Vraag & Antwoord
Documenten verdwenen
38 antwoorden
- Ik had dit bericht als staan bij OS windows maar het is blijkbaar een virus. Hier het probleem dat ik daar plaatste: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1480933#1480933
Sinds een paar dagen is mijn hele bibliotheek 'documenten' leeg. Alle bestanden die er in stonden kon ik nergens meer vinden. Uit eindelijk heb ik via het programmaatje Recuva wel het één en ander terug gevonden. Alle files die in me documenten map stonden zijn verplaatst naar me itunes muziek map maar allemaal op verschillende plaatsen. De word bestanden staan bij de album hoesen. En andere bestanden weer bij podcast of zo iets dergelijks. De bestanden kan ik tot nu toe alleen maar via Recuva terug plaatsen bij me documenten en op de plaats die Recuva aangeeft zie ik alleen maar 1 enkel ITC2 bestand.
Heeft iemand misschien een idee hoe het heeft kunnen gebeuren dat alles is verplaatst? en is er een mogelijkheid dat ik hele mappen terug kan plaatsen? Ik had namelijk ook mappen van minecraft servers er in staan, en het is een beetje lastig werk om alle goede bestandjes daarvan zelf terug te plaatsen in een map
Aoria
OS Windows 7 Home Premium - Hallo Aoria , dan gaan we beginnen.
- Hier de logs:
DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by SVEN at 10:08:05 on 2012-05-11
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3327.1991 [GMT 2:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" –auto-start
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-versie\TrayServer_nl.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{043FC21C-6F88-477F-A04A-E378708524FA} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{71762DB0-AE34-4C4B-9B5B-83DF2B36CE01} : NameServer = 84.241.226.140 84.241.226.9
TCP: Interfaces\{A2A53ECC-DF3A-45CB-A63A-71AC5D661F50} : NameServer = 84.241.226.140 84.241.226.9
TCP: Interfaces\{BCE0B1FF-D06E-4334-84F1-CEFE637E4FFB} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{BCE0B1FF-D06E-4334-84F1-CEFE637E4FFB}\75F6C6660224F66756E6 : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{BCE0B1FF-D06E-4334-84F1-CEFE637E4FFB}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{1CA1377B-DC1D-4A52-9585-6E06050FAC53}
{43C6D902-A1C5-45c9-91F6-FD9E90337E18}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{CCAC5586-44D7-4c43-B64A-F042461A97D2}
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" –auto-start
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-versie\TrayServer_nl.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\SVEN\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys –> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys –> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" –> C:\Windows\system32\FBAgent.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe –> C:\Windows\system32\atiesrxx.exe [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-12 275912]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2012-2-5 14904]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-2-4 2358656]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-4 3027840]
R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys –> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys –> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys –> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys –> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update-service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-4 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS –> C:\Windows\system32\drivers\AmUStor.SYS [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys –> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-4 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys –> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys –> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys –> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys –> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys –> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe –> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys –> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
.
=============== Created Last 30 ================
.
2012-05-11 07:57:26 ——– d—–w- C:\Users\SVEN\AppData\Local\{5AA87164-FDE5-4E66-ADA4-33C9B4F6ED09}
2012-05-11 07:57:13 ——– d—–w- C:\Users\SVEN\AppData\Local\{22A7FAFA-9154-47D5-9F6D-C41AEACD9CBE}
2012-05-10 14:10:51 ——– d—–w- C:\Program Files (x86)\Common Files\MAGIX Shared
2012-05-10 14:08:18 ——– d—–w- C:\Program Files (x86)\MAGIX
