642-C984-423B-9C7D-71F0B10A82FA}
2012-08-08 18:40:58 -------- d-----w- C:\Users\Gery\AppData\Local\{ABA25A82-2CA3-406D-9730-0493E918932E}
2012-08-08 18:40:46 -------- d-----w- C:\Users\Gery\AppData\Local\{92D7F639-F1C6-4175-986B-E93989DDC882}
2012-08-08 06:34:32 -------- d-----w- C:\Users\Gery\AppData\Local\{B6C66A7D-E849-43DF-9AA1-9A3FE2D777BA}
2012-08-08 06:34:29 -------- d-----w- C:\Users\Gery\AppData\Local\{78BF453C-37EE-4C85-8977-B03D18BA03EA}
2012-08-07 15:35:57 -------- d-----w- C:\Users\Gery\AppData\Local\{B6863511-D67C-400C-BEB6-320FE8E85AAF}
2012-08-07 15:35:54 -------- d-----w- C:\Users\Gery\AppData\Local\{10B95A57-A5AA-479D-9AA7-80D588B4FBA7}
2012-08-06 22:24:07 -------- d-----w- C:\Users\Gery\AppData\Local\{5A5BC664-F8EA-44AF-A4E3-812D19528F32}
2012-08-06 22:23:55 -------- d-----w- C:\Users\Gery\AppData\Local\{85D8D518-15CF-4DA9-860C-88DC63C07E0C}
2012-08-06 10:23:38 -------- d-----w- C:\Users\Gery\AppData\Local\{67A6FF04-CA00-4C53-AFF8-B4806D56AAE6}
2012-08-06 10:23:25 -------- d-----w- C:\Users\Gery\AppData\Local\{F548AAA1-47E0-4E24-823C-8FACD4FAAAFF}
2012-08-05 21:54:22 -------- d-----w- C:\Users\Gery\AppData\Local\{2F58E7F2-7DBB-4A6B-9941-1CFC93B4B401}
2012-08-05 21:54:10 -------- d-----w- C:\Users\Gery\AppData\Local\{AD85D4A6-19F2-4A35-AE3D-096BFAE643E3}
2012-08-05 09:38:51 -------- d-----w- C:\Users\Gery\AppData\Local\{FE4C244B-EE36-45D8-925E-B7F02D5DAA70}
2012-08-05 09:38:44 -------- d-----w- C:\Users\Gery\AppData\Local\{DB263098-7EEC-4B86-9B68-2ADB70311EE2}
2012-08-04 21:32:58 -------- d-----w- C:\Users\Gery\AppData\Local\{46602ECE-B485-4F0A-9440-9C7576F3A2CE}
2012-08-04 21:32:54 -------- d-----w- C:\Users\Gery\AppData\Local\{749B1BE6-9CD6-4818-8269-B19690283680}
2012-08-04 08:43:10 -------- d-----w- C:\Users\Gery\AppData\Local\{DB2CD570-0EAC-44D0-B92C-0D61C3DD86A5}
2012-08-04 08:43:02 -------- d-----w- C:\Users\Gery\AppData\Local\{83E116B8-503F-47F7-9A09-81510DD4751A}
2012-08-03 09:55:50 -------- d-----w- C:\Users\Gery\AppData\Local\{4D0850DE-9E1E-44BA-AD5B-17CE74AD7E0A}
2012-08-03 09:55:38 -------- d-----w- C:\Users\Gery\AppData\Local\{65EB0D61-21C7-44AF-9699-80B180FC7571}
2012-08-02 22:18:03 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-08-02 22:16:41 -------- d-----w- C:\Program Files (x86)\DENON_DJ
2012-08-02 21:54:57 -------- d-----w- C:\Users\Gery\AppData\Local\{6C4C6740-7C53-4296-B01D-37CFF5C2AA4B}
2012-08-02 21:54:56 -------- d-----w- C:\Users\Gery\AppData\Local\{B5D1820E-DA5E-480A-B67E-F169FB2AEDDE}
2012-08-02 09:39:04 -------- d-----w- C:\Users\Gery\AppData\Local\{C15BCE5A-E746-4AAD-A1B8-9842EBFC893F}
2012-08-02 09:39:00 -------- d-----w- C:\Users\Gery\AppData\Local\{2DF48DD4-C271-4D7E-8C12-00C8744960C1}
2012-08-01 21:14:35 -------- d-----w- C:\Users\Gery\AppData\Local\{2E957B1A-D723-45FF-BFC8-05ACCB2AD473}
2012-08-01 21:14:34 -------- d-----w- C:\Users\Gery\AppData\Local\{0EFA426E-AF17-4182-AE51-EADA809AB1A2}
2012-08-01 06:34:57 -------- d-----w- C:\Users\Gery\AppData\Local\{3B5C0F96-B250-45A6-9D40-6AA6A8418E8A}
2012-08-01 06:34:52 -------- d-----w- C:\Users\Gery\AppData\Local\{D0277F1E-B886-49AA-8B04-F91E285B7E12}
2012-07-31 22:52:26 -------- d-----w- C:\Users\Gery\AppData\Local\{71448AD2-BE62-4435-8F22-EED3388BAD20}
2012-07-31 10:09:43 -------- d-----w- C:\Users\Gery\AppData\Local\{5AA06D6E-C93C-4E6E-9B78-AC7CEC490CDD}
2012-07-31 10:09:42 -------- d-----w- C:\Users\Gery\AppData\Local\{17604D88-EE7A-4600-9320-279824CE38AC}
2012-07-30 21:25:04 -------- d-----w- C:\Users\Gery\AppData\Local\{4C69DB61-08DA-4C07-A3C2-BCAA8D4A1808}
2012-07-30 21:24:59 -------- d-----w- C:\Users\Gery\AppData\Local\{9BF63CAC-86D0-4E95-85A7-72759B3B1379}
