Vraag & Antwoord

Beveiliging & privacy

Documenten verdwenen

Anoniem
Anjo
38 antwoorden
  • Ik had dit bericht als staan bij OS windows maar het is blijkbaar een virus. Hier het probleem dat ik daar plaatste: http://forum.computertotaal.nl/phpBB2/viewtopic.php?p=1480933#1480933

    Sinds een paar dagen is mijn hele bibliotheek 'documenten' leeg. Alle bestanden die er in stonden kon ik nergens meer vinden. Uit eindelijk heb ik via het programmaatje Recuva wel het één en ander terug gevonden. Alle files die in me documenten map stonden zijn verplaatst naar me itunes muziek map maar allemaal op verschillende plaatsen. De word bestanden staan bij de album hoesen. En andere bestanden weer bij podcast of zo iets dergelijks. De bestanden kan ik tot nu toe alleen maar via Recuva terug plaatsen bij me documenten en op de plaats die Recuva aangeeft zie ik alleen maar 1 enkel ITC2 bestand.

    Heeft iemand misschien een idee hoe het heeft kunnen gebeuren dat alles is verplaatst? en is er een mogelijkheid dat ik hele mappen terug kan plaatsen? Ik had namelijk ook mappen van minecraft servers er in staan, en het is een beetje lastig werk om alle goede bestandjes daarvan zelf terug te plaatsen in een map

    Aoria

    OS Windows 7 Home Premium
  • Hallo Aoria , dan gaan we beginnen.

  • Hier de logs:

    DDS
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by SVEN at 10:08:05 on 2012-05-11
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3327.1991 [GMT 2:00]
    .
    AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" –auto-start
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-versie\TrayServer_nl.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDSMAR~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{043FC21C-6F88-477F-A04A-E378708524FA} : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{71762DB0-AE34-4C4B-9B5B-83DF2B36CE01} : NameServer = 84.241.226.140 84.241.226.9
    TCP: Interfaces\{A2A53ECC-DF3A-45CB-A63A-71AC5D661F50} : NameServer = 84.241.226.140 84.241.226.9
    TCP: Interfaces\{BCE0B1FF-D06E-4334-84F1-CEFE637E4FFB} : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{BCE0B1FF-D06E-4334-84F1-CEFE637E4FFB}\75F6C6660224F66756E6 : DhcpNameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{BCE0B1FF-D06E-4334-84F1-CEFE637E4FFB}\8445340205F627471626C6560284F6473707F647 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {1CA1377B-DC1D-4A52-9585-6E06050FAC53}
    {43C6D902-A1C5-45c9-91F6-FD9E90337E18}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {CCAC5586-44D7-4c43-B64A-F042461A97D2}
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
    mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" –auto-start
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_MX_Download-versie\TrayServer_nl.exe
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\SVEN\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys –> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys –> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" –> C:\Windows\system32\FBAgent.exe [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe –> C:\Windows\system32\atiesrxx.exe [?]
    R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-12 275912]
    R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2012-2-5 14904]
    R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-2-4 2358656]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-4 3027840]
    R2 WDDMService;WD SmartWare Drive Manager Service;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
    R2 WDSmartWareBackgroundService;WD SmartWare Background Service;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys –> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys –> C:\Windows\system32\DRIVERS\ETD.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys –> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys –> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update-service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-4 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS –> C:\Windows\system32\drivers\AmUStor.SYS [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys –> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]
    S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-4 136176]
    S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys –> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys –> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
    S3 hwusbdev;Huawei DataCard USB PNP Device;C:\Windows\system32\DRIVERS\ewusbdev.sys –> C:\Windows\system32\DRIVERS\ewusbdev.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys –> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys –> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe –> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys –> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-05-11 07:57:26 ——– d—–w- C:\Users\SVEN\AppData\Local\{5AA87164-FDE5-4E66-ADA4-33C9B4F6ED09}
    2012-05-11 07:57:13 ——– d—–w- C:\Users\SVEN\AppData\Local\{22A7FAFA-9154-47D5-9F6D-C41AEACD9CBE}
    2012-05-10 14:10:51 ——– d—–w- C:\Program Files (x86)\Common Files\MAGIX Shared
    2012-05-10 14:08:18 ——– d—–w- C:\Program Files (x86)\MAGIX
    2012-05-10 14:07:46 ——– d—–w- C:\ProgramData\MAGIX
    2012-05-10 14:07:41 ——– d—–w- C:\Program Files (x86)\Common Files\MAGIX Services
    2012-05-10 14:01:20 ——– d—–w- C:\Users\SVEN\AppData\Roaming\MAGIX
    2012-05-10 12:56:01 ——– d—–w- C:\Users\SVEN\AppData\Local\{187224DD-DDF0-49AA-9A2C-B3A7F33904F6}
    2012-05-10 12:55:26 ——– d—–w- C:\Users\SVEN\AppData\Local\{72A3DF96-8AAA-4F46-85F0-7C0599D2ACAB}
    2012-05-09 14:06:39 ——– d—–w- C:\Program Files (x86)\ASIO4ALL v2
    2012-05-09 14:06:25 225280 —-a-w- C:\Windows\SysWow64\rewire.dll
    2012-05-09 14:06:25 ——– d—–w- C:\Program Files (x86)\VstPlugins
    2012-05-09 14:06:09 1554944 —-a-w- C:\Windows\SysWow64\vorbis.acm
    2012-05-09 14:05:56 ——– d—–w- C:\Program Files (x86)\Outsim
    2012-05-09 14:01:04 ——– d—–w- C:\Program Files (x86)\Image-Line
    2012-05-09 12:04:18 ——– d—–w- C:\Users\SVEN\AppData\Roaming\JAM Software
    2012-05-09 12:04:06 ——– d—–w- C:\Program Files (x86)\JAM Software
    2012-05-09 11:41:06 ——– d—–w- C:\Users\SVEN\AppData\Local\{7AC56EFC-C203-41C8-85D3-63E35F36FDC1}
    2012-05-09 11:40:15 ——– d—–w- C:\Users\SVEN\AppData\Local\{58082EFD-2AC3-4DF4-A523-C7A5D21F421C}
    2012-05-09 05:51:26 75632 —-a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-05-09 05:51:17 1895280 —-a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-05-09 05:51:10 936960 —-a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-09 05:51:10 1732096 —-a-w- C:\Program Files\Windows Journal\NBDoc.DLL
    2012-05-09 05:51:10 1402880 —-a-w- C:\Program Files\Windows Journal\JNWDRV.dll
    2012-05-09 05:51:10 1393664 —-a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
    2012-05-09 05:51:10 1367552 —-a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-08 12:53:37 ——– d—–w- C:\Users\SVEN\AppData\Local\{AF712721-8B32-42A7-8274-90621D9ED97B}
    2012-05-08 12:53:25 ——– d—–w- C:\Users\SVEN\AppData\Local\{2B5E0623-FF1D-42FD-B437-C483F5DB8775}
    2012-05-07 18:47:16 ——– d—–w- C:\Users\SVEN\AppData\Local\{94F22789-9D72-487E-AB00-E4D89ECFF6EE}
    2012-05-07 18:47:03 ——– d—–w- C:\Users\SVEN\AppData\Local\{C30F7F86-1385-4F39-BBE0-E73AA63FC241}
    2012-05-07 06:27:36 ——– d—–w- C:\Users\SVEN\AppData\Local\{728FC4B5-8922-45E1-BDA1-97A1E78FB3B9}
    2012-05-07 06:26:50 ——– d—–w- C:\Users\SVEN\AppData\Local\{BD69527B-DAFB-4782-8320-FF862CAFF248}
    2012-05-06 22:55:24 ——– d—–w- C:\Users\SVEN\AppData\Local\{5409A3EF-0DE1-4B89-8C0E-4AAAB1042A68}
    2012-05-06 22:55:11 ——– d—–w- C:\Users\SVEN\AppData\Local\{1972C54D-46E8-43D3-A410-94482AA4648A}
    2012-05-06 20:13:46 ——– d—–w- C:\Program Files (x86)\Convar
    2012-05-06 19:51:20 ——– d—–w- C:\Program Files (x86)\ContentaConverter-PREMIUM
    2012-05-06 18:58:04 ——– d—–w- C:\Program Files (x86)\Advanced File Fixer 2012
    2012-05-06 10:54:47 ——– d—–w- C:\Users\SVEN\AppData\Local\{47C192C0-5C33-4A90-A48C-B843A5D10AC8}
    2012-05-06 10:54:23 ——– d—–w- C:\Users\SVEN\AppData\Local\{B2EFF535-1E0F-4AAA-A75A-BFA003B128C3}
    2012-04-30 05:41:11 ——– d—–w- C:\Users\SVEN\AppData\Local\{B118C441-512D-4D97-900A-7C0B04C197D5}
    2012-04-30 05:40:36 ——– d—–w- C:\Users\SVEN\AppData\Local\{1CC7744E-0C73-4200-B8EA-301A27544762}
    2012-04-29 19:50:53 ——– d—–w- C:\ProgramData\vsosdk
    2012-04-29 16:18:01 ——– d—–w- C:\Program Files (x86)\VSO
    2012-04-29 08:28:55 ——– d—–w- C:\Users\SVEN\AppData\Local\{7AD02797-4B3B-48A1-B27B-3EEC760E867A}
    2012-04-29 08:28:09 ——– d—–w- C:\Users\SVEN\AppData\Local\{B7E96EA5-F410-4275-ADE4-55D7DF9D2DE5}
    2012-04-28 20:17:17 ——– d—–w- C:\Users\SVEN\AppData\Local\{847FAF7D-D413-4A63-8BC4-A96A2DFD7E3F}
    2012-04-28 20:16:41 ——– d—–w- C:\Users\SVEN\AppData\Local\{39187998-A52A-47B4-AEE6-1227941EF8C5}
    2012-04-28 08:16:19 ——– d—–w- C:\Users\SVEN\AppData\Local\{1481BBF4-4EF2-42BF-9D0E-C3D8B6818A2A}
    2012-04-28 08:15:31 ——– d—–w- C:\Users\SVEN\AppData\Local\{1F47BB6F-7488-4497-9C25-F08FF7CB6468}
    2012-04-27 11:22:06 ——– d—–w- C:\Users\SVEN\AppData\Local\{2F3A15D6-A64B-4389-9EC0-232AD5D454E3}
    2012-04-27 11:21:52 ——– d—–w- C:\Users\SVEN\AppData\Local\{B09C1B6A-1EA2-41C8-9838-42B94F967CF2}
    2012-04-26 17:11:57 ——– d—–w- C:\Program Files\Microsoft Synchronization Services
    2012-04-26 17:11:21 ——– d—–w- C:\Windows\PCHEALTH
    2012-04-26 17:11:21 ——– d—–w- C:\Program Files\Microsoft SQL Server Compact Edition
    2012-04-26 17:09:21 ——– d—–w- C:\Program Files (x86)\Microsoft Visual Studio 8
    2012-04-26 17:08:05 ——– d—–w- C:\Program Files\Microsoft Analysis Services
    2012-04-26 17:08:05 ——– d—–w- C:\Program Files (x86)\Microsoft Analysis Services
    2012-04-26 12:58:45 ——– d—–w- C:\Users\SVEN\AppData\Local\{3F3E9D00-2629-4480-87BD-5CCDBBF4BC2B}
    2012-04-26 12:57:56 ——– d—–w- C:\Users\SVEN\AppData\Local\{D3EFD437-F82B-41E9-9D9D-7036F8C21EA1}
    2012-04-25 13:02:38 ——– d—–w- C:\Users\SVEN\AppData\Local\{1F8886DC-CE08-403B-A661-25735253C505}
    2012-04-25 13:01:49 ——– d—–w- C:\Users\SVEN\AppData\Local\{5B98A645-AF38-400D-8A4C-F6DA22F830A3}