2012-05-10 14:07:46 ——– d—–w- C:\ProgramData\MAGIX
2012-05-10 14:07:41 ——– d—–w- C:\Program Files (x86)\Common Files\MAGIX Services
2012-05-10 14:01:20 ——– d—–w- C:\Users\SVEN\AppData\Roaming\MAGIX
2012-05-10 12:56:01 ——– d—–w- C:\Users\SVEN\AppData\Local\{187224DD-DDF0-49AA-9A2C-B3A7F33904F6}
2012-05-10 12:55:26 ——– d—–w- C:\Users\SVEN\AppData\Local\{72A3DF96-8AAA-4F46-85F0-7C0599D2ACAB}
2012-05-09 14:06:39 ——– d—–w- C:\Program Files (x86)\ASIO4ALL v2
2012-05-09 14:06:25 225280 —-a-w- C:\Windows\SysWow64\rewire.dll
2012-05-09 14:06:25 ——– d—–w- C:\Program Files (x86)\VstPlugins
2012-05-09 14:06:09 1554944 —-a-w- C:\Windows\SysWow64\vorbis.acm
2012-05-09 14:05:56 ——– d—–w- C:\Program Files (x86)\Outsim
2012-05-09 14:01:04 ——– d—–w- C:\Program Files (x86)\Image-Line
2012-05-09 12:04:18 ——– d—–w- C:\Users\SVEN\AppData\Roaming\JAM Software
2012-05-09 12:04:06 ——– d—–w- C:\Program Files (x86)\JAM Software
2012-05-09 11:41:06 ——– d—–w- C:\Users\SVEN\AppData\Local\{7AC56EFC-C203-41C8-85D3-63E35F36FDC1}
2012-05-09 11:40:15 ——– d—–w- C:\Users\SVEN\AppData\Local\{58082EFD-2AC3-4DF4-A523-C7A5D21F421C}
2012-05-09 05:51:26 75632 —-a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 05:51:17 1895280 —-a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 05:51:10 936960 —-a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 05:51:10 1732096 —-a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 05:51:10 1402880 —-a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 05:51:10 1393664 —-a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 05:51:10 1367552 —-a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 12:53:37 ——– d—–w- C:\Users\SVEN\AppData\Local\{AF712721-8B32-42A7-8274-90621D9ED97B}
2012-05-08 12:53:25 ——– d—–w- C:\Users\SVEN\AppData\Local\{2B5E0623-FF1D-42FD-B437-C483F5DB8775}
2012-05-07 18:47:16 ——– d—–w- C:\Users\SVEN\AppData\Local\{94F22789-9D72-487E-AB00-E4D89ECFF6EE}
2012-05-07 18:47:03 ——– d—–w- C:\Users\SVEN\AppData\Local\{C30F7F86-1385-4F39-BBE0-E73AA63FC241}
2012-05-07 06:27:36 ——– d—–w- C:\Users\SVEN\AppData\Local\{728FC4B5-8922-45E1-BDA1-97A1E78FB3B9}
2012-05-07 06:26:50 ——– d—–w- C:\Users\SVEN\AppData\Local\{BD69527B-DAFB-4782-8320-FF862CAFF248}
2012-05-06 22:55:24 ——– d—–w- C:\Users\SVEN\AppData\Local\{5409A3EF-0DE1-4B89-8C0E-4AAAB1042A68}
2012-05-06 22:55:11 ——– d—–w- C:\Users\SVEN\AppData\Local\{1972C54D-46E8-43D3-A410-94482AA4648A}
2012-05-06 20:13:46 ——– d—–w- C:\Program Files (x86)\Convar
2012-05-06 19:51:20 ——– d—–w- C:\Program Files (x86)\ContentaConverter-PREMIUM
2012-05-06 18:58:04 ——– d—–w- C:\Program Files (x86)\Advanced File Fixer 2012
2012-05-06 10:54:47 ——– d—–w- C:\Users\SVEN\AppData\Local\{47C192C0-5C33-4A90-A48C-B843A5D10AC8}
2012-05-06 10:54:23 ——– d—–w- C:\Users\SVEN\AppData\Local\{B2EFF535-1E0F-4AAA-A75A-BFA003B128C3}
2012-04-30 05:41:11 ——– d—–w- C:\Users\SVEN\AppData\Local\{B118C441-512D-4D97-900A-7C0B04C197D5}
2012-04-30 05:40:36 ——– d—–w- C:\Users\SVEN\AppData\Local\{1CC7744E-0C73-4200-B8EA-301A27544762}
2012-04-29 19:50:53 ——– d—–w- C:\ProgramData\vsosdk
2012-04-29 16:18:01 ——– d—–w- C:\Program Files (x86)\VSO
2012-04-29 08:28:55 ——– d—–w- C:\Users\SVEN\AppData\Local\{7AD02797-4B3B-48A1-B27B-3EEC760E867A}
2012-04-29 08:28:09 ——– d—–w- C:\Users\SVEN\AppData\Local\{B7E96EA5-F410-4275-ADE4-55D7DF9D2DE5}
2012-04-28 20:17:17 ——– d—–w- C:\Users\SVEN\AppData\Local\{847FAF7D-D413-4A63-8BC4-A96A2DFD7E3F}
2012-04-28 20:16:41 ——– d—–w- C:\Users\SVEN\AppData\Local\{39187998-A52A-47B4-AEE6-1227941EF8C5}
2012-04-28 08:16:19 ——– d—–w- C:\Users\SVEN\AppData\Local\{1481BBF4-4EF2-42BF-9D0E-C3D8B6818A2A}
2012-04-28 08:15:31 ——– d—–w- C:\Users\SVEN\AppData\Local\{1F47BB6F-7488-4497-9C25-F08FF7CB6468}
2012-04-27 11:22:06 ——– d—–w- C:\Users\SVEN\AppData\Local\{2F3A15D6-A64B-4389-9EC0-232AD5D454E3}
2012-04-27 11:21:52 ——– d—–w- C:\Users\SVEN\AppData\Local\{B09C1B6A-1EA2-41C8-9838-42B94F967CF2}
2012-04-26 17:11:57 ——– d—–w- C:\Program Files\Microsoft Synchronization Services
2012-04-26 17:11:21 ——– d—–w- C:\Windows\PCHEALTH
2012-04-26 17:11:21 ——– d—–w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-04-26 17:09:21 ——– d—–w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-26 17:08:05 ——– d—–w- C:\Program Files\Microsoft Analysis Services
2012-04-26 17:08:05 ——– d—–w- C:\Program Files (x86)\Microsoft Analysis Services
2012-04-26 12:58:45 ——– d—–w- C:\Users\SVEN\AppData\Local\{3F3E9D00-2629-4480-87BD-5CCDBBF4BC2B}
