Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Data recovery virus

Anoniem
None
36 antwoorden
  • Ik heb het data recovery virus te pakken. Nu heb ik het stappenplan uit een ander topic wat hierover gaat doorgelopen. Onderstaand de logs. HiJackThis [hjt] Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:50:55, on 26-5-2012 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal [b:7987d481fb]Running processes:[/b:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]dwm.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]taskeng.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]taskeng.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\asus\asus live update\[/color:7987d481fb][color=blue:7987d481fb]alu.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\[/color:7987d481fb][color=blue:7987d481fb]explorer.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\asus\smartlogon\[/color:7987d481fb][color=blue:7987d481fb]sensorsrv.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\p4g\[/color:7987d481fb][color=blue:7987d481fb]batterylife.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]igfxsrvc.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\cyberlink\power2go\[/color:7987d481fb][color=blue:7987d481fb]clmlsvc.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\google\google desktop search\[/color:7987d481fb][color=blue:7987d481fb]googledesktop.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\asus\atk hotkey\[/color:7987d481fb][color=blue:7987d481fb]hcontroluser.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\asus\asus data security manager\[/color:7987d481fb][color=blue:7987d481fb]adsmtray.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\atkosd2\[/color:7987d481fb][color=blue:7987d481fb]atkosd2.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]igfxtray.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]hkcmd.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]igfxpers.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\realtek\audio\hda\[/color:7987d481fb][color=blue:7987d481fb]rthdvcpl.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\[/color:7987d481fb][color=blue:7987d481fb]asscrpro.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\pixart\pac207\[/color:7987d481fb][color=blue:7987d481fb]monitor.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\scansoft\paperport\[/color:7987d481fb][color=blue:7987d481fb]pptd40nt.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\brother\brmfcmon\[/color:7987d481fb][color=blue:7987d481fb]brmfcwnd.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\winamp\[/color:7987d481fb][color=blue:7987d481fb]winampa.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\hp\hp software update\[/color:7987d481fb][color=blue:7987d481fb]hpwuschd2.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\avg\avg2012\[/color:7987d481fb][color=blue:7987d481fb]avgtray.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\ask.com\updater\[/color:7987d481fb][color=blue:7987d481fb]updater.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\synaptics\syntp\[/color:7987d481fb][color=blue:7987d481fb]syntpenh.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\itunes\[/color:7987d481fb][color=blue:7987d481fb]ituneshelper.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\common files\java\java update\[/color:7987d481fb][color=blue:7987d481fb]jusched.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\hp\hp ut\bin\[/color:7987d481fb][color=blue:7987d481fb]hppusg.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\windows live\messenger\[/color:7987d481fb][color=blue:7987d481fb]msnmsgr.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\windows media player\[/color:7987d481fb][color=blue:7987d481fb]wmpnscfg.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\hp\digital imaging\bin\[/color:7987d481fb][color=blue:7987d481fb]hpqtra08.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\brother\controlcenter3\[/color:7987d481fb][color=blue:7987d481fb]brccmctl.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\brother\brmfcmon\[/color:7987d481fb][color=blue:7987d481fb]brmfcmon.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\windows live\contacts\[/color:7987d481fb][color=blue:7987d481fb]wlcomm.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\hp\digital imaging\bin\[/color:7987d481fb][color=blue:7987d481fb]hpqste08.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]conime.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\hp\digital imaging\bin\[/color:7987d481fb][color=blue:7987d481fb]hpqbam08.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\hp\digital imaging\bin\[/color:7987d481fb][color=blue:7987d481fb]hpqgpc01.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\macromed\flash\[/color:7987d481fb][color=blue:7987d481fb]flashutil32_11_2_202_235_activex.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]wuauclt.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]searchfilterhost.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]searchprotocolhost.exe[/color:7987d481fb] [color=teal:7987d481fb]c:\program files\trend micro\hijackthis\[/color:7987d481fb][color=blue:7987d481fb]hijackthis.exe[/color:7987d481fb] [color=silver:7987d481fb]r1 -[/color:7987d481fb] [color=brown:7987d481fb]hkcu\software\microsoft\internet explorer\main[/color:7987d481fb],search page = [u:7987d481fb][noparse]http://nl.woofi.info[/noparse][/u:7987d481fb] [color=silver:7987d481fb]r0 -[/color:7987d481fb] [color=brown:7987d481fb]hkcu\software\microsoft\internet explorer\main[/color:7987d481fb],start page = [u:7987d481fb][noparse]http://search.conduit.com?searchsource=10&ctid=ct3196716[/noparse][/u:7987d481fb] [color=silver:7987d481fb]r1 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\software\microsoft\internet explorer\main[/color:7987d481fb],default_search_url = [u:7987d481fb][noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse][/u:7987d481fb] [color=silver:7987d481fb]r1 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\software\microsoft\internet explorer\main[/color:7987d481fb],search page = [u:7987d481fb][noparse]http://nl.woofi.info[/noparse][/u:7987d481fb] [color=silver:7987d481fb]r0 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\software\microsoft\internet explorer\main[/color:7987d481fb],start page = [u:7987d481fb][noparse]http://nl.woofi.info[/noparse][/u:7987d481fb] [color=silver:7987d481fb]r0 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\software\microsoft\internet explorer\search[/color:7987d481fb],searchassistant = [color=silver:7987d481fb]r0 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\software\microsoft\internet explorer\search[/color:7987d481fb],customizesearch = [color=silver:7987d481fb]r1 -[/color:7987d481fb] [color=brown:7987d481fb]hkcu\software\microsoft\windows\currentversion\internet settings[/color:7987d481fb],proxyoverride = *.local [color=silver:7987d481fb]r0 -[/color:7987d481fb] [color=brown:7987d481fb]hkcu\software\microsoft\internet explorer\toolbar[/color:7987d481fb],linksfoldername = [color=silver:7987d481fb]r3 -[/color:7987d481fb] [color=brown:7987d481fb]urlsearchhook[/color:7987d481fb]: winamp search class - [color=orange:7987d481fb]{57bca5fa-5dbb-45a2-b558-1755c3f6253b}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\winamp toolbar\[/color:7987d481fb][color=blue:7987d481fb]winamptb.dll[/color:7987d481fb] [color=silver:7987d481fb]r3 -[/color:7987d481fb] [color=brown:7987d481fb]urlsearchhook[/color:7987d481fb]: utorrentbar_nl toolbar - [color=orange:7987d481fb]{87775fdb-6972-41f9-ae51-8326e38cb206}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\utorrentbar_nl\[/color:7987d481fb][color=blue:7987d481fb]prxtbutor.dll[/color:7987d481fb] [color=silver:7987d481fb]r3 -[/color:7987d481fb] [color=brown:7987d481fb]urlsearchhook[/color:7987d481fb]: wiseconvert toolbar - [color=orange:7987d481fb]{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\wiseconvert\[/color:7987d481fb][color=blue:7987d481fb]prxtbwis0.dll[/color:7987d481fb] [color=silver:7987d481fb]o1 -[/color:7987d481fb] [color=brown:7987d481fb]hosts[/color:7987d481fb]: ::1 localhost [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: acroiehelperstub - [color=orange:7987d481fb]{18df081c-e8ad-4283-a596-fa578c2ebdc3}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\common files\adobe\acrobat\activex\[/color:7987d481fb][color=blue:7987d481fb]acroiehelpershim.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: winamp toolbar loader - [color=orange:7987d481fb]{25cee8ec-5730-41bc-8b58-22ddc8ab8c20}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\winamp toolbar\[/color:7987d481fb][color=blue:7987d481fb]winamptb.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: babylon toolbar helper - [color=orange:7987d481fb]{2eecd738-5844-4a99-b4b6-146bf802613b}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\babylontoolbar\babylontoolbar\1.4.35.10\bh\[/color:7987d481fb][color=blue:7987d481fb]babylontoolbar.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: wormradar.com iesiteblocker.navfilter - [color=orange:7987d481fb]{3ca2f312-6f6e-4b53-a66e-4e65e497c8c0}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\avg\avg2012\[/color:7987d481fb][color=blue:7987d481fb]avgssie.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: windows live family safety browser helper - [color=orange:7987d481fb]{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\windows live\family safety\[/color:7987d481fb][color=blue:7987d481fb]fssbho.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: spybot-s&d ie protection - [color=orange:7987d481fb]{53707962-6f74-2d53-2644-206d7942484f}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\spybot - search & destroy\[/color:7987d481fb][color=blue:7987d481fb]sdhelper.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: (no name) - [color=orange:7987d481fb]{5c255c8a-e604-49b4-9d64-90988571cecb}[/color:7987d481fb] - (no file) [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: java(tm) plug-in ssv helper - [color=orange:7987d481fb]{761497bb-d6f0-462c-b6eb-d4daf1d92d43}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\java\jre6\bin\[/color:7987d481fb][color=blue:7987d481fb]ssv.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: utorrentbar_nl - [color=orange:7987d481fb]{87775fdb-6972-41f9-ae51-8326e38cb206}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\utorrentbar_nl\[/color:7987d481fb][color=blue:7987d481fb]prxtbutor.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: windows live aanmelden - help - [color=orange:7987d481fb]{9030d464-4c02-4abf-8ecc-5164760863c6}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\common files\microsoft shared\windows live\[/color:7987d481fb][color=blue:7987d481fb]windowslivelogin.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: dealply - [color=orange:7987d481fb]{a6174f27-1fff-e1d6-a93f-ba48ad5dd448}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\dealply\[/color:7987d481fb][color=blue:7987d481fb]dealplyie.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: google toolbar helper - [color=orange:7987d481fb]{aa58ed58-01dd-4d91-8333-cf10577473f7}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\google\google toolbar\[/color:7987d481fb][color=blue:7987d481fb]googletoolbar_32.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: google toolbar notifier bho - [color=orange:7987d481fb]{af69de43-7d58-4638-b6fa-ce66b5ad205d}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\google\googletoolbarnotifier\5.7.7227.1100\[/color:7987d481fb][color=blue:7987d481fb]swg.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: bing bar helper - [color=orange:7987d481fb]{d2ce3e00-f94a-4740-988e-03dc2f38c34f}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\microsoft\bingbar\[/color:7987d481fb][color=blue:7987d481fb]bingext.dll[/color:7987d481fb] [color=red:7987d481fb](file missing)[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: ask toolbar bho - [color=orange:7987d481fb]{d4027c7f-154a-4066-a1ad-4243d8127440}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\ask.com\[/color:7987d481fb][color=blue:7987d481fb]genericasktoolbar.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: java(tm) plug-in 2 ssv helper - [color=orange:7987d481fb]{dbc80044-a445-435b-bc74-9c25c1c588a9}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\java\jre6\bin\[/color:7987d481fb][color=blue:7987d481fb]jp2ssv.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: wiseconvert - [color=orange:7987d481fb]{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\wiseconvert\[/color:7987d481fb][color=blue:7987d481fb]prxtbwis0.dll[/color:7987d481fb] [color=silver:7987d481fb]o2 -[/color:7987d481fb] [color=brown:7987d481fb]bho[/color:7987d481fb]: hp smart bho class - [color=orange:7987d481fb]{ffffffff-cf4e-4f2b-bdc2-0e72e116a856}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\hp\digital imaging\smart web printing\[/color:7987d481fb][color=blue:7987d481fb]hpswp_bho.dll[/color:7987d481fb] [color=silver:7987d481fb]o3 -[/color:7987d481fb] [color=brown:7987d481fb]toolbar[/color:7987d481fb]: winamp toolbar - [color=orange:7987d481fb]{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\winamp toolbar\[/color:7987d481fb][color=blue:7987d481fb]winamptb.dll[/color:7987d481fb] [color=silver:7987d481fb]o3 -[/color:7987d481fb] [color=brown:7987d481fb]toolbar[/color:7987d481fb]: ask toolbar - [color=orange:7987d481fb]{d4027c7f-154a-4066-a1ad-4243d8127440}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\ask.com\[/color:7987d481fb][color=blue:7987d481fb]genericasktoolbar.dll[/color:7987d481fb] [color=silver:7987d481fb]o3 -[/color:7987d481fb] [color=brown:7987d481fb]toolbar[/color:7987d481fb]: bing bar - [color=orange:7987d481fb]{8dcb7100-df86-4384-8842-8fa844297b3f}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\microsoft\bingbar\[/color:7987d481fb][color=blue:7987d481fb]bingext.dll[/color:7987d481fb] [color=red:7987d481fb](file missing)[/color:7987d481fb] [color=silver:7987d481fb]o3 -[/color:7987d481fb] [color=brown:7987d481fb]toolbar[/color:7987d481fb]: babylon toolbar - [color=orange:7987d481fb]{98889811-442d-49dd-99d7-dc866be87dbc}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\babylontoolbar\babylontoolbar\1.4.35.10\[/color:7987d481fb][color=blue:7987d481fb]babylontoolbartlbr.dll[/color:7987d481fb] [color=silver:7987d481fb]o3 -[/color:7987d481fb] [color=brown:7987d481fb]toolbar[/color:7987d481fb]: google toolbar - [color=orange:7987d481fb]{2318c2b1-4965-11d4-9b18-009027a5cd4f}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\google\google toolbar\[/color:7987d481fb][color=blue:7987d481fb]googletoolbar_32.dll[/color:7987d481fb] [color=silver:7987d481fb]o3 -[/color:7987d481fb] [color=brown:7987d481fb]toolbar[/color:7987d481fb]: utorrentbar_nl toolbar - [color=orange:7987d481fb]{87775fdb-6972-41f9-ae51-8326e38cb206}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\utorrentbar_nl\[/color:7987d481fb][color=blue:7987d481fb]prxtbutor.dll[/color:7987d481fb] [color=silver:7987d481fb]o3 -[/color:7987d481fb] [color=brown:7987d481fb]toolbar[/color:7987d481fb]: wiseconvert toolbar - [color=orange:7987d481fb]{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\wiseconvert\[/color:7987d481fb][color=blue:7987d481fb]prxtbwis0.dll[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][windows defender][/b:7987d481fb] [color=teal:7987d481fb]%programfiles%\windows defender\[/color:7987d481fb][color=blue:7987d481fb]msascui.exe[/color:7987d481fb] -hide [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][clmlserver][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\cyberlink\power2go\[/color:7987d481fb][color=blue:7987d481fb]clmlsvc.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][p2go_menu][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\cyberlink\power2go\muitransfer\[/color:7987d481fb][color=blue:7987d481fb]muistartmenu.exe[/color:7987d481fb] "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0" [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][google desktop search][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\google\google desktop search\[/color:7987d481fb][color=blue:7987d481fb]googledesktop.exe[/color:7987d481fb] /startup [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][hcontroluser][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\asus\atk hotkey\[/color:7987d481fb][color=blue:7987d481fb]hcontroluser.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][adsmtray][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\asus\asus data security manager\[/color:7987d481fb][color=blue:7987d481fb]adsmtray.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][atkosd2][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\atkosd2\[/color:7987d481fb][color=blue:7987d481fb]atkosd2.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][igfxtray][/b:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]igfxtray.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][hotkeyscmds][/b:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]hkcmd.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][persistence][/b:7987d481fb] [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]igfxpers.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][rthdvcpl][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\realtek\audio\hda\[/color:7987d481fb][color=blue:7987d481fb]rthdvcpl.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][asus screen saver protector][/b:7987d481fb] [color=teal:7987d481fb]c:\windows\[/color:7987d481fb][color=blue:7987d481fb]asscrpro.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][fssui][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\windows live\family safety\[/color:7987d481fb][color=blue:7987d481fb]fsui.exe[/color:7987d481fb] -autorun [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][monitor][/b:7987d481fb] [color=teal:7987d481fb]c:\windows\pixart\pac207\[/color:7987d481fb][color=blue:7987d481fb]monitor.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][ssbkgdupdate][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\common files\scansoft shared\ssbkgdupdate\[/color:7987d481fb][color=blue:7987d481fb]ssbkgdupdate.exe[/color:7987d481fb] -embedding -boot [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][paperport ptd][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\scansoft\paperport\[/color:7987d481fb][color=blue:7987d481fb]pptd40nt.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][indexsearch][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\scansoft\paperport\[/color:7987d481fb][color=blue:7987d481fb]indexsearch.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][pport11reminder][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\scansoft\paperport\ereg\[/color:7987d481fb][color=blue:7987d481fb]ereg.exe[/color:7987d481fb] -r [color=teal:7987d481fb]c:\programdata\scansoft\paperport\11\config\ereg\[/color:7987d481fb][color=blue:7987d481fb]ereg.ini[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][brmfcwnd][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\brother\brmfcmon\[/color:7987d481fb][color=blue:7987d481fb]brmfcwnd.exe[/color:7987d481fb] /autorun [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][controlcenter3][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\brother\controlcenter3\[/color:7987d481fb][color=blue:7987d481fb]brctrcen.exe[/color:7987d481fb] /autorun [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][winampagent][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\winamp\[/color:7987d481fb][color=blue:7987d481fb]winampa.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][hp software update][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\hp\hp software update\[/color:7987d481fb][color=blue:7987d481fb]hpwuschd2.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][avg_tray][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\avg\avg2012\[/color:7987d481fb][color=blue:7987d481fb]avgtray.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][apnupdater][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\ask.com\updater\[/color:7987d481fb][color=blue:7987d481fb]updater.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][syntpenh][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\synaptics\syntp\[/color:7987d481fb][color=blue:7987d481fb]syntpenh.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][quicktime task][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\quicktime\[/color:7987d481fb][color=blue:7987d481fb]qttask.exe[/color:7987d481fb] -atboottime [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][ituneshelper][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\itunes\[/color:7987d481fb][color=blue:7987d481fb]ituneshelper.