    2012-04-24 10:47:41 ——– d—–w- C:\Users\SVEN\AppData\Local\{972D5DAB-6236-428D-9290-DD3AE036D861}
    2012-04-24 10:46:54 ——– d—–w- C:\Users\SVEN\AppData\Local\{1493CA23-804B-4217-B502-56A26B5516ED}
    2012-04-23 17:22:59 ——– d—–w- C:\Users\SVEN\AppData\Local\{B61D0B56-8ACB-4C93-BCF2-6B4FA9F4C106}
    2012-04-23 17:22:09 ——– d—–w- C:\Users\SVEN\AppData\Local\{125417A9-6702-44D7-B9C2-431FD257ADD3}
    2012-04-23 05:21:32 ——– d—–w- C:\Users\SVEN\AppData\Local\{19A84147-B599-4EA9-82BB-94E3ED47E967}
    2012-04-23 05:20:46 ——– d—–w- C:\Users\SVEN\AppData\Local\{68BB511D-C19C-4760-B307-0402C3E668D3}
    2012-04-22 10:07:24 3545088 —-a-w- C:\Windows\System32\drivers\athrx.sys
    2012-04-22 09:59:24 95248 —-a-w- C:\Windows\System32\drivers\AtihdW76.sys
    2012-04-22 08:45:08 ——– d—–w- C:\Users\SVEN\AppData\Local\{1B82331F-EAA7-448C-92C2-825C2D3FC3D4}
    2012-04-22 08:44:16 ——– d—–w- C:\Users\SVEN\AppData\Local\{4D343545-ABAF-42D6-A153-76689D84B68E}
    2012-04-21 20:34:53 ——– d—–w- C:\Users\SVEN\AppData\Local\{6712DD15-40D0-4B7E-B960-3D2C0A3D56DD}
    2012-04-21 20:34:18 ——– d—–w- C:\Users\SVEN\AppData\Local\{0C1F8317-F83A-4A48-A8BF-5F4939788844}
    2012-04-21 08:33:41 ——– d—–w- C:\Users\SVEN\AppData\Local\{8487ABF2-BBD6-401A-B8C1-7299E451F670}
    2012-04-21 08:33:05 ——– d—–w- C:\Users\SVEN\AppData\Local\{1F42FEE6-3A7C-49E6-884E-28E9FBD69DA6}
    2012-04-20 11:16:37 ——– d—–w- C:\Program Files (x86)\Lame For Audacity
    2012-04-20 10:51:21 ——– d—–w- C:\Program Files (x86)\Audacity
    2012-04-20 10:45:28 ——– d—–w- C:\Users\SVEN\AppData\Local\{C72F3F57-F152-4418-8065-A1CFEC8489C5}
    2012-04-20 10:44:52 ——– d—–w- C:\Users\SVEN\AppData\Local\{74A16C63-03DB-4200-B11E-43045E8FF406}
    2012-04-19 18:16:40 ——– d—–w- C:\Users\SVEN\AppData\Local\{A6E9D96E-7C79-43C8-8628-46813A9939DA}
    2012-04-19 18:16:05 ——– d—–w- C:\Users\SVEN\AppData\Local\{02675DCE-470D-45E9-B5A8-83CC95A17D60}
    2012-04-18 17:33:20 ——– d—–w- C:\Users\SVEN\AppData\Local\{F8113FC2-68BB-44E8-8823-0D0F3312FC92}
    2012-04-18 17:32:28 ——– d—–w- C:\Users\SVEN\AppData\Local\{4A906B96-34ED-458B-80B5-86AEA6287AA4}
    2012-04-18 05:31:51 ——– d—–w- C:\Users\SVEN\AppData\Local\{68B26D45-E199-4F7F-8AB0-840B62A0430D}
    2012-04-18 05:31:02 ——– d—–w- C:\Users\SVEN\AppData\Local\{834F837E-21DB-40E7-880F-FC4996989314}
    2012-04-17 12:52:19 ——– d—–w- C:\Users\SVEN\AppData\Local\{1302043A-D438-4E9C-A473-AC3C7DB0A535}
    2012-04-17 12:52:05 ——– d—–w- C:\Users\SVEN\AppData\Local\{F3DDC644-C35A-4684-BB54-2A0C1FBDA609}
    2012-04-16 14:24:34 ——– d—–w- C:\Users\SVEN\AppData\Local\{D2AA5ED9-CCE9-4C97-B2A4-84CEE303ABB7}
    2012-04-16 14:23:46 ——– d—–w- C:\Users\SVEN\AppData\Local\{88D0DC3C-A8E9-4C13-A7B9-77C59D80E174}
    2012-04-15 11:58:20 ——– d—–w- C:\Users\SVEN\AppData\Local\{4B24E013-D7CB-4136-A5E3-5CB1BBC81B93}
    2012-04-15 11:58:07 ——– d—–w- C:\Users\SVEN\AppData\Local\{0029C5C6-4018-42DF-829C-A824B02CD57E}
    2012-04-14 19:26:55 ——– d—–w- C:\Users\SVEN\AppData\Local\{8E378747-3AD5-4767-B532-E4FFFB5BDC3A}
    2012-04-14 19:26:19 ——– d—–w- C:\Users\SVEN\AppData\Local\{8B9D3189-E333-49B8-9F29-7A1B49B900AC}
    2012-04-14 06:19:36 ——– d—–w- C:\Users\SVEN\AppData\Local\{2C08831D-F84C-4D38-B19D-3CBDC832AB90}
    2012-04-14 06:19:00 ——– d—–w- C:\Users\SVEN\AppData\Local\{9E0CBDE4-E7C1-498C-BB10-61905498A236}
    2012-04-13 19:03:08 8744608 —-a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-13 12:56:06 ——– d—–w- C:\Users\SVEN\AppData\Local\{356864B8-B456-4353-A6D0-FE562B8F4575}
    2012-04-13 12:55:54 ——– d—–w- C:\Users\SVEN\AppData\Local\{1A36D36A-19F0-4098-87C0-554481BEF0CA}
    2012-04-13 12:55:09 ——– d—–w- C:\Windows\nl
    2012-04-13 12:42:38 89944 —-a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\DSETUP.dll
    2012-04-13 12:42:38 537432 —-a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\DXSETUP.exe
    2012-04-13 12:42:38 1801048 —-a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\dsetup32.dll
    2012-04-13 12:39:56 ——– d—–w- C:\Users\SVEN\AppData\Local\{9A225CA3-668B-4BEF-A915-92D422BD749C}
    2012-04-13 12:39:23 ——– d—–w- C:\Users\SVEN\AppData\Local\{ADF18D3B-CB62-43B8-8A1D-2977C3E98882}
    2012-04-13 06:18:59 887296 —-a-w- C:\Program Files\Internet Explorer\iedvtool.dll
    2012-04-13 06:13:24 ——– d—–w- C:\Users\SVEN\AppData\Local\{DBBC6F09-EE4B-4A8C-A275-EBF145EA4EFC}
    2012-04-13 06:11:15 80896 —-a-w- C:\Windows\System32\imagehlp.dll
    2012-04-13 06:11:15 22896 —-a-w- C:\Windows\System32\drivers\fs_rec.sys
    2012-04-13 06:11:14 158720 —-a-w- C:\Windows\SysWow64\imagehlp.dll
    2012-04-13 06:11:12 220672 —-a-w- C:\Windows\System32\wintrust.dll
    2012-04-13 06:11:12 172544 —-a-w- C:\Windows\SysWow64\wintrust.dll
    2012-04-13 06:11:11 5120 —-a-w- C:\Windows\System32\wmi.dll
    2012-04-13 06:11:10 5120 —-a-w- C:\Windows\SysWow64\wmi.dll
    2012-04-12 13:45:51 ——– d—–w- C:\temp
    2012-04-12 13:34:52 ——– d—–w- C:\Users\SVEN\AppData\Local\Trend Micro
    2012-04-12 13:33:50 105744 —-a-w- C:\Windows\System32\drivers\tmtdi.sys
    2012-04-12 13:33:44 91920 —-a-w- C:\Windows\System32\drivers\tmactmon.sys
    2012-04-12 13:33:44 70928 —-a-w- C:\Windows\System32\drivers\tmevtmgr.sys
    2012-04-12 13:33:44 167696 —-a-w- C:\Windows\System32\drivers\tmcomm.sys
    2012-04-12 13:31:16 56 —-a-w- C:\Windows\System32\SupportTool.exe.bat
    2012-04-12 13:29:56 ——– d—–w- C:\Program Files\Trend Micro
    2012-04-12 12:43:31 ——– d—–w- C:\Program Files (x86)\Trend Micro
    2012-04-12 09:41:13 ——– d—–w- C:\Users\SVEN\AppData\Local\{92E13872-F99F-4C8B-B3C4-5707F82F3E9B}
    2012-04-12 05:36:21 8669240 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDBAC1F0-40F8-44EC-B371-EDF6A51AFBF9}\mpengine.dll
    2012-04-11 19:55:00 ——– d—–w- C:\Users\SVEN\AppData\Local\{889E20E8-2B68-48D2-A66E-0D4CF6EC8988}
    .
    ==================== Find3M ====================
    .
    2012-05-07 06:03:15 419488 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-07 06:03:14 70304 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-08 12:41:29 234768 —-a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-04-08 12:41:29 234768 —-a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-04-08 11:41:23 75136 —-a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-04-02 05:34:04 5504880 —-a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 04:46:44 3958128 —-a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-04-02 04:46:44 3902320 —-a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-04-02 03:01:19 3143680 —-a-w- C:\Windows\System32\win32k.sys
    2012-03-12 06:27:40 472808 —-a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-03-08 16:50:28 49016 —-a-w- C:\Windows\SysWow64\sirenacm.dll
    2012-03-08 16:37:20 302448 —-a-w- C:\Windows\WLXPGSS.SCR
    2012-03-03 06:29:57 1541120 —-a-w- C:\Windows\System32\DWrite.dll
    2012-03-03 06:29:42 320512 —-a-w- C:\Windows\System32\d3d10_1core.dll
    2012-03-03 06:29:42 197120 —-a-w- C:\Windows\System32\d3d10_1.dll
    2012-03-03 06:29:42 1837568 —-a-w- C:\Windows\System32\d3d10warp.dll
    2012-03-03 06:29:41 902656 —-a-w- C:\Windows\System32\d2d1.dll
    2012-03-03 05:40:21 1074176 —-a-w- C:\Windows\SysWow64\DWrite.dll
    2012-03-03 05:40:10 1170944 —-a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-03-03 05:40:09 739840 —-a-w- C:\Windows\SysWow64\d2d1.dll
    2012-03-03 05:40:09 218624 —-a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2012-03-03 05:40:09 161792 —-a-w- C:\Windows\SysWow64\d3d10_1.dll
    2012-02-28 06:56:48 2311168 —-a-w- C:\Windows\System32\jscript9.dll
    2012-02-28 06:49:56 1390080 —-a-w- C:\Windows\System32\wininet.dll
    2012-02-28 06:48:57 1493504 —-a-w- C:\Windows\System32\inetcpl.cpl
    2012-02-28 06:42:55 2382848 —-a-w- C:\Windows\System32\mshtml.tlb
    2012-02-28 01:18:55 1799168 —-a-w- C:\Windows\SysWow64\jscript9.dll
    2012-02-28 01:11:21 1427456 —-a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-02-28 01:11:07 1127424 —-a-w- C:\Windows\SysWow64\wininet.dll
    2012-02-28 01:03:16 2382848 —-a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-02-23 08:18:36 279656 ——w- C:\Windows\System32\MpSigStub.exe
    2012-02-21 06:42:06 525544 —-a-w- C:\Windows\System32\deployJava1.dll
    2012-02-20 16:20:50 21520 —-a-w- C:\Windows\DCEBoot64.exe
    2012-02-15 10:01:50 52736 —-a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2012-02-15 10:01:50 4547944 —-a-w- C:\Windows\System32\usbaaplrc.dll
    2012-02-15 06:27:54 1031680 —-a-w- C:\Windows\System32\rdpcore.dll
    2012-02-15 05:44:57 826368 —-a-w- C:\Windows\SysWow64\rdpcore.dll
    2012-02-15 04:47:21 204800 —-a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-02-15 04:46:59 23552 —-a-w- C:\Windows\System32\drivers\tdtcp.sys
    .
    ============= FINISH: 10:10:16,97 ===============