2012-04-26 12:57:56 ——– d—–w- C:\Users\SVEN\AppData\Local\{D3EFD437-F82B-41E9-9D9D-7036F8C21EA1}
2012-04-25 13:02:38 ——– d—–w- C:\Users\SVEN\AppData\Local\{1F8886DC-CE08-403B-A661-25735253C505}
2012-04-25 13:01:49 ——– d—–w- C:\Users\SVEN\AppData\Local\{5B98A645-AF38-400D-8A4C-F6DA22F830A3}
2012-04-24 10:47:41 ——– d—–w- C:\Users\SVEN\AppData\Local\{972D5DAB-6236-428D-9290-DD3AE036D861}
2012-04-24 10:46:54 ——– d—–w- C:\Users\SVEN\AppData\Local\{1493CA23-804B-4217-B502-56A26B5516ED}
2012-04-23 17:22:59 ——– d—–w- C:\Users\SVEN\AppData\Local\{B61D0B56-8ACB-4C93-BCF2-6B4FA9F4C106}
2012-04-23 17:22:09 ——– d—–w- C:\Users\SVEN\AppData\Local\{125417A9-6702-44D7-B9C2-431FD257ADD3}
2012-04-23 05:21:32 ——– d—–w- C:\Users\SVEN\AppData\Local\{19A84147-B599-4EA9-82BB-94E3ED47E967}
2012-04-23 05:20:46 ——– d—–w- C:\Users\SVEN\AppData\Local\{68BB511D-C19C-4760-B307-0402C3E668D3}
2012-04-22 10:07:24 3545088 —-a-w- C:\Windows\System32\drivers\athrx.sys
2012-04-22 09:59:24 95248 —-a-w- C:\Windows\System32\drivers\AtihdW76.sys
2012-04-22 08:45:08 ——– d—–w- C:\Users\SVEN\AppData\Local\{1B82331F-EAA7-448C-92C2-825C2D3FC3D4}
2012-04-22 08:44:16 ——– d—–w- C:\Users\SVEN\AppData\Local\{4D343545-ABAF-42D6-A153-76689D84B68E}
2012-04-21 20:34:53 ——– d—–w- C:\Users\SVEN\AppData\Local\{6712DD15-40D0-4B7E-B960-3D2C0A3D56DD}
2012-04-21 20:34:18 ——– d—–w- C:\Users\SVEN\AppData\Local\{0C1F8317-F83A-4A48-A8BF-5F4939788844}
2012-04-21 08:33:41 ——– d—–w- C:\Users\SVEN\AppData\Local\{8487ABF2-BBD6-401A-B8C1-7299E451F670}
2012-04-21 08:33:05 ——– d—–w- C:\Users\SVEN\AppData\Local\{1F42FEE6-3A7C-49E6-884E-28E9FBD69DA6}
2012-04-20 11:16:37 ——– d—–w- C:\Program Files (x86)\Lame For Audacity
2012-04-20 10:51:21 ——– d—–w- C:\Program Files (x86)\Audacity
2012-04-20 10:45:28 ——– d—–w- C:\Users\SVEN\AppData\Local\{C72F3F57-F152-4418-8065-A1CFEC8489C5}
2012-04-20 10:44:52 ——– d—–w- C:\Users\SVEN\AppData\Local\{74A16C63-03DB-4200-B11E-43045E8FF406}
2012-04-19 18:16:40 ——– d—–w- C:\Users\SVEN\AppData\Local\{A6E9D96E-7C79-43C8-8628-46813A9939DA}
2012-04-19 18:16:05 ——– d—–w- C:\Users\SVEN\AppData\Local\{02675DCE-470D-45E9-B5A8-83CC95A17D60}
2012-04-18 17:33:20 ——– d—–w- C:\Users\SVEN\AppData\Local\{F8113FC2-68BB-44E8-8823-0D0F3312FC92}
2012-04-18 17:32:28 ——– d—–w- C:\Users\SVEN\AppData\Local\{4A906B96-34ED-458B-80B5-86AEA6287AA4}
2012-04-18 05:31:51 ——– d—–w- C:\Users\SVEN\AppData\Local\{68B26D45-E199-4F7F-8AB0-840B62A0430D}
2012-04-18 05:31:02 ——– d—–w- C:\Users\SVEN\AppData\Local\{834F837E-21DB-40E7-880F-FC4996989314}
2012-04-17 12:52:19 ——– d—–w- C:\Users\SVEN\AppData\Local\{1302043A-D438-4E9C-A473-AC3C7DB0A535}
2012-04-17 12:52:05 ——– d—–w- C:\Users\SVEN\AppData\Local\{F3DDC644-C35A-4684-BB54-2A0C1FBDA609}
2012-04-16 14:24:34 ——– d—–w- C:\Users\SVEN\AppData\Local\{D2AA5ED9-CCE9-4C97-B2A4-84CEE303ABB7}
2012-04-16 14:23:46 ——– d—–w- C:\Users\SVEN\AppData\Local\{88D0DC3C-A8E9-4C13-A7B9-77C59D80E174}
2012-04-15 11:58:20 ——– d—–w- C:\Users\SVEN\AppData\Local\{4B24E013-D7CB-4136-A5E3-5CB1BBC81B93}
2012-04-15 11:58:07 ——– d—–w- C:\Users\SVEN\AppData\Local\{0029C5C6-4018-42DF-829C-A824B02CD57E}
2012-04-14 19:26:55 ——– d—–w- C:\Users\SVEN\AppData\Local\{8E378747-3AD5-4767-B532-E4FFFB5BDC3A}
2012-04-14 19:26:19 ——– d—–w- C:\Users\SVEN\AppData\Local\{8B9D3189-E333-49B8-9F29-7A1B49B900AC}
2012-04-14 06:19:36 ——– d—–w- C:\Users\SVEN\AppData\Local\{2C08831D-F84C-4D38-B19D-3CBDC832AB90}
2012-04-14 06:19:00 ——– d—–w- C:\Users\SVEN\AppData\Local\{9E0CBDE4-E7C1-498C-BB10-61905498A236}
2012-04-13 19:03:08 8744608 —-a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 12:56:06 ——– d—–w- C:\Users\SVEN\AppData\Local\{356864B8-B456-4353-A6D0-FE562B8F4575}
2012-04-13 12:55:54 ——– d—–w- C:\Users\SVEN\AppData\Local\{1A36D36A-19F0-4098-87C0-554481BEF0CA}
2012-04-13 12:55:09 ——– d—–w- C:\Windows\nl
2012-04-13 12:42:38 89944 —-a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\DSETUP.dll
2012-04-13 12:42:38 537432 —-a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\DXSETUP.exe
2012-04-13 12:42:38 1801048 —-a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\dsetup32.dll
2012-04-13 12:39:56 ——– d—–w- C:\Users\SVEN\AppData\Local\{9A225CA3-668B-4BEF-A915-92D422BD749C}
2012-04-13 12:39:23 ——– d—–w- C:\Users\SVEN\AppData\Local\{ADF18D3B-CB62-43B8-8A1D-2977C3E98882}
2012-04-13 06:18:59 887296 —-a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-13 06:13:24 ——– d—–w- C:\Users\SVEN\AppData\Local\{DBBC6F09-EE4B-4A8C-A275-EBF145EA4EFC}
2012-04-13 06:11:15 80896 —-a-w- C:\Windows\System32\imagehlp.dll
