Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Firefox opend spontaan nieuwe pagina's

None
14 antwoorden
  • Sinds een paar dagen opend Firefox ongewenste pagina's zoals gambling.

    Ik heb Windows 7 Ultimate 32 bits en gebruik Avast home version 5.0.

    Een scan met Malwarebytes en Spybot S&D (laatste versie) heeft niets opgeleverd. Misschien kan iemand mijn HJT logje bekijken?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:20:55, on 24-5-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\OO Software\Defrag\oodtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\totalcmd\TOTALCMD.EXE
    C:\Program Files\aMSN\bin\wish.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32
    vHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc…ash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Gebruiker\AppData\Local\CrossLoop\CrossLoopService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: uvnc_service - UltraVNC - C:\Users\Gebruiker\AppData\Local\CrossLoop\winvnc.exe


    End of file - 6803 bytes

    [/color:2d852ce9f8]
    Bedankt!
  • Misschien is er iets mis met je toetsenbord (CTRL+T) dat daarom Firefox al die nieuwe pagina's opent? :? Hoe lang heb je em al?(PC + Toetsenbord)
  • Het is een laptop en het zijn steeds reclame achtige pagina's met wisselende inhoud die ongevraagd worden geopend (m.a.w. echt malware gedrag) en geen lege pagina's die je met ctrl+t krijgt.
  • Ik zie niks bijzonders in het logje.
  • Inderdaad, het was een tijdje rustig maar zojuist verscheen er weer een ongevraagde pagina:
    http://www.blinkx.com/category/viral?adid=02-107-226-300-404-x-541&p=1

    :o Erg vreemd !
  • Maak even als administrator een nieuw HijackThis logje aub,.
  • Zojuist werd een nieuwe pagina geopend:

    http://cyprus.org/search.php

    Ik heb HJT opgestart als administrator (hoewel mijn account al administrator rechten heeft).

    Hier is het nieuwe logje:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:31:53, on 1-6-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\OO Software\Defrag\oodtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\totalcmd\TOTALCMD.EXE
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32
    vHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Gebruiker\AppData\Local\CrossLoop\CrossLoopService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: uvnc_service - UltraVNC - C:\Users\Gebruiker\AppData\Local\CrossLoop\winvnc.exe


    End of file - 6905 bytes
  • Zie niks bijzonders wat dat kan veroorzaken

    Download [b:dab1e4cdb3]Combofix[/color:dab1e4cdb3][/b:dab1e4cdb3] naar je Bureaublad en gebruik het volgens deze handleiding.

    [i:dab1e4cdb3]OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en [b:dab1e4cdb3]download Combofix opnieuw[/b:dab1e4cdb3].
    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen![/color:dab1e4cdb3][/i:dab1e4cdb3][list:dab1e4cdb3][*:dab1e4cdb3]Dubbelklik op [b:dab1e4cdb3]Combofix.exe[/b:dab1e4cdb3] om het te starten.
    [*:dab1e4cdb3][i:dab1e4cdb3]Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.[/i:dab1e4cdb3]
    [*:dab1e4cdb3]Klik op [b:dab1e4cdb3]OK[/b:dab1e4cdb3] in het "NirCmd" venstertje.
    [*:dab1e4cdb3]Klik na afloop terug op [b:dab1e4cdb3]Ja[/b:dab1e4cdb3] om het scannen op malware te starten.
    [*:dab1e4cdb3]Tijdens het runnen van de fix, [b:dab1e4cdb3]NIET[/b:dab1e4cdb3] in het venster klikken, want dit zal je pc doen vasthangen.
    [*:dab1e4cdb3]Wanneer de fix voltooid is en na herstart, zal de log [b:dab1e4cdb3]Combofix.txt[/b:dab1e4cdb3] openen.[/list:u:dab1e4cdb3]Post dit logje in je volgende antwoord
  • Er was een rootkit aangetroffen, na ca. 3 keer opnieuw rebooten kwam deze log:

    ComboFix 10-06-01.01 - Gebruiker 02-06-2010 6:37.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.3070.2316 [GMT 2:00]
    Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    * Nieuw herstelpunt werd aangemaakt
    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\90210.exe
    c:\windows\system32\Thumbs.db

    Besmet exemplaar van c:\windows\system32\DRIVERS\intelide.sys werd aangetroffen en gedesinfecteerd
    Hersteld exemplaar van - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_6acd47459c3a74fb\intelide.sys
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2010-05-02 to 2010-06-02 ))))))))))))))))))))))))))))))
    .