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][sunjavaupdatesched][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\common files\java\java update\[/color:7987d481fb][color=blue:7987d481fb]jusched.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][adobe arm][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\common files\adobe\arm\1.0\[/color:7987d481fb][color=blue:7987d481fb]adobearm.exe[/color:7987d481fb] [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hklm\..\run[/color:7987d481fb]: [b:7987d481fb][hpusagetracking][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\hp\hp ut\bin\[/color:7987d481fb][color=blue:7987d481fb]hppusg.exe[/color:7987d481fb] "c:\program files\hp\hp ut\" [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hkcu\..\run[/color:7987d481fb]: [b:7987d481fb][msnmsgr][/b:7987d481fb] [color=teal:7987d481fb]c:\program files\windows live\messenger\[/color:7987d481fb][color=blue:7987d481fb]msnmsgr.exe[/color:7987d481fb] /background [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hkus\s-1-5-19\..\run[/color:7987d481fb]: [b:7987d481fb][sidebar][/b:7987d481fb] [color=teal:7987d481fb]%programfiles%\windows sidebar\[/color:7987d481fb][color=blue:7987d481fb]sidebar.exe[/color:7987d481fb] /detectmem (user 'local service') [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hkus\s-1-5-19\..\run[/color:7987d481fb]: [b:7987d481fb][windowswelcomecenter][/b:7987d481fb] rundll32.exe oobefldr.dll,showwelcomecenter (user 'local service') [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]hkus\s-1-5-20\..\run[/color:7987d481fb]: [b:7987d481fb][sidebar][/b:7987d481fb] [color=teal:7987d481fb]%programfiles%\windows sidebar\[/color:7987d481fb][color=blue:7987d481fb]sidebar.exe[/color:7987d481fb] /detectmem (user 'network service') [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]global startup[/color:7987d481fb]: fancystart daemon.lnk = ? [color=silver:7987d481fb]o4 -[/color:7987d481fb] [color=brown:7987d481fb]global startup[/color:7987d481fb]: hp digital imaging monitor.lnk = [color=teal:7987d481fb]c:\program files\hp\digital imaging\bin\[/color:7987d481fb][color=blue:7987d481fb]hpqtra08.exe[/color:7987d481fb] [color=silver:7987d481fb]o8 -[/color:7987d481fb] [color=brown:7987d481fb]extra context menu item[/color:7987d481fb]: &winamp search - [color=teal:7987d481fb]c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\[/color:7987d481fb][color=blue:7987d481fb]search.html[/color:7987d481fb] [color=silver:7987d481fb]o8 -[/color:7987d481fb] [color=brown:7987d481fb]extra context menu item[/color:7987d481fb]: e&xport to microsoft excel - res://[color=teal:7987d481fb]c:\progra~1\micros~2\office12\[/color:7987d481fb][color=blue:7987d481fb]excel.exe[/color:7987d481fb]/3000 [color=silver:7987d481fb]o8 -[/color:7987d481fb] [color=brown:7987d481fb]extra context menu item[/color:7987d481fb]: e&xporteren naar microsoft excel - res://[color=teal:7987d481fb]c:\progra~1\micros~2\office11\[/color:7987d481fb][color=blue:7987d481fb]excel.exe[/color:7987d481fb]/3000 [color=silver:7987d481fb]o8 -[/color:7987d481fb] [color=brown:7987d481fb]extra context menu item[/color:7987d481fb]: google sidewiki... - res://[color=teal:7987d481fb]c:\program files\google\google toolbar\component\[/color:7987d481fb][color=blue:7987d481fb]googletoolbardynamic_mui_en_7461b1589e8b4fb7.dll[/color:7987d481fb]/cmsidewiki.html [color=silver:7987d481fb]o9 -[/color:7987d481fb] [color=brown:7987d481fb]extra button[/color:7987d481fb]: in weblog opnemen - [color=orange:7987d481fb]{219c3416-8cb2-491a-a3c7-d9fcddc9d600}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\windows live\writer\[/color:7987d481fb][color=blue:7987d481fb]writerbrowserextension.dll[/color:7987d481fb] [color=silver:7987d481fb]o9 -[/color:7987d481fb] [color=brown:7987d481fb]extra 'tools' menuitem[/color:7987d481fb]: &in weblog opnemen met windows live writer - [color=orange:7987d481fb]{219c3416-8cb2-491a-a3c7-d9fcddc9d600}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\windows live\writer\[/color:7987d481fb][color=blue:7987d481fb]writerbrowserextension.dll[/color:7987d481fb] [color=silver:7987d481fb]o9 -[/color:7987d481fb] [color=brown:7987d481fb]extra button[/color:7987d481fb]: onderzoek - [color=orange:7987d481fb]{92780b25-18cc-41c8-b9be-3c9c571a8263}[/color:7987d481fb] - [color=teal:7987d481fb]c:\progra~1\micros~2\office11\[/color:7987d481fb][color=blue:7987d481fb]refiebar.dll[/color:7987d481fb] [color=silver:7987d481fb]o9 -[/color:7987d481fb] [color=brown:7987d481fb]extra button[/color:7987d481fb]: hp slim selecteren - [color=orange:7987d481fb]{dde87865-83c5-48c4-8357-2f5b1aa84522}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\hp\digital imaging\smart web printing\[/color:7987d481fb][color=blue:7987d481fb]hpswp_bho.dll[/color:7987d481fb] [color=silver:7987d481fb]o9 -[/color:7987d481fb] [color=brown:7987d481fb]extra button[/color:7987d481fb]: (no name) - [color=orange:7987d481fb]{dfb852a3-47f8-48c4-a200-58cab36fd2a2}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\spybot - search & destroy\[/color:7987d481fb][color=blue:7987d481fb]sdhelper.dll[/color:7987d481fb] [color=silver:7987d481fb]o9 -[/color:7987d481fb] [color=brown:7987d481fb]extra 'tools' menuitem[/color:7987d481fb]: spybot - search && destroy configuration - [color=orange:7987d481fb]{dfb852a3-47f8-48c4-a200-58cab36fd2a2}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\spybot - search & destroy\[/color:7987d481fb][color=blue:7987d481fb]sdhelper.dll[/color:7987d481fb] [color=silver:7987d481fb]o16 -[/color:7987d481fb] [color=brown:7987d481fb]dpf[/color:7987d481fb]: [color=orange:7987d481fb]{20a60f0d-9afa-4515-a0fd-83bd84642501}[/color:7987d481fb] (checkers class) - [u:7987d481fb][noparse]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/noparse][/u:7987d481fb] [color=silver:7987d481fb]o16 -[/color:7987d481fb] [color=brown:7987d481fb]dpf[/color:7987d481fb]: [color=orange:7987d481fb]{c3f79a2b-b9b4-4a66-b012-3ee46475b072}[/color:7987d481fb] (messengerstatsclient class) - [u:7987d481fb][noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse][/u:7987d481fb] [color=silver:7987d481fb]o16 -[/color:7987d481fb] [color=brown:7987d481fb]dpf[/color:7987d481fb]: [color=orange:7987d481fb]{d27cdb6e-ae6d-11cf-96b8-444553540000}[/color:7987d481fb] (shockwave flash object) - [u:7987d481fb][noparse]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/noparse][/u:7987d481fb] [color=silver:7987d481fb]o18 -[/color:7987d481fb] [color=brown:7987d481fb]protocol[/color:7987d481fb]: linkscanner - [color=orange:7987d481fb]{f274614c-63f8-47d5-a4d1-fbdde494f8d1}[/color:7987d481fb] - [color=teal:7987d481fb]c:\program files\avg\avg2012\[/color:7987d481fb][color=blue:7987d481fb]avgpp.dll[/color:7987d481fb] [color=silver:7987d481fb]o20 -[/color:7987d481fb] [color=brown:7987d481fb]appinit_dlls[/color:7987d481fb]: [color=teal:7987d481fb]c:\progra~1\google\google~1\[/color:7987d481fb][color=blue:7987d481fb]goec62~1.dll[/color:7987d481fb] [color=silver:7987d481fb]o22 -[/color:7987d481fb] [color=brown:7987d481fb]sharedtaskscheduler[/color:7987d481fb]: component categories cache daemon - [color=orange:7987d481fb]{8c7461ef-2b13-11d2-be35-3078302c2030}[/color:7987d481fb] - [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]browseui.dll[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: adobe acrobat update service (adobearmservice) - adobe systems incorporated - [color=teal:7987d481fb]c:\program files\common files\adobe\arm\1.0\[/color:7987d481fb][color=blue:7987d481fb]armsvc.