2012-04-13 06:11:15 22896 —-a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-13 06:11:14 158720 —-a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-13 06:11:12 220672 —-a-w- C:\Windows\System32\wintrust.dll
2012-04-13 06:11:12 172544 —-a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-13 06:11:11 5120 —-a-w- C:\Windows\System32\wmi.dll
2012-04-13 06:11:10 5120 —-a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 13:45:51 ——– d—–w- C:\temp
2012-04-12 13:34:52 ——– d—–w- C:\Users\SVEN\AppData\Local\Trend Micro
2012-04-12 13:33:50 105744 —-a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-04-12 13:33:44 91920 —-a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-04-12 13:33:44 70928 —-a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-04-12 13:33:44 167696 —-a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-04-12 13:31:16 56 —-a-w- C:\Windows\System32\SupportTool.exe.bat
2012-04-12 13:29:56 ——– d—–w- C:\Program Files\Trend Micro
2012-04-12 12:43:31 ——– d—–w- C:\Program Files (x86)\Trend Micro
2012-04-12 09:41:13 ——– d—–w- C:\Users\SVEN\AppData\Local\{92E13872-F99F-4C8B-B3C4-5707F82F3E9B}
2012-04-12 05:36:21 8669240 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDBAC1F0-40F8-44EC-B371-EDF6A51AFBF9}\mpengine.dll
2012-04-11 19:55:00 ——– d—–w- C:\Users\SVEN\AppData\Local\{889E20E8-2B68-48D2-A66E-0D4CF6EC8988}
.
==================== Find3M ====================
.
2012-05-07 06:03:15 419488 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-07 06:03:14 70304 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-08 12:41:29 234768 —-a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-04-08 12:41:29 234768 —-a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-04-08 11:41:23 75136 —-a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-04-02 05:34:04 5504880 —-a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-02 04:46:44 3958128 —-a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 —-a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01:19 3143680 —-a-w- C:\Windows\System32\win32k.sys
2012-03-12 06:27:40 472808 —-a-w- C:\Windows\SysWow64\deployJava1.dll
2012-03-08 16:50:28 49016 —-a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 16:37:20 302448 —-a-w- C:\Windows\WLXPGSS.SCR
2012-03-03 06:29:57 1541120 —-a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 —-a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 —-a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 —-a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 —-a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 —-a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 —-a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 —-a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 —-a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 —-a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-28 06:56:48 2311168 —-a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 —-a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 —-a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 —-a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 —-a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36 279656 ——w- C:\Windows\System32\MpSigStub.exe
2012-02-21 06:42:06 525544 —-a-w- C:\Windows\System32\deployJava1.dll
2012-02-20 16:20:50 21520 —-a-w- C:\Windows\DCEBoot64.exe
2012-02-15 10:01:50 52736 —-a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 10:01:50 4547944 —-a-w- C:\Windows\System32\usbaaplrc.dll
2012-02-15 06:27:54 1031680 —-a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 —-a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 —-a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 —-a-w- C:\Windows\System32\drivers\tdtcp.sys
.
============= FINISH: 10:10:16,97 ===============
MBAM
Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400
www.malwarebytes.org
Databaseversie: v2012.05.11.02
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
SVEN :: SVEN-PC [administrator]
Realtime bescherming: Ingeschakeld
11-5-2012 10:23:18
mbam-log-2012-05-11 (10-23-18).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 202895
Verstreken tijd: 10 minuut/minuten, 6 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde) - We gaan dieper kijken.
[b:7a8f48ce57]Welk programma[/b:7a8f48ce57]: [b:7a8f48ce57]TDSSStarter.exe[/b:7a8f48ce57]
[b:7a8f48ce57]Waarvoor/waarom[/b:7a8f48ce57]: Rootkitscanner
[b:7a8f48ce57]Moeilijkheidsgraad[/b:7a8f48ce57]: geen
Download [b:7a8f48ce57]TDSSStarter[/b:7a8f48ce57] naar het bureaublad.