    2010-06-02 04:43 . 2010-06-02 04:45 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
    2010-06-02 04:43 . 2010-06-02 04:43 ——– d—–w- c:\users\Esmee\AppData\Local\temp
    2010-06-02 04:43 . 2010-06-02 04:43 ——– d—–w- c:\users\Default\AppData\Local\temp
    2010-05-31 11:59 . 2010-05-31 11:59 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Foxit Software
    2010-05-31 11:21 . 2010-05-31 11:21 ——– d–h–w- c:\users\Gebruiker\InstallAnywhere
    2010-05-31 11:00 . 2010-05-31 11:19 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\FileZilla
    2010-05-31 11:00 . 2010-05-31 11:00 ——– d—–w- c:\program files\FileZilla FTP Client
    2010-05-31 07:08 . 2010-05-31 07:08 ——– d—–w- c:\program files\BlueFish2.0
    2010-05-29 12:11 . 2010-05-29 12:11 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Download Manager
    2010-05-29 11:24 . 2010-05-29 11:24 ——– d—–w- c:\program files\3Com
    2010-05-29 11:23 . 1997-11-19 13:49 303616 —-a-w- c:\windows\IsUninst.exe
    2010-05-27 17:29 . 2010-05-27 17:29 ——– d—–w- c:\users\Gebruiker\AppData\Local\Apps
    2010-05-26 19:52 . 2010-05-26 20:01 ——– d—–w- c:\temp\passwfox
    2010-05-25 20:30 . 2010-05-25 20:30 89831 —-a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\Uninstall.exe
    2010-05-25 20:29 . 2010-06-02 04:45 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Dropbox
    2010-05-24 17:34 . 2010-05-24 17:34 388096 —-a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-05-24 17:32 . 2010-05-24 17:32 ——– d—–w- c:\program files\Trend Micro
    2010-05-24 15:02 . 2010-05-24 15:02 ——– d—–w- c:\program files\Notepad++
    2010-05-24 15:02 . 2010-05-24 15:02 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Notepad++
    2010-05-22 08:00 . 2010-05-30 17:23 ——– d—–w- c:\programdata\Spybot - Search & Destroy
    2010-05-22 08:00 . 2010-05-22 08:01 ——– d—–w- c:\program files\Spybot - Search & Destroy
    2010-05-22 07:55 . 2010-05-22 07:56 ——– d—–w- c:\program files\FLV Player
    2010-05-21 17:41 . 2010-05-21 17:41 56 —ha-w- c:\windows\system32\ezsidmv.dat
    2010-05-21 17:41 . 2010-05-21 17:41 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\skypePM
    2010-05-21 17:41 . 2010-05-21 18:11 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Skype
    2010-05-21 17:40 . 2010-05-21 17:40 ——– d—–w- c:\program files\Common Files\Skype
    2010-05-21 17:40 . 2010-05-21 17:40 ——– d—–r- c:\program files\Skype
    2010-05-21 17:40 . 2010-05-21 17:40 ——– d—–w- c:\programdata\Skype
    2010-05-15 07:19 . 2010-05-15 07:19 ——– d—–w- c:\program files\Common Files\Java
    2010-05-15 07:19 . 2010-04-12 15:29 411368 —-a-w- c:\windows\system32\deployJava1.dll
    2010-05-09 08:50 . 2010-05-09 08:51 ——– d—–w- c:\temp\advertentie