2012-07-30 07:26:23 -------- d-----w- C:\Users\Gery\AppData\Local\{0B5A63F6-3B33-420C-B163-B5E7A77ECBB6}
2012-07-30 07:26:17 -------- d-----w- C:\Users\Gery\AppData\Local\{73CB8245-98B9-4E30-9022-8E5254398CEB}
2012-07-29 09:26:15 -------- d-----w- C:\Users\Gery\AppData\Local\{2E4C687E-041A-40E2-9BF0-720C08C2C264}
2012-07-29 09:26:13 -------- d-----w- C:\Users\Gery\AppData\Local\{A0FCB44E-9428-4D9D-B1BE-6E3AAF79FA30}
2012-07-28 21:21:50 -------- d-----w- C:\Users\Gery\AppData\Local\{B0B74549-7BFE-49CC-8CA3-E78F86622A3B}
2012-07-28 21:21:38 -------- d-----w- C:\Users\Gery\AppData\Local\{DE5B26D0-BC7C-4678-AA56-95EE3778870C}
2012-07-28 08:16:58 -------- d-----w- C:\Users\Gery\AppData\Local\{E5609D1A-F3D1-4176-ABD4-DDB9A6345E72}
2012-07-28 08:16:55 -------- d-----w- C:\Users\Gery\AppData\Local\{C4CE5575-56E4-4B81-ACE5-BA81F63FF01F}
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 10:26:59 -------- d-----w- C:\Users\Gery\AppData\Local\{EE29FA1B-B4C0-498A-9C6C-FB4076B20171}
2012-07-27 10:26:43 -------- d-----w- C:\Users\Gery\AppData\Local\{C8EB4E69-DA9C-4628-A869-825C84E7DABF}
2012-07-26 20:38:13 -------- d-----w- C:\Users\Gery\AppData\Local\{9BF863E9-EBAC-4A1D-96CF-005AE3EE65E2}
2012-07-26 20:38:09 -------- d-----w- C:\Users\Gery\AppData\Local\{2F46C12B-6922-4223-BC59-3F7B53A8CE26}
2012-07-26 19:08:08 -------- d-----w- C:\Users\Gery\AppData\Local\{BD13114C-C3E0-4BEA-AF37-4F3402033583}
2012-07-26 19:08:05 -------- d-----w- C:\Users\Gery\AppData\Local\{5F04A03B-E8B4-4959-BD2F-84427D09FAD4}
2012-07-26 06:36:57 -------- d-----w- C:\Users\Gery\AppData\Local\{BCD4D358-BD57-47E5-8BC1-8AE182F38998}
2012-07-26 06:36:56 -------- d-----w- C:\Users\Gery\AppData\Local\{7672B711-9151-49D2-9C45-C7D724D62B55}
2012-07-25 12:54:42 -------- d-----w- C:\Users\Gery\AppData\Local\{98741AC5-8177-42D1-A792-B1C485626696}
2012-07-25 12:54:27 -------- d-----w- C:\Users\Gery\AppData\Local\{C1716F87-7CA8-4837-8A7F-C6143A6DAC78}
.
==================== Find3M ====================
.
2012-08-23 16:48:29 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-23 16:48:29 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 11:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-11 11:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-11 11:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-11 11:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-11 11:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-11 11:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-11 11:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-11 11:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-10 01:11:03 286720 ------w- C:\Windows\Setup1.exe
2012-06-10 01:11:02 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-06-06 18:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 09:32:29 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
.
============= FINISH: 14:47:27,04 ===============

swake · 24 aug 2012

Graag ook HijackThis log en resultaten van Mbam.
Je hebt nog een verouderde Java genstalleerd staan die beveiligingslekken bevat.
Controleer hier de geschikte java versie voor uw systeem.
Die toolbars zinnen me ook niet.

Gery · 24 aug 2012

java heeft zijnen update gehad...
waar zie jij ( ik zie het niet ) dat ik toolbars heb? ( ik zou nog niet eens weten dat ik dat heb

)
heb ik die nodig ? kan ik dat eraf gooien?
ik laat mbam ne scan doen en dan post ik het...

Qtex · 24 aug 2012

ik zie ook nergens een vermelding van een toolbar ??

ik blijf die virussen krijgen ...

Gery

DDragon80

Beheerder

Qtex

Beheerder

Gery

swake

Niet meer actief

J.W.

Steunend lid

swake

Niet meer actief

Gery

Gery

DDragon80

Beheerder

swake

Niet meer actief

Gery

swake

Niet meer actief

Gery

Qtex

Beheerder