[b:7a8f48ce57]"TDSSSStarter.exe" gebruiken[/b:7a8f48ce57]:
[list:7a8f48ce57][*:7a8f48ce57] [b:7a8f48ce57] - 12:03:56.0102 0896 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
12:03:56.0117 0896 ============================================================
12:03:56.0117 0896 Current date / time: 2012/05/11 12:03:56.0117
12:03:56.0117 0896 SystemInfo:
12:03:56.0117 0896
12:03:56.0117 0896 OS Version: 6.1.7600 ServicePack: 0.0
12:03:56.0117 0896 Product type: Workstation
12:03:56.0117 0896 ComputerName: SVEN-PC
12:03:56.0117 0896 UserName: SVEN
12:03:56.0117 0896 Windows directory: C:\Windows
12:03:56.0117 0896 System windows directory: C:\Windows
12:03:56.0117 0896 Running under WOW64
12:03:56.0117 0896 Processor architecture: Intel x64
12:03:56.0117 0896 Number of processors: 2
12:03:56.0117 0896 Page size: 0x1000
12:03:56.0117 0896 Boot type: Normal boot
12:03:56.0117 0896 ============================================================
12:04:06.0382 0896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:04:06.0382 0896 ============================================================
12:04:06.0382 0896 \Device\Harddisk0\DR0:
12:04:06.0398 0896 MBR partitions:
12:04:06.0398 0896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x1D1C3000
12:04:06.0413 0896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EF0F000, BlocksNum 0x1B476800
12:04:06.0413 0896 ============================================================
12:04:06.0460 0896 C: <-> \Device\Harddisk0\DR0\Partition0
12:04:06.0522 0896 D: <-> \Device\Harddisk0\DR0\Partition1
12:04:06.0522 0896 ============================================================
12:04:06.0522 0896 Initialize success
12:04:06.0522 0896 ============================================================
12:04:06.0663 0404 ============================================================
12:04:06.0663 0404 Scan started
12:04:06.0663 0404 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
12:04:06.0663 0404 ============================================================
12:04:12.0809 0404 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
12:04:13.0199 0404 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
12:04:13.0277 0404 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
12:04:13.0964 0404 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:04:14.0198 0404 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:04:14.0385 0404 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:04:14.0603 0404 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:04:15.0118 0404 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:04:15.0586 0404 AFBAgent (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
12:04:15.0914 0404 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
12:04:16.0116 0404 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
12:04:16.0226 0404 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:04:16.0350 0404 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
12:04:16.0631 0404 AMD External Events Utility (47adca52f0f75cbfff5ac24b7dc62990) C:\Windows\system32\atiesrxx.exe
12:04:16.0787 0404 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
12:04:16.0896 0404 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:04:17.0052 0404 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:04:17.0146 0404 amdsata (8818a2ab90189b7ff60a24c0847f9a6b) C:\Windows\system32\DRIVERS\amdsata.sys
12:04:17.0302 0404 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:04:17.0442 0404 amdxata (3c430969f097dee18d13010d678069cd) C:\Windows\system32\DRIVERS\amdxata.sys
12:04:17.0786 0404 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
12:04:17.0910 0404 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
12:04:18.0082 0404 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
12:04:18.0285 0404 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:04:18.0503 0404 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
12:04:18.0862 0404 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:04:18.0971 0404 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:04:19.0049 0404 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:04:19.0190 0404 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
12:04:19.0236 0404 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
12:04:19.0330 0404 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:04:19.0455 0404 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
12:04:20.0469 0404 athr (4ef8d5c1c0a02a9d1c2c465ba730ee69) C:\Windows\system32\DRIVERS\athrx.sys
12:04:21.0358 0404 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
12:04:21.0514 0404 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
12:04:28.0425 0404 atikmdag (544256005d11723e89af323ee4f01809) C:\Windows\system32\DRIVERS\atikmdag.sys
12:04:30.0125 0404 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:04:30.0266 0404 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
12:04:30.0297 0404 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - [b:5c7aad2b42] - Dan proberen we het nu: download [b:1edba329e1] naar het bureaublad,
indien jij een melding krijgt, dat het bestand mogelijk onveilig is kunt u dit negeren.
[list:1edba329e1]
[*:1edba329e1] Dubbelklik op "[b:1edba329e1]Unhide.exe[/b:1edba329e1]" om de tool te starten.
[*:1edba329e1] [b:1edba329e1] - Mooi, geen MBR-rootkits.
We gaan naar de volgende stap.
[b:d0574732ae]Welk programma[/b:d0574732ae]: ComboFix
[b:d0574732ae]Waarvoor/waarom[/b:d0574732ae]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
en zo mogelijk op te schonen.
[b:d0574732ae]Moeilijkheidsgraad[/b:d0574732ae]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
[b:d0574732ae]Downloadlokatie[/b:d0574732ae]: Dit programma absoluut naar het bureaublad downloaden!
[b:d0574732ae]Download ComboFix via één van deze locaties[/b:d0574732ae]:
[list:d0574732ae][*:d0574732ae][b:d0574732ae]Bleepingcomputer[/b:d0574732ae]
[*:d0574732ae][b:d0574732ae]ForoSpyware[/b:d0574732ae]
[*:d0574732ae][b:d0574732ae]Geekstogo[/b:d0574732ae][/list:u:d0574732ae]
[b:d0574732ae]Hier[/b:d0574732ae] zie je hoe je ComboFix moet gebruiken.
Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
[b:d0574732ae]Hier[/b:d0574732ae] en [b:d0574732ae]hier[/b:d0574732ae] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
[b:d0574732ae]Voor alle duidelijkheid nogmaals[/b:d0574732ae]: ComboFix dient vanaf het bureaublad gestart te worden.
[b:d0574732ae]Opmerkingen[/b:d0574732ae]:
[list:d0574732ae][*:d0574732ae]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
[*:d0574732ae]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:d0574732ae]
[b:d0574732ae]ComboFix is opgestart[/b:d0574732ae]:
[list:d0574732ae][*:d0574732ae]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
[*:d0574732ae]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
[*:d0574732ae]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
[*:d0574732ae]Wanneer ComboFix gereed is, zal het een logbestand voor je maken.
[*:d0574732ae]Post de inhoud van dit logbestand in je volgende bericht.
[*:d0574732ae]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:d0574732ae]
[b:d0574732ae]Belangrijke opmerking[/b:d0574732ae]:
[list:d0574732ae][*:d0574732ae][b:d0574732ae] - ComboFix 12-05-11.02 - SVEN 11-05-2012 14:59:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3327.1813 [GMT 2:00]
Gestart vanuit: d:\sven files\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\SVEN\AppData\Roaming\vso_ts_preview.xml
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-04-11 to 2012-05-11 ))))))))))))))))))))))))))))))
.
.