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: adobe flash player update service (adobeflashplayerupdatesvc) - adobe systems incorporated - [color=teal:7987d481fb]c:\windows\system32\macromed\flash\[/color:7987d481fb][color=blue:7987d481fb]flashplayerupdateservice.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: adsm service (adsmservice) - asustek computer inc. - [color=teal:7987d481fb]c:\program files\asus\asus data security manager\[/color:7987d481fb][color=blue:7987d481fb]adsmsrv.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: mobiel apple apparaat (apple mobile device) - apple inc. - [color=teal:7987d481fb]c:\program files\common files\apple\mobile device support\[/color:7987d481fb][color=blue:7987d481fb]applemobiledeviceservice.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: asldr service (asldrservice) - unknown owner - [color=teal:7987d481fb]c:\program files\asus\atk hotkey\[/color:7987d481fb][color=blue:7987d481fb]asldrsrv.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: atkgfnex service (atkgfnexsrv) - unknown owner - [color=teal:7987d481fb]c:\program files\atkgfnex\[/color:7987d481fb][color=blue:7987d481fb]gfnexsrv.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: avgidsagent - avg technologies cz, s.r.o. - [color=teal:7987d481fb]c:\program files\avg\avg2012\[/color:7987d481fb][color=blue:7987d481fb]avgidsagent.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: avg watchdog (avgwd) - avg technologies cz, s.r.o. - [color=teal:7987d481fb]c:\program files\avg\avg2012\[/color:7987d481fb][color=blue:7987d481fb]avgwdsvc.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: bonjour-service (bonjour service) - apple inc. - [color=teal:7987d481fb]c:\program files\bonjour\[/color:7987d481fb][color=blue:7987d481fb]mdnsresponder.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: fsusbexservice - teruten - [color=teal:7987d481fb]c:\windows\system32\[/color:7987d481fb][color=blue:7987d481fb]fsusbexservice.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: google desktop manager 5.9.1005.12335 (googledesktopmanager-051210-111108) - google - [color=teal:7987d481fb]c:\program files\google\google desktop search\[/color:7987d481fb][color=blue:7987d481fb]googledesktop.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: google updateservice (gupdate) (gupdate) - google inc. - [color=teal:7987d481fb]c:\program files\google\update\[/color:7987d481fb][color=blue:7987d481fb]googleupdate.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: google update-service (gupdatem) (gupdatem) - google inc. - [color=teal:7987d481fb]c:\program files\google\update\[/color:7987d481fb][color=blue:7987d481fb]googleupdate.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: google software updater (gusvc) - google - [color=teal:7987d481fb]c:\program files\google\common\google updater\[/color:7987d481fb][color=blue:7987d481fb]googleupdaterservice.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: ipod-service (ipod service) - apple inc. - [color=teal:7987d481fb]c:\program files\ipod\bin\[/color:7987d481fb][color=blue:7987d481fb]ipodservice.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: lightscribeservice direct disc labeling service (lightscribeservice) - hewlett-packard company - [color=teal:7987d481fb]c:\program files\common files\lightscribe\[/color:7987d481fb][color=blue:7987d481fb]lssrvc.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: mozilla maintenance service (mozillamaintenance) - mozilla foundation - [color=teal:7987d481fb]c:\program files\mozilla maintenance service\[/color:7987d481fb][color=blue:7987d481fb]maintenanceservice.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: norton internet security - unknown owner - [color=teal:7987d481fb]c:\program files\norton internet security\engine\16.0.0.125\[/color:7987d481fb][color=blue:7987d481fb]ccsvchst.exe[/color:7987d481fb] [color=red:7987d481fb](file missing)[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: sbsd security center service (sbsdwscservice) - safer networking ltd. - [color=teal:7987d481fb]c:\program files\spybot - search & destroy\[/color:7987d481fb][color=blue:7987d481fb]sdwinsec.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: servicelayer - nokia. - [color=teal:7987d481fb]c:\program files\pc connectivity solution\[/color:7987d481fb][color=blue:7987d481fb]servicelayer.exe[/color:7987d481fb] [color=silver:7987d481fb]o23 -[/color:7987d481fb] [color=brown:7987d481fb]service[/color:7987d481fb]: spmgr - unknown owner - [color=teal:7987d481fb]c:\program files\asus\nb probe\spm\[/color:7987d481fb][color=blue:7987d481fb]spmgr.exe[/color:7987d481fb] -- end of file - 14853 bytes [/hjt] TDSSKiller: 02:01:51.0620 5664 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 02:01:51.0917 5664 ============================================================ 02:01:51.0917 5664 Current date / time: 2012/05/26 02:01:51.0917 02:01:51.0917 5664 SystemInfo: 02:01:51.0917 5664 02:01:51.0917 5664 OS Version: 6.0.6001 ServicePack: 1.0 02:01:51.0917 5664 Product type: Workstation 02:01:51.0917 5664 ComputerName: PC_VAN_GEBRUIKE 02:01:51.0917 5664 UserName: Gebruiker 02:01:51.0917 5664 Windows directory: C:\Windows 02:01:51.0917 5664 System windows directory: C:\Windows 02:01:51.0917 5664 Processor architecture: Intel x86 02:01:51.0917 5664 Number of processors: 2 02:01:51.0917 5664 Page size: 0x1000 02:01:51.0917 5664 Boot type: Normal boot 02:01:51.0917 5664 ============================================================ 02:01:52.0244 5664 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 02:01:52.0244 5664 ============================================================ 02:01:52.0244 5664 \Device\Harddisk0\DR0: 02:01:52.0244 5664 MBR partitions: 02:01:52.0244 5664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1771000, BlocksNum 0xE8E2800 02:01:52.0275 5664 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10054000, BlocksNum 0xD171000 02:01:52.0275 5664 ============================================================ 02:01:52.0416 5664 C: <-> \Device\Harddisk0\DR0\Partition0 02:01:52.0587 5664 D: <-> \Device\Harddisk0\DR0\Partition1 02:01:52.0587 5664 ============================================================ 02:01:52.0587 5664 Initialize success 02:01:52.0587 5664 ============================================================ 02:01:53.0633 4100 ============================================================ 02:01:53.0633 4100 Scan started 02:01:53.0633 4100 Mode: Manual; 02:01:53.0633 4100 ============================================================ 02:01:59.0373 4100 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 02:01:59.0373 4100 ACPI - ok 02:02:00.0107 4100 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 02:02:00.0107 4100 AdobeARMservice - ok 02:02:00.0840 4100 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 02:02:00.0840 4100 AdobeFlashPlayerUpdateSvc - ok 02:02:01.0339 4100 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 02:02:01.0339 4100 adp94xx - ok 02:02:01.0433 4100 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 02:02:01.0433 4100 adpahci - ok 02:02:01.0729 4100 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 02:02:01.0745 4100 adpu160m - ok 02:02:01.0901 4100 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 02:02:01.0916 4100 adpu320 - ok 02:02:02.0883 4100 ADSMService (c0bf554d2277f7a4c735d475ade2e3b2) C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe 02:02:02.0883 4100 ADSMService - ok 02:02:03.0071 4100 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 02:02:03.0071 4100 AeLookupSvc - ok 02:02:03.0227 4100 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys 02:02:03.0227 4100 AFD - ok 02:02:03.0289 4100 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 02:02:03.0289 4100 agp440 - ok 02:02:03.0320 4100 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 02:02:03.0320 4100 aic78xx - ok 02:02:03.0554 4100 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 02:02:03.0570 4100 ALG - ok 02:02:03.0617 4100 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 02:02:03.0617 4100 aliide - ok 02:02:03.0663 4100 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 02:02:03.0663 4100 amdagp - ok 02:02:03.0695 4100 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 02:02:03.0695 4100 amdide - ok 02:02:03.0773 4100 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 02:02:03.0788 4100 AmdK7 - ok 02:02:03.0804 4100 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 02:02:03.0804 4100 AmdK8 - ok 02:02:03.0882 4100 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 02:02:03.0882 4100 Appinfo - ok 02:02:04.0365 4100 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 02:02:04.0381 4100 Apple Mobile Device - ok 02:02:04.0709 4100 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 02:02:04.0709 4100 arc - ok 02:02:04.0818 4100 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 02:02:04.0818 4100 arcsas - ok 02:02:04.0896 4100 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys 02:02:04.0896 4100 AsDsm - ok 02:02:05.0442 4100 ASLDRService (5a055a4777cbbc8845dd598cb2eebf69) C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe 02:02:05.0442 4100 ASLDRService - ok 02:02:05.0645 4100 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys 02:02:05.0645 4100 ASMMAP - ok 02:02:05.0769 4100 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 02:02:05.0769 4100 AsyncMac - ok 02:02:05.0847 4100 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 02:02:05.0847 4100 atapi - ok 02:02:06.0050 4100 athr (4df523f49694b2884f8e5d870bf3e253) C:\Windows\system32\DRIVERS\athr.sys 02:02:06.0066 4100 athr - ok 02:02:06.0456 4100 athrusb (44fa26470d4c8123ccf71f4200b782d3) C:\Windows\system32\DRIVERS\athrusb.sys 02:02:06.0471 4100 athrusb - ok 02:02:06.0861 4100 ATKGFNEXSrv (7c157574a181b19b9dcf5f339e25337e) C:\Program Files\ATKGFNEX\GFNEXSrv.exe 02:02:06.0877 4100 ATKGFNEXSrv - ok 02:02:07.0392 4100 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 02:02:07.0407 4100 atksgt - ok 02:02:07.0985 4100 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll 02:02:07.0985 4100 AudioEndpointBuilder - ok 02:02:08.0000 4100 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll 02:02:08.0016 4100 Audiosrv - ok 02:02:09.0279 4100 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe 02:02:09.0311 4100 AVGIDSAgent - ok 02:02:10.0231 4100 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 02:02:10.0247 4100 AVGIDSDriver - ok 02:02:10.0403 4100 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 02:02:10.0403 4100 AVGIDSEH - ok 02:02:10.0543 4100 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 02:02:10.0559 4100 AVGIDSFilter - ok 02:02:10.0699 4100 AVGIDSShim (3fc2714e185c04308215d46730d41a94) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 02:02:10.0699 4100 AVGIDSShim - ok 02:02:10.0761 4100 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\Windows\system32\DRIVERS\avgldx86.sys 02:02:10.0761 4100 Avgldx86 - ok 02:02:10.0855 4100 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys 02:02:10.0855 4100 Avgmfx86 - ok 02:02:10.0995 4100 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys 02:02:10.0995 4100 Avgrkx86 - ok 02:02:11.0058 4100 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys 02:02:11.0073 4100 Avgtdix - ok 02:02:12.0275 4100 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe 02:02:12.0290 4100 avgwd - ok 02:02:12.0462 4100 BBSvc (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 02:02:12.0477 4100 BBSvc - ok 02:02:13.0023 4100 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 02:02:13.0023 4100 BBUpdate - ok 02:02:13.0086 4100 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 02:02:13.0086 4100 Beep - ok 02:02:13.0211 4100 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll 02:02:13.0211 4100 BFE - ok 02:02:14.0053 4100 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll 02:02:14.0178 4100 BITS - ok 02:02:14.0318 4100 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 02:02:14.0334 4100 blbdrive - ok 02:02:15.0863 4100 Bonjour Service (1c87705ccb2f60172b0fc86b5d82f00d) C:\Program Files\Bonjour\mDNSResponder.exe 02:02:15.0863 4100 Bonjour Service - ok 02:02:16.0065 4100 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys 02:02:16.0065 4100 bowser - ok 02:02:16.0175 4100 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 02:02:16.0175 4100 BrFiltLo - ok 02:02:16.0206 4100 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 02:02:16.0206 4100 BrFiltUp - ok 02:02:16.0331 4100 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 02:02:16.0346 4100 Browser - ok 02:02:16.0440 4100 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 02:02:16.0440 4100 Brserid - ok 02:02:16.0455 4100 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 02:02:16.0455 4100 BrSerWdm - ok 02:02:16.0518 4100 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 02:02:16.0518 4100 BrUsbMdm - ok 02:02:16.0533 4100 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 02:02:16.0549 4100 BrUsbSer - ok 02:02:16.0580 4100 