    MBAM

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400
    www.malwarebytes.org

    Databaseversie: v2012.05.11.02

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    SVEN :: SVEN-PC [administrator]

    Realtime bescherming: Ingeschakeld

    11-5-2012 10:23:18
    mbam-log-2012-05-11 (10-23-18).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 202895
    Verstreken tijd: 10 minuut/minuten, 6 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • We gaan dieper kijken.

    [b:7a8f48ce57]Welk programma[/b:7a8f48ce57]: [b:7a8f48ce57]TDSSStarter.exe[/b:7a8f48ce57]
    [b:7a8f48ce57]Waarvoor/waarom[/b:7a8f48ce57]: Rootkitscanner
    [b:7a8f48ce57]Moeilijkheidsgraad[/b:7a8f48ce57]: geen
    Download [b:7a8f48ce57]TDSSStarter[/b:7a8f48ce57] naar het bureaublad.

    [b:7a8f48ce57]"TDSSSStarter.exe" gebruiken[/b:7a8f48ce57]:
    [list:7a8f48ce57][*:7a8f48ce57] [b:7a8f48ce57]
  • 12:03:56.0102 0896 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
    12:03:56.0117 0896 ============================================================
    12:03:56.0117 0896 Current date / time: 2012/05/11 12:03:56.0117
    12:03:56.0117 0896 SystemInfo:
    12:03:56.0117 0896
    12:03:56.0117 0896 OS Version: 6.1.7600 ServicePack: 0.0
    12:03:56.0117 0896 Product type: Workstation
    12:03:56.0117 0896 ComputerName: SVEN-PC
    12:03:56.0117 0896 UserName: SVEN
    12:03:56.0117 0896 Windows directory: C:\Windows
    12:03:56.0117 0896 System windows directory: C:\Windows
    12:03:56.0117 0896 Running under WOW64
    12:03:56.0117 0896 Processor architecture: Intel x64
    12:03:56.0117 0896 Number of processors: 2
    12:03:56.0117 0896 Page size: 0x1000
    12:03:56.0117 0896 Boot type: Normal boot
    12:03:56.0117 0896 ============================================================
    12:04:06.0382 0896 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:04:06.0382 0896 ============================================================
    12:04:06.0382 0896 \Device\Harddisk0\DR0:
    12:04:06.0398 0896 MBR partitions:
    12:04:06.0398 0896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x1D1C3000
    12:04:06.0413 0896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1EF0F000, BlocksNum 0x1B476800
    12:04:06.0413 0896 ============================================================
    12:04:06.0460 0896 C: <-> \Device\Harddisk0\DR0\Partition0
    12:04:06.0522 0896 D: <-> \Device\Harddisk0\DR0\Partition1
    12:04:06.0522 0896 ============================================================
    12:04:06.0522 0896 Initialize success
    12:04:06.0522 0896 ============================================================
    12:04:06.0663 0404 ============================================================
    12:04:06.0663 0404 Scan started
    12:04:06.0663 0404 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    12:04:06.0663 0404 ============================================================
    12:04:12.0809 0404 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    12:04:13.0199 0404 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    12:04:13.0277 0404 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    12:04:13.0964 0404 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    12:04:14.0198 0404 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    12:04:14.0385 0404 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    12:04:14.0603 0404 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    12:04:15.0118 0404 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    12:04:15.0586 0404 AFBAgent (fb2be0bae9b3f248080cdbf91ef16c7f) C:\Windows\system32\FBAgent.exe
    12:04:15.0914 0404 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    12:04:16.0116 0404 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    12:04:16.0226 0404 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    12:04:16.0350 0404 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    12:04:16.0631 0404 AMD External Events Utility (47adca52f0f75cbfff5ac24b7dc62990) C:\Windows\system32\atiesrxx.exe
    12:04:16.0787 0404 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    12:04:16.0896 0404 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    12:04:17.0052 0404 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    12:04:17.0146 0404 amdsata (8818a2ab90189b7ff60a24c0847f9a6b) C:\Windows\system32\DRIVERS\amdsata.sys
    12:04:17.0302 0404 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    12:04:17.0442 0404 amdxata (3c430969f097dee18d13010d678069cd) C:\Windows\system32\DRIVERS\amdxata.sys
    12:04:17.0786 0404 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    12:04:17.0910 0404 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
    12:04:18.0082 0404 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    12:04:18.0285 0404 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    12:04:18.0503 0404 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
    12:04:18.0862 0404 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12:04:18.0971 0404 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    12:04:19.0049 0404 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    12:04:19.0190 0404 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    12:04:19.0236 0404 ASMMAP64 (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
    12:04:19.0330 0404 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    12:04:19.0455 0404 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    12:04:20.0469 0404 athr (4ef8d5c1c0a02a9d1c2c465ba730ee69) C:\Windows\system32\DRIVERS\athrx.sys
    12:04:21.0358 0404 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
    12:04:21.0514 0404 AtiHdmiService (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
    12:04:28.0425 0404 atikmdag (544256005d11723e89af323ee4f01809) C:\Windows\system32\DRIVERS\atikmdag.sys
    12:04:30.0125 0404 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
    12:04:30.0266 0404 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    12:04:30.0297 0404 ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - [b:5c7aad2b42]
  • Dan proberen we het nu: download [b:1edba329e1] naar het bureaublad,
    indien jij een melding krijgt, dat het bestand mogelijk onveilig is kunt u dit negeren.
    [list:1edba329e1]
    [*:1edba329e1] Dubbelklik op "[b:1edba329e1]Unhide.exe[/b:1edba329e1]" om de tool te starten.
    [*:1edba329e1] [b:1edba329e1]
  • Mooi, geen MBR-rootkits.

    We gaan naar de volgende stap.