2012-05-11 13:44 . 2012-05-11 13:44 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-05-11 10:03 . 2012-05-11 10:06 ——– d—–w- C:\TDSSStarter
2012-05-11 08:20 . 2012-05-11 08:20 ——– d—–w- c:\users\SVEN\AppData\Roaming\Malwarebytes
2012-05-11 08:20 . 2012-05-11 08:20 ——– d—–w- c:\programdata\Malwarebytes
2012-05-11 08:19 . 2012-05-11 08:20 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-11 08:19 . 2012-04-04 13:56 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-05-10 14:10 . 2012-05-10 14:10 ——– d—–w- c:\program files (x86)\Common Files\MAGIX Shared
2012-05-10 14:08 . 2012-05-10 14:09 ——– d—–w- c:\program files (x86)\MAGIX
2012-05-10 14:07 . 2012-05-10 14:19 ——– d—–w- c:\programdata\MAGIX
2012-05-10 14:07 . 2012-05-10 14:09 ——– d—–w- c:\program files (x86)\Common Files\MAGIX Services
2012-05-10 14:01 . 2012-05-10 14:19 ——– d—–w- c:\users\SVEN\AppData\Roaming\MAGIX
2012-05-10 13:44 . 2012-05-10 13:45 ——– d—–w- c:\program files\Recuva
2012-05-09 14:06 . 2012-05-09 14:06 ——– d—–w- c:\program files (x86)\ASIO4ALL v2
2012-05-09 14:06 . 2012-05-09 14:06 ——– d—–w- c:\program files (x86)\VstPlugins
2012-05-09 14:06 . 2006-06-20 08:56 225280 —-a-w- c:\windows\SysWow64\rewire.dll
2012-05-09 14:06 . 2009-09-15 09:14 1554944 —-a-w- c:\windows\SysWow64\vorbis.acm
2012-05-09 14:05 . 2012-05-09 14:05 ——– d—–w- c:\program files (x86)\Outsim
2012-05-09 14:01 . 2012-05-09 14:06 ——– d—–w- c:\program files (x86)\Image-Line
2012-05-09 12:04 . 2012-05-09 12:04 ——– d—–w- c:\users\SVEN\AppData\Roaming\JAM Software
2012-05-09 12:04 . 2012-05-09 12:04 ——– d—–w- c:\program files (x86)\JAM Software
2012-05-09 05:51 . 2012-03-17 07:55 75632 —-a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 05:51 . 2012-03-30 11:09 1895280 —-a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 05:51 . 2012-04-02 05:26 1732096 —-a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 05:51 . 2012-04-02 05:24 1367552 —-a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 05:51 . 2012-04-02 05:24 1402880 —-a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 05:51 . 2012-04-02 05:24 1393664 —-a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 05:51 . 2012-04-02 04:40 936960 —-a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-06 20:13 . 2012-05-06 20:29 ——– d—–w- c:\program files (x86)\Convar
2012-05-06 19:51 . 2012-05-07 05:39 ——– d—–w- c:\program files (x86)\ContentaConverter-PREMIUM
2012-05-06 18:58 . 2012-05-07 05:39 ——– d—–w- c:\program files (x86)\Advanced File Fixer 2012
2012-04-29 19:50 . 2012-04-29 19:50 ——– d—–w- c:\programdata\vsosdk
2012-04-29 16:18 . 2012-04-29 20:08 ——– d—–w- c:\users\SVEN\AppData\Roaming\Vso
2012-04-29 16:18 . 2012-05-07 05:39 ——– d—–w- c:\program files (x86)\VSO
2012-04-26 17:11 . 2012-04-26 17:11 ——– d—–w- c:\program files\Microsoft Synchronization Services
2012-04-26 17:11 . 2012-04-26 17:11 ——– d—–w- c:\windows\PCHEALTH
2012-04-26 17:11 . 2012-04-26 17:11 ——– d—–w- c:\program files\Microsoft Sync Framework
2012-04-26 17:11 . 2012-04-26 17:11 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
2012-04-26 17:09 . 2012-04-26 17:09 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 8
2012-04-26 17:08 . 2012-04-26 17:08 ——– d—–w- c:\program files\Microsoft Analysis Services
2012-04-26 17:08 . 2012-04-26 17:08 ——– d—–w- c:\program files (x86)\Microsoft Analysis Services
2012-04-26 17:06 . 2012-05-07 05:36 ——– d—–r- C:\MSOCache
2012-04-22 10:07 . 2012-04-22 10:07 3545088 —-a-w- c:\windows\system32\drivers\athrx.sys
2012-04-22 09:59 . 2012-04-22 09:59 95248 —-a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-04-20 11:16 . 2012-04-20 11:16 ——– d—–w- c:\program files (x86)\Lame For Audacity
2012-04-20 10:51 . 2012-05-10 16:51 ——– d—–w- c:\users\SVEN\AppData\Roaming\Audacity
2012-04-20 10:51 . 2012-04-20 10:51 ——– d—–w- c:\program files (x86)\Audacity
2012-04-13 19:03 . 2012-05-07 06:03 8744608 —-a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 13:11 . 2012-04-13 13:11 ——– d—–w- c:\users\SVEN\AppData\Roaming\Media Player Classic
2012-04-13 12:55 . 2012-04-13 12:55 ——– d—–w- c:\windows\nl
2012-04-13 12:52 . 2012-04-13 12:52 ——– d—–w- c:\program files\Windows Live
2012-04-13 12:42 . 2012-04-13 12:42 89944 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\DSETUP.dll
2012-04-13 12:42 . 2012-04-13 12:42 537432 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\DXSETUP.exe
2012-04-13 12:42 . 2012-04-13 12:42 1801048 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\dsetup32.dll
2012-04-13 06:18 . 2012-02-28 06:51 887296 —-a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-13 06:11 . 2012-03-01 06:54 22896 —-a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 06:11 . 2012-03-01 06:40 80896 —-a-w- c:\windows\system32\imagehlp.dll
2012-04-13 06:11 . 2012-03-01 05:45 158720 —-a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 06:11 . 2012-03-01 06:45 220672 —-a-w- c:\windows\system32\wintrust.dll
2012-04-13 06:11 . 2012-03-01 05:49 172544 —-a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 06:11 . 2012-03-01 06:35 5120 —-a-w- c:\windows\system32\wmi.dll
2012-04-13 06:11 . 2012-03-01 05:40 5120 —-a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 13:45 . 2012-04-12 13:45 ——– d—–w- C:\temp
2012-04-12 13:34 . 2012-04-12 13:34 ——– d—–w- c:\users\SVEN\AppData\Local\Trend Micro
2012-04-12 13:33 . 2012-04-12 12:43 105744 —-a-w- c:\windows\system32\drivers\tmtdi.sys
2012-04-12 13:33 . 2012-04-12 12:43 91920 —-a-w- c:\windows\system32\drivers\tmactmon.sys