    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-02 04:42 . 2009-07-14 08:27 723498 —-a-w- c:\windows\system32\perfh013.dat
    2010-06-02 04:42 . 2009-07-14 08:27 142362 —-a-w- c:\windows\system32\perfc013.dat
    2010-05-30 18:30 . 2010-05-30 18:30 0 —ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2010-05-30 17:03 . 2010-03-31 17:39 ——– d—–w- c:\program files\CCleaner
    2010-05-25 14:42 . 2010-03-29 20:08 28219 —-a-w- c:\programdata
    vModes.dat
    2010-05-15 07:19 . 2010-03-31 11:36 ——– d—–w- c:\program files\Java
    2010-05-06 20:59 . 2010-04-30 18:45 165032 —-a-w- c:\windows\system32\aswBoot.exe
    2010-05-06 20:39 . 2010-04-30 18:45 46672 —-a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-05-06 20:39 . 2010-04-30 18:45 164048 —-a-w- c:\windows\system32\drivers\aswSP.sys
    2010-05-06 20:34 . 2010-04-30 18:45 23376 —-a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-05-06 20:34 . 2010-04-30 18:45 51792 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-05-06 20:33 . 2010-04-30 18:45 19024 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-04-30 19:02 . 2010-04-30 19:02 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
    2010-04-30 19:02 . 2010-04-30 19:01 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-30 19:01 . 2010-04-30 19:01 ——– d—–w- c:\programdata\Malwarebytes
    2010-04-30 18:45 . 2010-03-29 16:50 ——– d—–w- c:\programdata\Alwil Software
    2010-04-30 18:28 . 2010-04-30 18:25 ——– d—–w- c:\program files\Folder Lock
    2010-04-30 18:25 . 2010-04-30 18:25 53248 —-a-w- c:\windows\system32\suppdll.dll
    2010-04-30 18:25 . 2010-04-30 18:25 35363 —-a-w- c:\windows\system32\windrvNT.sys
    2010-04-30 18:19 . 2010-04-30 17:25 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\DiskSpaceFan
    2010-04-30 17:25 . 2010-04-30 17:25 ——– d—–w- c:\program files\DiskSpaceFan
    2010-04-29 13:39 . 2010-04-30 19:01 38224 —-a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 13:39 . 2010-04-30 19:01 20952 —-a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-29 11:12 . 2010-04-29 11:12 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Foxit
    2010-04-27 12:07 . 2010-03-29 12:06 ——– d—–w- c:\programdata\Microsoft Help
    2010-04-22 20:52 . 2010-04-22 20:52 ——– d—–w- c:\program files\Image Resizer
    2010-04-14 16:47 . 2010-04-30 18:45 38848 —-a-w- c:\windows\system32\avastSS.scr
    2010-04-11 09:28 . 2010-04-11 09:28 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Nero
    2010-04-09 15:08 . 2010-04-09 15:08 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\UltraVNC
    2010-04-09 10:36 . 2010-04-09 10:36 ——– d—–w- c:\program files\Winamp Detect
    2010-04-09 10:36 . 2010-04-09 10:36 ——– d—–w- c:\program files\Common Files\PX Storage Engine
    2010-04-08 09:19 . 2010-04-08 09:19 ——– d—–w- c:\program files\Alcohol Soft
    2010-04-07 06:17 . 2010-04-07 06:17 ——– d—–w- c:\programdata\Office Genuine Advantage
    2010-04-05 15:07 . 2010-04-05 15:07 ——– d—–w- c:\program files\TechSmith
    2010-04-05 14:46 . 2010-04-05 14:46 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\ThumbsPlus
    2010-04-05 14:45 . 2010-04-05 14:45 ——– d—–w- c:\program files\Thumbs7
    2010-04-05 09:27 . 2010-04-05 09:27 0 —ha-w- c:\windows\system32\drivers\Msft_User_tcwbf_01_09_00.Wdf
    2010-04-05 09:27 . 2010-04-05 09:27 0 —ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
    2010-04-05 09:26 . 2010-04-05 09:26 ——– d—–w- c:\program files\Protector Suite
    2010-04-02 08:18 . 2010-04-01 15:32 69 —-a-w- c:\users\Gebruiker\jagex_runescape_preferences2.dat
    2010-04-02 07:53 . 2010-04-01 15:31 41 —-a-w- c:\users\Gebruiker\jagex_runescape_preferences.dat
    2010-04-01 16:21 . 2010-03-29 20:01 108824 —-a-w- c:\users\Gebruiker\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-01 15:32 . 2010-04-01 15:32 0 —-a-w- c:\users\Gebruiker\jagex__preferences3.dat
    2010-03-29 11:46 . 2010-03-29 11:46 0 —-a-w- c:\windows
    sreg.dat
    2010-03-29 08:37 . 2010-03-29 08:37 691696 —-a-w- c:\windows\system32\drivers\sptd.sys
    2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\UC.PIF
    2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\RAR.PIF
    2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\PKZIP.PIF
    2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\PKUNZIP.PIF
    2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\NOCLOSE.PIF
    2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\LHA.PIF
    2010-03-23 05:55 . 2010-04-09 11:26 545 —-a-w- c:\windows\ARJ.PIF
    2010-03-08 21:33 . 2010-04-14 20:49 427520 —-a-w- c:\windows\system32\vbscript.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 –sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 –sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 —-a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 —-a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 —-a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-11 2524416]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]
    "NVHotkey"="c:\windows\system32
    vHotkey.dll" [2008-09-03 96800]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]

    c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
    OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
    @="FSFilter System Recovery"