    [b:d0574732ae]Welk programma[/b:d0574732ae]: ComboFix
    [b:d0574732ae]Waarvoor/waarom[/b:d0574732ae]: Zeer specialistische scanner om Windows diepgaand te onderzoeken
    en zo mogelijk op te schonen.
    [b:d0574732ae]Moeilijkheidsgraad[/b:d0574732ae]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:d0574732ae]Downloadlokatie[/b:d0574732ae]: Dit programma absoluut naar het bureaublad downloaden!
    [b:d0574732ae]Download ComboFix via één van deze locaties[/b:d0574732ae]:
    [list:d0574732ae][*:d0574732ae][b:d0574732ae]Bleepingcomputer[/b:d0574732ae]
    [*:d0574732ae][b:d0574732ae]ForoSpyware[/b:d0574732ae]
    [*:d0574732ae][b:d0574732ae]Geekstogo[/b:d0574732ae][/list:u:d0574732ae]
    [b:d0574732ae]Hier[/b:d0574732ae] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:d0574732ae]Hier[/b:d0574732ae] en [b:d0574732ae]hier[/b:d0574732ae] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:d0574732ae]Voor alle duidelijkheid nogmaals[/b:d0574732ae]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:d0574732ae]Opmerkingen[/b:d0574732ae]:
    [list:d0574732ae][*:d0574732ae]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:d0574732ae]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:d0574732ae]
    [b:d0574732ae]ComboFix is opgestart[/b:d0574732ae]:
    [list:d0574732ae][*:d0574732ae]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:d0574732ae]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:d0574732ae]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:d0574732ae]Wanneer ComboFix gereed is, zal het een logbestand voor je maken.
    [*:d0574732ae]Post de inhoud van dit logbestand in je volgende bericht.
    [*:d0574732ae]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:d0574732ae]
    [b:d0574732ae]Belangrijke opmerking[/b:d0574732ae]:
    [list:d0574732ae][*:d0574732ae][b:d0574732ae]
  • ComboFix 12-05-11.02 - SVEN 11-05-2012 14:59:45.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.3327.1813 [GMT 2:00]
    Gestart vanuit: d:\sven files\Desktop\ComboFix.exe
    AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
    SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\SVEN\AppData\Roaming\vso_ts_preview.xml
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-11 to 2012-05-11 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-11 13:44 . 2012-05-11 13:44 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-05-11 10:03 . 2012-05-11 10:06 ——– d—–w- C:\TDSSStarter
    2012-05-11 08:20 . 2012-05-11 08:20 ——– d—–w- c:\users\SVEN\AppData\Roaming\Malwarebytes
    2012-05-11 08:20 . 2012-05-11 08:20 ——– d—–w- c:\programdata\Malwarebytes
    2012-05-11 08:19 . 2012-05-11 08:20 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-05-11 08:19 . 2012-04-04 13:56 24904 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-10 14:10 . 2012-05-10 14:10 ——– d—–w- c:\program files (x86)\Common Files\MAGIX Shared
    2012-05-10 14:08 . 2012-05-10 14:09 ——– d—–w- c:\program files (x86)\MAGIX
    2012-05-10 14:07 . 2012-05-10 14:19 ——– d—–w- c:\programdata\MAGIX
    2012-05-10 14:07 . 2012-05-10 14:09 ——– d—–w- c:\program files (x86)\Common Files\MAGIX Services
    2012-05-10 14:01 . 2012-05-10 14:19 ——– d—–w- c:\users\SVEN\AppData\Roaming\MAGIX
    2012-05-10 13:44 . 2012-05-10 13:45 ——– d—–w- c:\program files\Recuva
    2012-05-09 14:06 . 2012-05-09 14:06 ——– d—–w- c:\program files (x86)\ASIO4ALL v2
    2012-05-09 14:06 . 2012-05-09 14:06 ——– d—–w- c:\program files (x86)\VstPlugins
    2012-05-09 14:06 . 2006-06-20 08:56 225280 —-a-w- c:\windows\SysWow64\rewire.dll
    2012-05-09 14:06 . 2009-09-15 09:14 1554944 —-a-w- c:\windows\SysWow64\vorbis.acm
    2012-05-09 14:05 . 2012-05-09 14:05 ——– d—–w- c:\program files (x86)\Outsim
    2012-05-09 14:01 . 2012-05-09 14:06 ——– d—–w- c:\program files (x86)\Image-Line
    2012-05-09 12:04 . 2012-05-09 12:04 ——– d—–w- c:\users\SVEN\AppData\Roaming\JAM Software
    2012-05-09 12:04 . 2012-05-09 12:04 ——– d—–w- c:\program files (x86)\JAM Software
    2012-05-09 05:51 . 2012-03-17 07:55 75632 —-a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-09 05:51 . 2012-03-30 11:09 1895280 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-09 05:51 . 2012-04-02 05:26 1732096 —-a-w- c:\program files\Windows Journal\NBDoc.DLL
    2012-05-09 05:51 . 2012-04-02 05:24 1367552 —-a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-09 05:51 . 2012-04-02 05:24 1402880 —-a-w- c:\program files\Windows Journal\JNWDRV.dll
    2012-05-09 05:51 . 2012-04-02 05:24 1393664 —-a-w- c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-09 05:51 . 2012-04-02 04:40 936960 —-a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-06 20:13 . 2012-05-06 20:29 ——– d—–w- c:\program files (x86)\Convar
    2012-05-06 19:51 . 2012-05-07 05:39 ——– d—–w- c:\program files (x86)\ContentaConverter-PREMIUM
    2012-05-06 18:58 . 2012-05-07 05:39 ——– d—–w- c:\program files (x86)\Advanced File Fixer 2012
    2012-04-29 19:50 . 2012-04-29 19:50 ——– d—–w- c:\programdata\vsosdk
    2012-04-29 16:18 . 2012-04-29 20:08 ——– d—–w- c:\users\SVEN\AppData\Roaming\Vso
    2012-04-29 16:18 . 2012-05-07 05:39 ——– d—–w- c:\program files (x86)\VSO
    2012-04-26 17:11 . 2012-04-26 17:11 ——– d—–w- c:\program files\Microsoft Synchronization Services
    2012-04-26 17:11 . 2012-04-26 17:11 ——– d—–w- c:\windows\PCHEALTH
    2012-04-26 17:11 . 2012-04-26 17:11 ——– d—–w- c:\program files\Microsoft Sync Framework
    2012-04-26 17:11 . 2012-04-26 17:11 ——– d—–w- c:\program files\Microsoft SQL Server Compact Edition
    2012-04-26 17:09 . 2012-04-26 17:09 ——– d—–w- c:\program files (x86)\Microsoft Visual Studio 8
    2012-04-26 17:08 . 2012-04-26 17:08 ——– d—–w- c:\program files\Microsoft Analysis Services
    2012-04-26 17:08 . 2012-04-26 17:08 ——– d—–w- c:\program files (x86)\Microsoft Analysis Services
    2012-04-26 17:06 . 2012-05-07 05:36 ——– d—–r- C:\MSOCache
    2012-04-22 10:07 . 2012-04-22 10:07 3545088 —-a-w- c:\windows\system32\drivers\athrx.sys
    2012-04-22 09:59 . 2012-04-22 09:59 95248 —-a-w- c:\windows\system32\drivers\AtihdW76.sys
    2012-04-20 11:16 . 2012-04-20 11:16 ——– d—–w- c:\program files (x86)\Lame For Audacity
    2012-04-20 10:51 . 2012-05-10 16:51 ——– d—–w- c:\users\SVEN\AppData\Roaming\Audacity
    2012-04-20 10:51 . 2012-04-20 10:51 ——– d—–w- c:\program files (x86)\Audacity
    2012-04-13 19:03 . 2012-05-07 06:03 8744608 —-a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-13 13:11 . 2012-04-13 13:11 ——– d—–w- c:\users\SVEN\AppData\Roaming\Media Player Classic
    2012-04-13 12:55 . 2012-04-13 12:55 ——– d—–w- c:\windows\nl
    2012-04-13 12:52 . 2012-04-13 12:52 ——– d—–w- c:\program files\Windows Live
    2012-04-13 12:42 . 2012-04-13 12:42 89944 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\DSETUP.dll
    2012-04-13 12:42 . 2012-04-13 12:42 537432 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\DXSETUP.exe
    2012-04-13 12:42 . 2012-04-13 12:42 1801048 —-a-w- c:\program files (x86)\Common Files\Windows Live\.cache\e8a05ed11cd197203\dsetup32.dll
    2012-04-13 06:18 . 2012-02-28 06:51 887296 —-a-w- c:\program files\Internet Explorer\iedvtool.dll
    2012-04-13 06:11 . 2012-03-01 06:54 22896 —-a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-13 06:11 . 2012-03-01 06:40 80896 —-a-w- c:\windows\system32\imagehlp.dll
    2012-04-13 06:11 . 2012-03-01 05:45 158720 —-a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-13 06:11 . 2012-03-01 06:45 220672 —-a-w- c:\windows\system32\wintrust.dll
    2012-04-13 06:11 . 2012-03-01 05:49 172544 —-a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-13 06:11 . 2012-03-01 06:35 5120 —-a-w- c:\windows\system32\wmi.dll
    2012-04-13 06:11 . 2012-03-01 05:40 5120 —-a-w- c:\windows\SysWow64\wmi.dll
    2012-04-12 13:45 . 2012-04-12 13:45 ——– d—–w- C:\temp
    2012-04-12 13:34 . 2012-04-12 13:34 ——– d—–w- c:\users\SVEN\AppData\Local\Trend Micro
    2012-04-12 13:33 . 2012-04-12 12:43 105744 —-a-w- c:\windows\system32\drivers\tmtdi.sys
    2012-04-12 13:33 . 2012-04-12 12:43 91920 —-a-w- c:\windows\system32\drivers\tmactmon.sys
    2012-04-12 13:33 . 2012-04-12 12:43 70928 —-a-w- c:\windows\system32\drivers\tmevtmgr.sys
    2012-04-12 13:33 . 2012-04-12 12:43 167696 —-a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-04-12 13:31 . 2012-04-12 13:31 56 —-a-w- c:\windows\system32\SupportTool.exe.bat
    2012-04-12 13:29 . 2012-04-12 13:30 ——– d—–w- c:\program files\Trend Micro
    2012-04-12 12:43 . 2012-04-13 09:33 ——– d—–w- c:\program files (x86)\Trend Micro