2012-04-12 13:33 . 2012-04-12 12:43 70928 —-a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-04-12 13:33 . 2012-04-12 12:43 167696 —-a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-12 13:31 . 2012-04-12 13:31 56 —-a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-12 13:29 . 2012-04-12 13:30 ——– d—–w- c:\program files\Trend Micro
2012-04-12 12:43 . 2012-04-13 09:33 ——– d—–w- c:\program files (x86)\Trend Micro
2012-04-12 05:36 . 2012-03-14 03:27 8669240 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDBAC1F0-40F8-44EC-B371-EDF6A51AFBF9}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 06:03 . 2012-04-08 13:09 419488 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-07 06:03 . 2012-04-08 13:09 70304 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-08 12:41 . 2012-04-08 12:41 234768 —-a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-08 12:41 . 2012-04-08 11:41 234768 —-a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-08 11:41 . 2012-04-08 11:41 75136 —-a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-12 06:27 . 2012-02-07 15:21 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-08 21:18 . 2012-03-08 21:18 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-08 21:18 . 2012-03-08 21:18 161792 —-a-w- c:\windows\SysWow64\msls31.dll
2012-03-08 21:18 . 2012-03-08 21:18 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-08 21:18 . 2012-03-08 21:18 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-08 21:18 . 2012-03-08 21:18 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
2012-03-08 21:18 . 2012-03-08 21:18 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-08 21:18 . 2012-03-08 21:18 367104 —-a-w- c:\windows\SysWow64\html.iec
2012-03-08 21:18 . 2012-03-08 21:18 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-08 21:18 . 2012-03-08 21:18 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
2012-03-08 21:18 . 2012-03-08 21:18 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
2012-03-08 21:18 . 2012-03-08 21:18 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-08 21:18 . 2012-03-08 21:18 152064 —-a-w- c:\windows\SysWow64\wextract.exe
2012-03-08 21:18 . 2012-03-08 21:18 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
2012-03-08 21:18 . 2012-03-08 21:18 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-08 21:18 . 2012-03-08 21:18 11776 —-a-w- c:\windows\SysWow64\mshta.exe
2012-03-08 21:18 . 2012-03-08 21:18 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
2012-03-08 21:18 . 2012-03-08 21:18 101888 —-a-w- c:\windows\SysWow64\admparse.dll
2012-03-08 21:18 . 2012-03-08 21:18 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-08 21:18 . 2012-03-08 21:18 222208 —-a-w- c:\windows\system32\msls31.dll
2012-03-08 21:18 . 2012-03-08 21:18 173056 —-a-w- c:\windows\system32\ieUnatt.exe
2012-03-08 21:18 . 2012-03-08 21:18 12288 —-a-w- c:\windows\system32\mshta.exe
2012-03-08 21:18 . 2012-03-08 21:18 114176 —-a-w- c:\windows\system32\admparse.dll
2012-03-08 21:18 . 2012-03-08 21:18 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-08 21:18 . 2012-03-08 21:18 85504 —-a-w- c:\windows\system32\iesetup.dll
2012-03-08 21:18 . 2012-03-08 21:18 76800 —-a-w- c:\windows\system32\tdc.ocx
2012-03-08 21:18 . 2012-03-08 21:18 49664 —-a-w- c:\windows\system32\imgutil.dll
2012-03-08 21:18 . 2012-03-08 21:18 48640 —-a-w- c:\windows\system32\mshtmler.dll
2012-03-08 21:18 . 2012-03-08 21:18 448512 —-a-w- c:\windows\system32\html.iec
2012-03-08 21:18 . 2012-03-08 21:18 30720 —-a-w- c:\windows\system32\licmgr10.dll
2012-03-08 21:18 . 2012-03-08 21:18 165888 —-a-w- c:\windows\system32\iexpress.exe
2012-03-08 21:18 . 2012-03-08 21:18 160256 —-a-w- c:\windows\system32\wextract.exe
2012-03-08 21:18 . 2012-03-08 21:18 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
2012-03-08 21:18 . 2012-03-08 21:18 111616 —-a-w- c:\windows\system32\iesysprep.dll
2012-03-08 21:18 . 2012-03-08 21:18 603648 —-a-w- c:\windows\system32\vbscript.dll
2012-03-08 16:50 . 2012-03-08 16:50 49016 —-a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 —-a-w- c:\windows\WLXPGSS.SCR
2012-02-23 08:18 . 2012-02-04 19:47 279656 ——w- c:\windows\system32\MpSigStub.exe
2012-02-21 06:42 . 2012-02-21 06:42 525544 —-a-w- c:\windows\system32\deployJava1.dll
2012-02-20 16:20 . 2012-02-20 16:16 21520 —-a-w- c:\windows\DCEBoot64.exe
2012-02-15 10:01 . 2012-02-15 10:01 52736 —-a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 10:01 . 2012-02-15 10:01 4547944 —-a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 06:27 . 2012-03-14 14:05 1031680 —-a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 14:05 826368 —-a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 14:05 204800 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 14:05 23552 —-a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_MX_Download-versie\TrayServer_nl.exe" [2008-09-10 90112]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2012-2-5 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2012-2-5 156952]
WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14 451872 —-a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 06:03]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 18:43]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 18:43]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1576349813-20603973-1440158461-1000Core.job
- c:\users\SVEN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 19:50]
.