    R3 c2wts;Claims voor Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-02 13080]
    R3 uvnc_service;uvnc_service;c:\users\Gebruiker\AppData\Local\CrossLoop\winvnc.exe [2009-12-06 1590216]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-03-29 691696]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-05-06 51792]
    S2 CrossLoopService;CrossLoop Service;c:\users\Gebruiker\AppData\Local\CrossLoop\CrossLoopService.exe [2010-02-15 560792]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S3 netw5v32;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS
    etw5v32.sys [2009-07-13 4231168]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]

    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\v95kgr8e.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - prefs.js: keyword.URL -
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins
    pwachk.dll

    —- FIREFOX POLICIES —-
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    - - - - ORPHANS VERWIJDERD - - - -

    Toolbar-Locked - (no file)
    SafeBoot-dmboot.sys
    SafeBoot-dmio.sys
    SafeBoot-dmload.sys
    SafeBoot-dmadmin
    SafeBoot-dmserver
    SafeBoot-SRService


    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG12.00.00.01PROFESSIONAL"="D4A47D5057CE58E9EBAC20D7A1261992F0E068B2379FF9944ACB7F9B4FD9CE7007130BDC4599C1B4540504E25907258011FB0D240236E0C55E8F67534E7866EF5091ECE4DD0EB4C8256421615C98F2BA1494CC8C166611D7214FB0D81D09063A8F20C1AB79C1103255FE76F16B340FBB2AB5A6873F7166501F0EFBE2AE537B85CA526BA653A1B1F1839DC8E92C8A8971AAFBE2E5AA6C44AC85DDB0E1D8EE1977A7D113018D6A7DFDEF1F21CF289EF83F8F1C88AB6BBF10D9A7E47776FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CBA7FD869164D6794BA7FD869164D67943BE6865273AE4DA741D13770D000610C8A932CC87EB1EC91649226220AFCA7E5D1ABE15FFA3647CBDFAF01CBF001EAD403C87AB54B499C620E9627E0E59A61FDAFAC553BE33DD4F98B5E70EE07A955E4D54E363E1DC248550DDF7C2C79ED66F5B4688CFC80EF17EEAD3E0483BE1AE398960B4C3699D37302BE7A26A681619841272CB7354609F39C1783BBA1E6859C7CBC3831E607C3E3B06345A6655EEFA285301E0C64CEDD132678B79EDA723449D124635B0A52EDA6629E72867017AB6E20DCB3C181D8D26464E8B73630F800780E0BED44528B450949FA895046513BAD201EB99575C5E31663E1348F99B358FB5A168FEBE1E54B9FCAE16495D6DBD5D3494B4F499E9B1E9EE4C2323C0302C16B95CACFD3D13999C18126B2E78828C919921C69204F0424B75C4E89D2C968D19E50170D832D02DC093CF9F660B149F9F9A72ECE62CDCC2B5EF32A676C418B35354FC7F88474DFD355FCF7071BA1F9D736E7849BDED36900D106E14E2632B829900E131BE69C18D44BFB9B8FB598957053670240E30FED7E1A24618F23D5DC04D7B80DCA3C0C8F46CE23448DD44C9E5E976DF07FC7A2941BFD92FCD608DA0BAAF4B0B4379B2055A58E8F38D4A065395510767FF061233C598B4A6AA07E66FA9A150CE6E1A0281703F7951F0CC4002E980C2F3F82101B65D515F7C5BBB38D085FAA9468A0E7682A82BD3A052EF0AE6A02A1FDA3F0320AB73EADFA8ACED95CAF206C47DF1D1698055BD7B9DA8857757E7EA6F90952ACDF7BD330E81E52A7509592D456D8D450E5455B800174BFB14D2011B86CA98D69039F6E388AC392D4DE800121A6C29942EEA96339330AC93A2327CC38D7295D54CEB4F7A8DAA830206D5B4D54D170121A4896E4C126B8F0305991DB48ED8C545D10726D258C5AA1CA5835E733259B378AF993EA25660155D9437FFBD097BBD3FA09B1621782C92D1B6CC0D849A25C57C97F4C112A3047E77BAB367E00EE8614A36F707CAC55CF71DA6FD53DE4003413934A9186E377D2F1634D9E4843441DA1556ED077D6D125DED695EDC217A5866126BC"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'Explorer.exe'(3668)
    c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\windows\system32
    vvsvc.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\OO Software\Defrag\oodag.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\windows\System32\rundll32.exe
    c:\windows\System32\rundll32.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Voltooingstijd: 2010-06-02 06:48:22 - machine werd herstart
    ComboFix-quarantined-files.txt 2010-06-02 04:48