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 02:02:16.0580 4100 BTHMODEM - ok 02:02:16.0611 4100 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 02:02:16.0611 4100 cdfs - ok 02:02:16.0643 4100 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 02:02:16.0658 4100 cdrom - ok 02:02:16.0705 4100 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll 02:02:16.0721 4100 CertPropSvc - ok 02:02:16.0752 4100 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 02:02:16.0752 4100 circlass - ok 02:02:16.0814 4100 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 02:02:16.0830 4100 CLFS - ok 02:02:17.0345 4100 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 02:02:17.0360 4100 clr_optimization_v2.0.50727_32 - ok 02:02:18.0015 4100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 02:02:18.0015 4100 clr_optimization_v4.0.30319_32 - ok 02:02:18.0093 4100 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 02:02:18.0109 4100 CmBatt - ok 02:02:18.0218 4100 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 02:02:18.0218 4100 cmdide - ok 02:02:18.0281 4100 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 02:02:18.0296 4100 Compbatt - ok 02:02:18.0296 4100 COMSysApp - ok 02:02:18.0327 4100 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 02:02:18.0343 4100 crcdisk - ok 02:02:18.0499 4100 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 02:02:18.0499 4100 Crusoe - ok 02:02:18.0889 4100 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll 02:02:18.0920 4100 CryptSvc - ok 02:02:19.0591 4100 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll 02:02:19.0747 4100 DcomLaunch - ok 02:02:19.0950 4100 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys 02:02:19.0997 4100 DfsC - ok 02:02:20.0558 4100 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe 02:02:20.0667 4100 DFSR - ok 02:02:21.0135 4100 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll 02:02:21.0213 4100 Dhcp - ok 02:02:21.0416 4100 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 02:02:21.0463 4100 disk - ok 02:02:21.0588 4100 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll 02:02:21.0635 4100 Dnscache - ok 02:02:21.0900 4100 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll 02:02:21.0978 4100 dot3svc - ok 02:02:22.0212 4100 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 02:02:22.0212 4100 Dot4 - ok 02:02:22.0290 4100 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 02:02:22.0290 4100 Dot4Print - ok 02:02:22.0337 4100 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 02:02:22.0337 4100 dot4usb - ok 02:02:22.0571 4100 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 02:02:22.0633 4100 DPS - ok 02:02:22.0695 4100 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 02:02:22.0695 4100 drmkaud - ok 02:02:22.0727 4100 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 02:02:22.0789 4100 DXGKrnl - ok 02:02:22.0820 4100 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 02:02:22.0836 4100 E1G60 - ok 02:02:22.0898 4100 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 02:02:22.0945 4100 EapHost - ok 02:02:23.0023 4100 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 02:02:23.0023 4100 Ecache - ok 02:02:23.0163 4100 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 02:02:23.0257 4100 ehRecvr - ok 02:02:23.0273 4100 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 02:02:23.0273 4100 ehSched - ok 02:02:23.0288 4100 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 02:02:23.0304 4100 ehstart - ok 02:02:23.0647 4100 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 02:02:23.0678 4100 elxstor - ok 02:02:24.0193 4100 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll 02:02:24.0287 4100 EMDMgmt - ok 02:02:24.0349 4100 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 02:02:24.0349 4100 ErrDev - ok 02:02:24.0630 4100 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll 02:02:24.0692 4100 EventSystem - ok 02:02:24.0770 4100 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 02:02:24.0786 4100 exfat - ok 02:02:24.0817 4100 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 02:02:24.0817 4100 fastfat - ok 02:02:24.0864 4100 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 02:02:24.0879 4100 fdc - ok 02:02:24.0926 4100 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 02:02:24.0989 4100 fdPHost - ok 02:02:24.0989 4100 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 02:02:25.0067 4100 FDResPub - ok 02:02:25.0082 4100 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 02:02:25.0082 4100 FileInfo - ok 02:02:25.0113 4100 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 02:02:25.0129 4100 Filetrace - ok 02:02:25.0145 4100 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 02:02:25.0238 4100 flpydisk - ok 02:02:25.0269 4100 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 02:02:25.0269 4100 FltMgr - ok 02:02:25.0644 4100 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 02:02:25.0800 4100 FontCache3.0.0.0 - ok 02:02:25.0847 4100 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys 02:02:25.0862 4100 fssfltr - ok 02:02:26.0237 4100 fsssvc (45b52394f9624237f33a8a3d73c0b221) C:\Program Files\Windows Live\Family Safety\fsssvc.exe 02:02:26.0315 4100 fsssvc - ok 02:02:26.0439 4100 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS 02:02:26.0533 4100 FsUsbExDisk - ok 02:02:26.0564 4100 FsUsbExService (d3f9205cc4cb07553f2f9472c767ea87) C:\Windows\system32\FsUsbExService.Exe 02:02:26.0658 4100 FsUsbExService - ok 02:02:26.0705 4100 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 02:02:26.0720 4100 Fs_Rec - ok 02:02:26.0751 4100 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 02:02:26.0767 4100 gagp30kx - ok 02:02:26.0876 4100 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 02:02:26.0892 4100 GEARAspiWDM - ok 02:02:27.0219 4100 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys 02:02:27.0297 4100 ghaio - ok 02:02:27.0375 4100 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys 02:02:27.0422 4100 giveio - ok 02:02:27.0594 4100 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 02:02:27.0781 4100 GoogleDesktopManager-051210-111108 - ok 02:02:27.0828 4100 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll 02:02:27.0921 4100 gpsvc - ok 02:02:27.0984 4100 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 02:02:27.0999 4100 gupdate - ok 02:02:27.0999 4100 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 02:02:27.0999 4100 gupdatem - ok 02:02:28.0046 4100 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 02:02:28.0062 4100 gusvc - ok 02:02:28.0265 4100 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 02:02:28.0296 4100 HdAudAddService - ok 02:02:28.0327 4100 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 02:02:28.0343 4100 HDAudBus - ok 02:02:28.0421 4100 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 02:02:28.0452 4100 HidBth - ok 02:02:28.0530 