    2012-04-12 05:36 . 2012-03-14 03:27 8669240 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDBAC1F0-40F8-44EC-B371-EDF6A51AFBF9}\mpengine.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-07 06:03 . 2012-04-08 13:09 419488 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-07 06:03 . 2012-04-08 13:09 70304 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-04-08 12:41 . 2012-04-08 12:41 234768 —-a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-04-08 12:41 . 2012-04-08 11:41 234768 —-a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-04-08 11:41 . 2012-04-08 11:41 75136 —-a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-03-12 06:27 . 2012-02-07 15:21 472808 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-03-08 21:18 . 2012-03-08 21:18 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-08 21:18 . 2012-03-08 21:18 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2012-03-08 21:18 . 2012-03-08 21:18 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2012-03-08 21:18 . 2012-03-08 21:18 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-03-08 21:18 . 2012-03-08 21:18 63488 —-a-w- c:\windows\SysWow64\tdc.ocx
    2012-03-08 21:18 . 2012-03-08 21:18 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2012-03-08 21:18 . 2012-03-08 21:18 367104 —-a-w- c:\windows\SysWow64\html.iec
    2012-03-08 21:18 . 2012-03-08 21:18 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-03-08 21:18 . 2012-03-08 21:18 74752 —-a-w- c:\windows\SysWow64\iesetup.dll
    2012-03-08 21:18 . 2012-03-08 21:18 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
    2012-03-08 21:18 . 2012-03-08 21:18 23552 —-a-w- c:\windows\SysWow64\licmgr10.dll
    2012-03-08 21:18 . 2012-03-08 21:18 152064 —-a-w- c:\windows\SysWow64\wextract.exe
    2012-03-08 21:18 . 2012-03-08 21:18 150528 —-a-w- c:\windows\SysWow64\iexpress.exe
    2012-03-08 21:18 . 2012-03-08 21:18 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-03-08 21:18 . 2012-03-08 21:18 11776 —-a-w- c:\windows\SysWow64\mshta.exe
    2012-03-08 21:18 . 2012-03-08 21:18 35840 —-a-w- c:\windows\SysWow64\imgutil.dll
    2012-03-08 21:18 . 2012-03-08 21:18 101888 —-a-w- c:\windows\SysWow64\admparse.dll
    2012-03-08 21:18 . 2012-03-08 21:18 89088 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-03-08 21:18 . 2012-03-08 21:18 222208 —-a-w- c:\windows\system32\msls31.dll
    2012-03-08 21:18 . 2012-03-08 21:18 173056 —-a-w- c:\windows\system32\ieUnatt.exe
    2012-03-08 21:18 . 2012-03-08 21:18 12288 —-a-w- c:\windows\system32\mshta.exe
    2012-03-08 21:18 . 2012-03-08 21:18 114176 —-a-w- c:\windows\system32\admparse.dll
    2012-03-08 21:18 . 2012-03-08 21:18 91648 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-03-08 21:18 . 2012-03-08 21:18 85504 —-a-w- c:\windows\system32\iesetup.dll
    2012-03-08 21:18 . 2012-03-08 21:18 76800 —-a-w- c:\windows\system32\tdc.ocx
    2012-03-08 21:18 . 2012-03-08 21:18 49664 —-a-w- c:\windows\system32\imgutil.dll
    2012-03-08 21:18 . 2012-03-08 21:18 48640 —-a-w- c:\windows\system32\mshtmler.dll
    2012-03-08 21:18 . 2012-03-08 21:18 448512 —-a-w- c:\windows\system32\html.iec
    2012-03-08 21:18 . 2012-03-08 21:18 30720 —-a-w- c:\windows\system32\licmgr10.dll
    2012-03-08 21:18 . 2012-03-08 21:18 165888 —-a-w- c:\windows\system32\iexpress.exe
    2012-03-08 21:18 . 2012-03-08 21:18 160256 —-a-w- c:\windows\system32\wextract.exe
    2012-03-08 21:18 . 2012-03-08 21:18 135168 —-a-w- c:\windows\system32\IEAdvpack.dll
    2012-03-08 21:18 . 2012-03-08 21:18 111616 —-a-w- c:\windows\system32\iesysprep.dll
    2012-03-08 21:18 . 2012-03-08 21:18 603648 —-a-w- c:\windows\system32\vbscript.dll
    2012-03-08 16:50 . 2012-03-08 16:50 49016 —-a-w- c:\windows\SysWow64\sirenacm.dll
    2012-03-08 16:37 . 2012-03-08 16:37 302448 —-a-w- c:\windows\WLXPGSS.SCR
    2012-02-23 08:18 . 2012-02-04 19:47 279656 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-21 06:42 . 2012-02-21 06:42 525544 —-a-w- c:\windows\system32\deployJava1.dll
    2012-02-20 16:20 . 2012-02-20 16:16 21520 —-a-w- c:\windows\DCEBoot64.exe
    2012-02-15 10:01 . 2012-02-15 10:01 52736 —-a-w- c:\windows\system32\drivers\usbaapl64.sys
    2012-02-15 10:01 . 2012-02-15 10:01 4547944 —-a-w- c:\windows\system32\usbaaplrc.dll
    2012-02-15 06:27 . 2012-03-14 14:05 1031680 —-a-w- c:\windows\system32\rdpcore.dll
    2012-02-15 05:44 . 2012-03-14 14:05 826368 —-a-w- c:\windows\SysWow64\rdpcore.dll
    2012-02-15 04:47 . 2012-03-14 14:05 204800 —-a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-02-15 04:46 . 2012-03-14 14:05 23552 —-a-w- c:\windows\system32\drivers\tdtcp.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    "PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-24 801792]
    "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
    "LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-02-28 1987976]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "TrayServer"="c:\program files (x86)\MAGIX\Video_deluxe_MX_Download-versie\TrayServer_nl.exe" [2008-09-10 90112]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2012-2-5 12862]
    SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2012-2-5 156952]
    WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 257696]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 136176]
    R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
    R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
    S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
    S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
    S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
    S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
    S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-11-13 129536]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 09:14 451872 —-a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 06:03]
    .
    2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 18:43]
    .
    2012-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-04 18:43]
    .
    2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1576349813-20603973-1440158461-1000Core.job
    - c:\users\SVEN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 19:50]
    .
    2012-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1576349813-20603973-1440158461-1000UA.job
    - c:\users\SVEN\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-04 19:50]
    .
    .
    ——— x86-64 ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
    "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
    "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ——- Bijkomende Scan ——-
    .
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    TCP: Interfaces\{71762DB0-AE34-4C4B-9B5B-83DF2B36CE01}: NameServer = 84.241.226.140 84.241.226.9
    TCP: Interfaces\{A2A53ECC-DF3A-45CB-A63A-71AC5D661F50}: NameServer = 84.241.226.140 84.241.226.9
    FF - ProfilePath - c:\users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    Toolbar-Locked - (no file)
    AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
    "Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
    "0"="Microsoft Actions Pane 3"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\SmartLogon\smartlogon.exe
    c:\program files\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
    c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
    c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
    c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\windows\AsScrPro.exe
    c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    c:\program files (x86)\TeamViewer\Version6\tv_w32.exe
    c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-05-11 17:27:28 - machine werd herstart
    ComboFix-quarantined-files.txt 2012-05-11 15:26
    .
    Pre-Run: 193.050.488.832 bytes beschikbaar
    Post-Run: 194.159.845.376 bytes beschikbaar
    .
    - - End Of File - - EDEFACC81BCE8BE442AFD4F8ECA0DC5C
  • Hoe gaat het nu?
  • Geen idee eigenlijk. Merk nog weinig verschil. allemaal gedaan? maar als ik het goed begrijp heb ik nu scan's uitgevoerd die als het goed is de fouten hebben gerepareerd / virussen hebben verwijderd?
  • En je mappen, zijn die alweer zichtbaar of ook nog niet?
  • Ik heb ze nog niet kunnen vinden
  • Ik kreeg de melding alleen was de tekst iets anders. Er stond bij dat als het niet was gelukt ik het nog een keer moest doen maar dan met de virus scans uit. Heb het 2 keer geprobeerd maar ik merk nog geen resultaat.