    Pre-Run: 82.902.192.128 bytes beschikbaar
    Post-Run: 82.705.190.912 bytes beschikbaar

    - - End Of File - - 5CF383948DB979114BB386F55729DA94
  • 1. Sommige cd-emulators kunnen het interpreteren van de logs bemoeilijken.
    We zullen deze daarom tijdelijk uitschakelen.
    [list:ac51dfc1c6][*:ac51dfc1c6]Download [b:ac51dfc1c6]Defogger[/color:ac51dfc1c6][/b:ac51dfc1c6] en plaats het op je bureaublad.[*:ac51dfc1c6]Dubbelklik op Defogger.exe om de tool te starten.[*:ac51dfc1c6]In het scherm dat verschijnt klik je op de knop "Disable".[*:ac51dfc1c6]In het volgende scherm klik je op Ja (Yes) om verder te gaan.[*:ac51dfc1c6]Wacht tot je de melding 'Finished' krijgt en klik in dat scherm op "Ok".[*:ac51dfc1c6]Indien DeFogger vraagt om de computer te herstarten doe je dit.[/list:u:ac51dfc1c6]
    [b:ac51dfc1c6][u:ac51dfc1c6]NOTA:[/u:ac51dfc1c6][/b:ac51dfc1c6] Krijg je een foutmelding wanneer je Defogger gebruikt, dan zoek je op het bureaublad naar het bestand [b:ac51dfc1c6]defogger_disable [/b:ac51dfc1c6]en post je de inhoud van dit bestand.

    [i:ac51dfc1c6]CD-emulator software kan je weer inschakelen met behulp van Defogger door de tool te starten en op de knop "Re-enable" te klikken.
    Dit doe je pas wanneer we volledig klaar zijn met de analyse van de computer.[/i:ac51dfc1c6]


    2.Download TDSSKiller.zip, unzip het en plaats het op je bureaublad: http://support.kaspersky.com/downloads/utils/tdsskiller.zip

    Open een kladblokbestand.
    Kopieer onderstaande code in dit kladblokbestand.

    [b:ac51dfc1c6]@ECHO OFF
    TDSSKiller.exe -l report.txt -v
    DEL %0[/b:ac51dfc1c6]

    Ga naar Bestand - Opslaan als.
    Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.
    Bij "Bestandsnaam" zet je: start.bat
    Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
    Klik op de knop Opslaan.
    Daarna, Dubbelklik op start.bat
    Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.
    Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt. (eventueel na een reboot)
  • Na een hele dag zonder internet (telefoonkabel in de straat kapot getrokken tijdens graafwerkzaamheden voor de deur), kan ik eindelijk het logje plaatsen:

    21:41:13:961 3308 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
    21:41:13:961 3308 ================================================================================
    21:41:13:961 3308 SystemInfo:

    21:41:13:961 3308 OS Version: 6.1.7600 ServicePack: 0.0
    21:41:13:961 3308 Product type: Workstation
    21:41:13:961 3308 ComputerName: GEBRUIK-P3BSN3Q
    21:41:13:962 3308 UserName: Gebruiker
    21:41:13:962 3308 Windows directory: C:\Windows
    21:41:13:962 3308 Processor architecture: Intel x86
    21:41:13:962 3308 Number of processors: 2
    21:41:13:962 3308 Page size: 0x1000
    21:41:13:963 3308 Boot type: Normal boot
    21:41:13:963 3308 ================================================================================
    21:41:18:430 3308 Initialize success
    21:41:18:431 3308
    21:41:18:431 3308 Scanning Services …
    21:41:20:525 3308 Raw services enum returned 466 services
    21:41:20:534 3308
    21:41:20:534 3308 Scanning Drivers …
    21:41:21:738 3308 1394ohci (dc43c521a067ca9c6644c9ada3d7e824) C:\Windows\system32\DRIVERS\1394ohci.sys
    21:41:21:816 3308 ACPI (c69d550c6b3f8f32913e7e5200de8dd9) C:\Windows\system32\DRIVERS\ACPI.sys
    21:41:21:850 3308 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    21:41:21:886 3308 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    21:41:21:903 3308 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    21:41:21:917 3308 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    21:41:22:004 3308 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    21:41:22:028 3308 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    21:41:22:053 3308 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    21:41:22:065 3308 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    21:41:22:093 3308 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    21:41:22:105 3308 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    21:41:22:119 3308 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    21:41:22:131 3308 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    21:41:22:143 3308 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    21:41:22:156 3308 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    21:41:22:187 3308 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    21:41:22:213 3308 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    21:41:22:227 3308 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    21:41:22:239 3308 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    21:41:22:269 3308 aswFsBlk (1b6ed99291ddf5d2501554cc5757aab6) C:\Windows\system32\drivers\aswFsBlk.sys
    21:41:22:281 3308 aswMonFlt (58254e06b36b984e33ae314c0ea8f1a5) C:\Windows\system32\drivers\aswMonFlt.sys
    21:41:22:293 3308 aswRdr (3e2b6112d2766f87eda8466fde86a986) C:\Windows\system32\drivers\aswRdr.sys
    21:41:22:319 3308 aswSP (d78b644816db540e103d0b0766fd9967) C:\Windows\system32\drivers\aswSP.sys
    21:41:22:364 3308 aswTdi (606d731008d98b6ef946730c597c1642) C:\Windows\system32\drivers\aswTdi.sys
    21:41:22:383 3308 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    21:41:22:411 3308 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    21:41:22:452 3308 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    21:41:22:483 3308 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    21:41:22:502 3308 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    21:41:22:532 3308 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    21:41:22:560 3308 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    21:41:22:571 3308 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    21:41:22:590 3308 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    21:41:22:620 3308 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    21:41:22:643 3308 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    21:41:22:668 3308 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:41:22:690 3308 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    21:41:22:722 3308 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
    21:41:22:747 3308 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    21:41:22:773 3308 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
    21:41:22:806 3308 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
    21:41:22:831 3308 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
    21:41:22:920 3308 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    21:41:22:989 3308 cdrom (bb63132c854bc53d2826f4d4b92c9c35) C:\Windows\system32\DRIVERS\cdrom.sys
    21:41:23:010 3308 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    21:41:23:057 3308 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    21:41:23:082 3308 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    21:41:23:110 3308 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    21:41:23:184 3308 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    21:41:23:209 3308 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    21:41:23:233 3308 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    21:41:23:254 3308 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    21:41:23:329 3308 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    21:41:23:380 3308 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    21:41:23:399 3308 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    21:41:23:425 3308 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    21:41:23:466 3308 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    21:41:23:498 3308 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    21:41:23:591 3308 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    21:41:23:637 3308 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    21:41:23:661 3308 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    21:41:23:692 3308 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    21:41:23:715 3308 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    21:41:23:745 3308 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    21:41:23:799 3308 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    21:41:23:811 3308 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    21:41:23:832 3308 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    21:41:23:869 3308 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    21:41:23:883 3308 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    21:41:23:895 3308 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    21:41:23:924 3308 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    21:41:23:951 3308 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    21:41:23:976 3308 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    21:41:24:016 3308 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    21:41:24:038 3308 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:41:24:055 3308 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    21:41:24:093 3308 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    21:41:24:114 3308 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    21:41:24:133 3308 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    21:41:24:147 3308 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    21:41:24:178 3308 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    21:41:24:211 3308 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    21:41:24:224 3308 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    21:41:24:252 3308 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    21:41:24:266 3308 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    21:41:24:310 3308 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    21:41:24:339 3308 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    21:41:24:359 3308 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:41:24:386 3308 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    21:41:24:411 3308 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    21:41:24:423 3308 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    21:41:24:436 3308 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    21:41:24:464 3308 iScsiPrt (d7084bacaf91e339bfcb5c777628eb57) C:\Windows\system32\DRIVERS\msiscsi.sys