2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1576349813-20603973-1440158461-1000UA.job
- c:\users\SVEN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 19:50]
.
.
——— x86-64 ———–
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
——- Bijkomende Scan ——-
.
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{71762DB0-AE34-4C4B-9B5B-83DF2B36CE01}: NameServer = 84.241.226.140 84.241.226.9
TCP: Interfaces\{A2A53ECC-DF3A-45CB-A63A-71AC5D661F50}: NameServer = 84.241.226.140 84.241.226.9
FF - ProfilePath - c:\users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Andere Aktieve Processen ————————
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
.
**************************************************************************
.
Voltooingstijd: 2012-05-11 17:27:28 - machine werd herstart
ComboFix-quarantined-files.txt 2012-05-11 15:26
.
Pre-Run: 193.050.488.832 bytes beschikbaar
Post-Run: 194.159.845.376 bytes beschikbaar
.
- - End Of File - - EDEFACC81BCE8BE442AFD4F8ECA0DC5C - Hoe gaat het nu?
- Geen idee eigenlijk. Merk nog weinig verschil. allemaal gedaan? maar als ik het goed begrijp heb ik nu scan's uitgevoerd die als het goed is de fouten hebben gerepareerd / virussen hebben verwijderd?
- En je mappen, zijn die alweer zichtbaar of ook nog niet?
- Ik heb ze nog niet kunnen vinden
- Ik kreeg de melding alleen was de tekst iets anders. Er stond bij dat als het niet was gelukt ik het nog een keer moest doen maar dan met de virus scans uit. Heb het 2 keer geprobeerd maar ik merk nog geen resultaat.
Wel is me laptop gister ochtend tijdens het internetten een keertje helemaal vastgelopen en gister avond toen ik dat programma wilde opstarten. Ctrl-alt-delete werkte in dit geval ook niet meer:S - [b:e4b2aa2c9c]Doe de ESET online scan (Klik).[/b:e4b2aa2c9c]
[list:e4b2aa2c9c]
[*:e4b2aa2c9c]Klik op de knop [b:e4b2aa2c9c]ESET Online Scanner[/b:e4b2aa2c9c]
[*:e4b2aa2c9c]Zet een vinkje bij [b:e4b2aa2c9c]YES, I accept the Terms of Use[/b:e4b2aa2c9c]
[*:e4b2aa2c9c]Klik op [b:e4b2aa2c9c]Start[/b:e4b2aa2c9c]
[*:e4b2aa2c9c]Sta het ActiveX control toe om te installeren.
[*:e4b2aa2c9c]Zet een vinkje bij de volgende opties:
[list:e4b2aa2c9c][*:e4b2aa2c9c][b:e4b2aa2c9c]Remove found threats[/b:e4b2aa2c9c]
[*:e4b2aa2c9c][b:e4b2aa2c9c]Scan archives[/b:e4b2aa2c9c][/list:u:e4b2aa2c9c]
[*:e4b2aa2c9c]Klik vervolgens op [b:e4b2aa2c9c] - Na de scan gaf hij error 2002 aan (als ik het goed heb, het zou ook een andere error kunnen zijn geweest)
dit stond er in de log:
ESETSmartInstaller@High as downloader log:
all ok - Heel vreemd, die foutmelding.
Dat ben ik niet gewend!
[b:20d63f18e5]Welk programma[/b:20d63f18e5]: - En de naam SVEN - zegt die jou iets?
- Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 5/13/2012 9:18:05 PM
Scaninstellingen:
Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\, D:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan
Scan gestart: 5/13/2012 9:53:06 PM
C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\cookies.sqlite:14 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2
C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\cookies.sqlite:15 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2
D:\Sven Files\Downloads\MS Office 2010 SP1 NL & Crack\mini-KMS_Activator_v1.053.exe Ontdekt: possible-Threat.Activator.MSOffice!IK
Gescand
Bestanden: 459284
Sporen: 408472
Cookies: 167
Processen: 85
Gevonden
Bestanden: 1
Sporen: 0
Cookies: 2
Processen: 0
Registersleutels: 0
Scan Geëindigd: 5/14/2012 1:13:05 AM
Scantijd: 3:19:59
D:\Sven Files\Downloads\MS Office 2010 SP1 NL & Crack\mini-KMS_Activator_v1.053.exe Verwijderd possible-Threat.Activator.MSOffice!IK
C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\cookies.sqlite:14 Verwijderd Trace.TrackingCookie.doubleclick.net!A2
C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\cookies.sqlite:15 Verwijderd Trace.TrackingCookie.doubleclick.net!A2
Verwijderd
Bestanden: 1
Sporen: 0
Cookies: 2 - [b:c58581995f]mini-KMS_Activator_v1.053.exe[/b:c58581995f]
Ik weet dat het heel verleidelijk is om dure software gratis te gebruiken.
Maar het schijnt nog steeds niet bekend te zijn, dat je daarmee ook voor problemen van ernstige aard in Windows zorgt. - Ja klopt.
Mijn fout geweest om dit te downloaden/gebruiken.
Mappen zijn nog steeds weg. Moet ik Unhide nog een keertje proberen?
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