    Wel is me laptop gister ochtend tijdens het internetten een keertje helemaal vastgelopen en gister avond toen ik dat programma wilde opstarten. Ctrl-alt-delete werkte in dit geval ook niet meer:S
  • [b:e4b2aa2c9c]Doe de ESET online scan (Klik).[/b:e4b2aa2c9c]
    [list:e4b2aa2c9c]
    [*:e4b2aa2c9c]Klik op de knop [b:e4b2aa2c9c]ESET Online Scanner[/b:e4b2aa2c9c]
    [*:e4b2aa2c9c]Zet een vinkje bij [b:e4b2aa2c9c]YES, I accept the Terms of Use[/b:e4b2aa2c9c]
    [*:e4b2aa2c9c]Klik op [b:e4b2aa2c9c]Start[/b:e4b2aa2c9c]
    [*:e4b2aa2c9c]Sta het ActiveX control toe om te installeren.
    [*:e4b2aa2c9c]Zet een vinkje bij de volgende opties:
    [list:e4b2aa2c9c][*:e4b2aa2c9c][b:e4b2aa2c9c]Remove found threats[/b:e4b2aa2c9c]
    [*:e4b2aa2c9c][b:e4b2aa2c9c]Scan archives[/b:e4b2aa2c9c][/list:u:e4b2aa2c9c]
    [*:e4b2aa2c9c]Klik vervolgens op [b:e4b2aa2c9c]
  • Na de scan gaf hij error 2002 aan (als ik het goed heb, het zou ook een andere error kunnen zijn geweest)