    21:41:24:477 3308 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    21:41:24:496 3308 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    21:41:24:524 3308 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
    21:41:24:566 3308 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    21:41:24:617 3308 KSecPkg (ebcc522bf6ee19dddfa00057e1d52039) C:\Windows\system32\Drivers\ksecpkg.sys
    21:41:24:641 3308 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    21:41:24:656 3308 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    21:41:24:668 3308 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    21:41:24:681 3308 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    21:41:24:709 3308 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    21:41:24:727 3308 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    21:41:24:740 3308 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    21:41:24:768 3308 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    21:41:24:797 3308 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    21:41:24:822 3308 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    21:41:24:845 3308 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    21:41:24:864 3308 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    21:41:24:927 3308 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    21:41:24:941 3308 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    21:41:24:967 3308 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    21:41:24:998 3308 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    21:41:25:044 3308 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:41:25:073 3308 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:41:25:093 3308 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:41:25:105 3308 msahci (cb5d37e91135b0f15cee64d1f1ba5de5) C:\Windows\system32\DRIVERS\msahci.sys
    21:41:25:136 3308 msdsm (289c7e27570d1c720f05ce301453caae) C:\Windows\system32\DRIVERS\msdsm.sys
    21:41:25:163 3308 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    21:41:25:187 3308 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    21:41:25:222 3308 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    21:41:25:247 3308 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    21:41:25:271 3308 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    21:41:25:298 3308 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    21:41:25:349 3308 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    21:41:25:372 3308 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    21:41:25:420 3308 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    21:41:25:445 3308 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    21:41:25:493 3308 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    21:41:25:518 3308 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS
    wifi.sys
    21:41:25:563 3308 NDIS (eee89ed812dea8ead72bd35e8a36ab67) C:\Windows\system32\drivers
    dis.sys
    21:41:25:595 3308 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS
    discap.sys
    21:41:25:618 3308 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS
    distapi.sys
    21:41:25:639 3308 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS
    disuio.sys
    21:41:25:665 3308 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS
    diswan.sys
    21:41:25:686 3308 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    21:41:25:723 3308 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS
    etbios.sys
    21:41:25:776 3308 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS
    etbt.sys
    21:41:25:898 3308 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS
    etw5v32.sys
    21:41:25:996 3308 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS
    frd960.sys
    21:41:26:026 3308 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    21:41:26:075 3308 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers
    siproxy.sys
    21:41:26:127 3308 Ntfs (464d40a87e3217de8e376ba75cdf217b) C:\Windows\system32\drivers\Ntfs.sys
    21:41:26:157 3308 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    21:41:26:348 3308 nvlddmkm (64fa050c9ce122792eed58b275d07c55) C:\Windows\system32\DRIVERS
    vlddmkm.sys
    21:41:26:483 3308 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS
    vraid.sys
    21:41:26:500 3308 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS
    vstor.sys
    21:41:26:526 3308 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS
    v_agp.sys
    21:41:26:573 3308 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys
    21:41:26:595 3308 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys
    21:41:26:615 3308 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    21:41:26:645 3308 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    21:41:26:697 3308 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    21:41:26:720 3308 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    21:41:26:772 3308 pci (80a4748a0304715c29093311795ac448) C:\Windows\system32\DRIVERS\pci.sys
    21:41:26:799 3308 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    21:41:26:830 3308 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    21:41:26:868 3308 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    21:41:26:899 3308 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    21:41:26:936 3308 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    21:41:26:965 3308 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    21:41:27:020 3308 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    21:41:27:066 3308 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    21:41:27:085 3308 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    21:41:27:099 3308 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    21:41:27:130 3308 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    21:41:27:170 3308 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:41:27:196 3308 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:41:27:215 3308 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    21:41:27:235 3308 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    21:41:27:315 3308 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    21:41:27:359 3308 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    21:41:27:372 3308 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:41:27:406 3308 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    21:41:27:427 3308 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    21:41:27:477 3308 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    21:41:27:533 3308 RDPWD (2ac60bd1ee821c8892d46271d6474d07) C:\Windows\system32\drivers\RDPWD.sys
    21:41:27:594 3308 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    21:41:27:633 3308 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
    21:41:27:669 3308 rimmptsk (c2ef513bbe069f0d4ee0938a76f975d3) C:\Windows\system32\DRIVERS\rimmptsk.sys
    21:41:27:686 3308 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\DRIVERS\rimsptsk.sys