    dit stond er in de log:


    ESETSmartInstaller@High as downloader log:
    all ok
  • Heel vreemd, die foutmelding.
    Dat ben ik niet gewend!

    [b:20d63f18e5]Welk programma[/b:20d63f18e5]:
  • En de naam SVEN - zegt die jou iets?
  • Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 5/13/2012 9:18:05 PM

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, D:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 5/13/2012 9:53:06 PM

    C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\cookies.sqlite:14 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2
    C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\cookies.sqlite:15 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2
    D:\Sven Files\Downloads\MS Office 2010 SP1 NL & Crack\mini-KMS_Activator_v1.053.exe Ontdekt: possible-Threat.Activator.MSOffice!IK

    Gescand

    Bestanden: 459284
    Sporen: 408472
    Cookies: 167
    Processen: 85

    Gevonden

    Bestanden: 1
    Sporen: 0
    Cookies: 2
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 5/14/2012 1:13:05 AM
    Scantijd: 3:19:59

    D:\Sven Files\Downloads\MS Office 2010 SP1 NL & Crack\mini-KMS_Activator_v1.053.exe Verwijderd possible-Threat.Activator.MSOffice!IK
    C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\cookies.sqlite:14 Verwijderd Trace.TrackingCookie.doubleclick.net!A2
    C:\Users\SVEN\AppData\Roaming\Mozilla\Firefox\Profiles\gnn4eg3g.default\cookies.sqlite:15 Verwijderd Trace.TrackingCookie.doubleclick.net!A2

    Verwijderd

    Bestanden: 1
    Sporen: 0
    Cookies: 2
  • [b:c58581995f]mini-KMS_Activator_v1.053.exe[/b:c58581995f]
    Ik weet dat het heel verleidelijk is om dure software gratis te gebruiken.
    Maar het schijnt nog steeds niet bekend te zijn, dat je daarmee ook voor problemen van ernstige aard in Windows zorgt.
  • Ja klopt.
    Mijn fout geweest om dit te downloaden/gebruiken.

    Mappen zijn nog steeds weg. Moet ik Unhide nog een keertje proberen?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.