    21:41:27:709 3308 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\DRIVERS\rixdptsk.sys
    21:41:27:738 3308 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    21:41:27:757 3308 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    21:41:27:781 3308 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    21:41:27:795 3308 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    21:41:27:826 3308 sdbus (882a3e55b88a15d4ad9c0b0c62e0bb8b) C:\Windows\system32\DRIVERS\sdbus.sys
    21:41:27:847 3308 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    21:41:27:868 3308 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    21:41:27:895 3308 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    21:41:27:916 3308 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    21:41:27:936 3308 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    21:41:27:955 3308 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    21:41:27:973 3308 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
    21:41:27:986 3308 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    21:41:28:012 3308 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    21:41:28:025 3308 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    21:41:28:050 3308 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    21:41:28:076 3308 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    21:41:28:104 3308 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    21:41:28:150 3308 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    21:41:28:178 3308 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
    21:41:28:211 3308 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
    21:41:28:240 3308 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
    21:41:28:271 3308 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    21:41:28:333 3308 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    21:41:28:361 3308 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    21:41:28:385 3308 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    21:41:28:517 3308 Tcpip (3150be335a434df229cd82f9ab044a8a) C:\Windows\system32\drivers\tcpip.sys
    21:41:28:554 3308 TCPIP6 (3150be335a434df229cd82f9ab044a8a) C:\Windows\system32\DRIVERS\tcpip.sys
    21:41:28:591 3308 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    21:41:28:612 3308 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    21:41:28:636 3308 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    21:41:28:688 3308 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    21:41:28:722 3308 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    21:41:28:747 3308 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:41:28:778 3308 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    21:41:28:797 3308 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    21:41:28:822 3308 udfs (2efee45a340e1590e37c2f2bac16d051) C:\Windows\system32\DRIVERS\udfs.sys
    21:41:28:848 3308 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    21:41:28:871 3308 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys
    21:41:28:893 3308 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    21:41:28:918 3308 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    21:41:28:947 3308 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    21:41:28:977 3308 usbehci (0eeedd78c2bedac75e8ed1ba8d77878b) C:\Windows\system32\DRIVERS\usbehci.sys
    21:41:29:008 3308 usbhub (ba50148445e5b2b3abdba208fc9b6fb5) C:\Windows\system32\DRIVERS\usbhub.sys
    21:41:29:034 3308 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    21:41:29:081 3308 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    21:41:29:105 3308 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:41:29:117 3308 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    21:41:29:153 3308 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
    21:41:29:199 3308 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    21:41:29:221 3308 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    21:41:29:240 3308 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    21:41:29:268 3308 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    21:41:29:289 3308 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    21:41:29:328 3308 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    21:41:29:376 3308 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    21:41:29:410 3308 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    21:41:29:440 3308 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    21:41:29:491 3308 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    21:41:29:583 3308 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    21:41:29:626 3308 volsnap (70f41d1ebdd9ee6ed2fd0fc05aa1fc13) C:\Windows\system32\DRIVERS\volsnap.sys
    21:41:29:655 3308 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    21:41:29:669 3308 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
    21:41:29:697 3308 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    21:41:29:728 3308 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    21:41:29:731 3308 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    21:41:29:746 3308 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    21:41:29:816 3308 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    21:41:29:834 3308 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    21:41:29:860 3308 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    21:41:29:897 3308 windrvNT (ce291805cb4cd561a5a569df4e28e41f) C:\Windows\system32\windrvNT.sys
    21:41:29:940 3308 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUSB.sys
    21:41:29:963 3308 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    21:41:29:978 3308 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    21:41:30:007 3308 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    21:41:30:027 3308 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    21:41:30:069 3308 yukonw7 (30b73eb97218a16cbc6de535782a1b35) C:\Windows\system32\DRIVERS\yk62x86.sys
    21:41:30:072 3308
    21:41:30:072 3308 Completed
    21:41:30:073 3308
    21:41:30:073 3308 Results:
    21:41:30:073 3308 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    21:41:30:073 3308 File objects infected / cured / cured on reboot: 0 / 0 / 0
    21:41:30:074 3308
    21:41:30:076 3308 KLMD(ARK) unloaded successfully
  • Kunnen ze niet eens meer een gaatje graven zonder de boel te slopen :evil:

    Wil je even een nieuw HijackThis logje plaatsen en vertellen hoe het nu gaat ?
  • Beste justerr,

    Hartelijk dank voor de hulp. De gebruikte tools zijn verbluffend doeltreffend gebleken! Ik heb sinds deze undercover operatie geen last meer van vervelende pagina's ! Ik had geen idee dat ik een Rootkit onder de leden had :)

    Hier nog een laatste logje:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:33:49, on 3-6-2010
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\OO Software\Defrag\oodtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Users\Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32
    vHotkey.dll,Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Dropbox.lnk = Gebruiker\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Gebruiker\AppData\Local\CrossLoop\CrossLoopService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32
    vvsvc.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: uvnc_service - UltraVNC - C:\Users\Gebruiker\AppData\Local\CrossLoop\winvnc.exe


    End of file - 6278 bytes
  • Beter zo inderdaad.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.