4100 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 02:02:28.0545 4100 HidIr - ok 02:02:28.0670 4100 hidserv (53d5a2f9ce6ae47d7507727df1da79f8) C:\Windows\system32\hidserv.dll 02:02:28.0733 4100 hidserv - ok 02:02:28.0748 4100 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 02:02:28.0748 4100 HidUsb - ok 02:02:28.0764 4100 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 02:02:28.0842 4100 hkmsvc - ok 02:02:28.0873 4100 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 02:02:28.0873 4100 HpCISSs - ok 02:02:29.0247 4100 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 02:02:29.0247 4100 hpqcxs08 - ok 02:02:29.0715 4100 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 02:02:29.0715 4100 hpqddsvc - ok 02:02:30.0293 4100 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 02:02:30.0308 4100 HTTP - ok 02:02:30.0355 4100 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 02:02:30.0371 4100 i2omp - ok 02:02:30.0433 4100 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 02:02:30.0433 4100 i8042prt - ok 02:02:30.0464 4100 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys 02:02:30.0480 4100 iaStor - ok 02:02:30.0511 4100 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 02:02:30.0527 4100 iaStorV - ok 02:02:30.0776 4100 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 02:02:31.0041 4100 idsvc - ok 02:02:32.0071 4100 igfx (e58042a15dfdf2962b4c26f5c8b4c871) C:\Windows\system32\DRIVERS\igdkmd32.sys 02:02:32.0196 4100 igfx - ok 02:02:33.0038 4100 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 02:02:33.0101 4100 iirsp - ok 02:02:33.0335 4100 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll 02:02:33.0491 4100 IKEEXT - ok 02:02:34.0333 4100 IntcAzAudAddService (3c1c6f24e968ee92928ab908f35fe05e) C:\Windows\system32\drivers\RTKVHDA.sys 02:02:34.0473 4100 IntcAzAudAddService - ok 02:02:35.0082 4100 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 02:02:35.0082 4100 intelide - ok 02:02:35.0113 4100 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 02:02:35.0129 4100 intelppm - ok 02:02:35.0285 4100 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 02:02:35.0394 4100 IPBusEnum - ok 02:02:35.0409 4100 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 02:02:35.0409 4100 IpFilterDriver - ok 02:02:35.0472 4100 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll 02:02:35.0550 4100 iphlpsvc - ok 02:02:35.0565 4100 IpInIp - ok 02:02:35.0581 4100 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 02:02:35.0597 4100 IPMIDRV - ok 02:02:35.0643 4100 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 02:02:35.0659 4100 IPNAT - ok 02:02:36.0704 4100 iPod Service (f62c69376a95795fe7cdb1c778edaca4) C:\Program Files\iPod\bin\iPodService.exe 02:02:36.0829 4100 iPod Service - ok 02:02:36.0845 4100 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 02:02:36.0860 4100 IRENUM - ok 02:02:37.0094 4100 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 02:02:37.0110 4100 isapnp - ok 02:02:37.0391 4100 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 02:02:37.0406 4100 iScsiPrt - ok 02:02:37.0578 4100 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 02:02:37.0718 4100 iteatapi - ok 02:02:37.0921 4100 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 02:02:37.0983 4100 iteraid - ok 02:02:38.0093 4100 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 02:02:38.0108 4100 kbdclass - ok 02:02:38.0202 4100 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 02:02:38.0202 4100 kbdhid - ok 02:02:38.0295 4100 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys 02:02:38.0342 4100 kbfiltr - ok 02:02:38.0498 4100 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe 02:02:38.0561 4100 KeyIso - ok 02:02:38.0951 4100 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 02:02:39.0060 4100 KSecDD - ok 02:02:40.0058 4100 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 02:02:40.0245 4100 KtmRm - ok 02:02:40.0635 4100 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll 02:02:40.0791 4100 LanmanServer - ok 02:02:41.0119 4100 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll 02:02:41.0322 4100 LanmanWorkstation - ok 02:02:41.0883 4100 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files\Common Files\LightScribe\LSSrvc.exe 02:02:41.0977 4100 LightScribeService - ok 02:02:42.0086 4100 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 02:02:42.0086 4100 lirsgt - ok 02:02:42.0211 4100 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\sys
  • Jouw Windows is door jou zodanig verontachtzaamd, dat je eigenlijl beter een recovery-installatie uitvoeren kan naar staat van nieuwaankoop.

    En het log dat jij gepost hebt van TDDSKiller is incompleet.
    Het is niet aan te raden zulke tools zelf te gebruiken.
    Waarom gebruik je geen antivirus?

    Herstart naar Veilige modus met netwerkmogelijkheid.
    Weet je niet hoe, kijk dan hier: http://users.telenet.be/marcvn/spyware/veilige-modus.html


  • Dit is de log van MBAM:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Databaseversie: v2012.05.26.03

    Windows Vista Service Pack 1 x86 NTFS (Veilige modus/netwerkmogelijkheden)
    Internet Explorer 8.0.6001.19088
    Gebruiker :: PC_VAN_GEBRUIKE [administrator]

    26-5-2012 14:09:18
    mbam-log-2012-05-26 (14-09-18).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 213868
    Verstreken tijd: 13 minuut/minuten, 14 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 2
    C:\Users\Gebruiker\Downloads\installer_ace_mega_codec_pack_Nederlands_Dutch.exe (PUP.SmsPay.pns) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Gebruiker\Downloads\installer_winrar.exe (PUP.BundleInstaller.BT) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
  • Wederom in Velige modus met netwerkmogelijkheid weer eerst RKILL gebruiken.

    Daarna [b:fdf8c6e99b]ComboFix[/b:fdf8c6e99b] opstarten!

    [b:fdf8c6e99b]Welk programma[/b:fdf8c6e99b]:
  • De log van Combofix:

    ComboFix 12-05-26.02 - Gebruiker 26-05-2012 15:14:44.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3062.2612 [GMT 2:00]
    Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\QuestScan
    c:\program files\QuestScan\uninstall.exe
    c:\programdata\QuestScan
    c:\programdata\RTORwLyETi97jl
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-26 to 2012-05-26 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-26 13:29 . 2012-05-26 13:30 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
    2012-05-26 13:29 . 2012-05-26 13:29 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-05-25 23:49 . 2012-05-25 23:49 388096 —-a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-25 23:49 . 2012-05-25 23:49 ——– d—–w- c:\program files\Trend Micro
    2012-05-25 23:14 . 2012-05-25 23:14 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
    2012-05-25 23:14 . 2012-05-26 12:28 ——– d—–w- c:\programdata\Malwarebytes
    2012-05-25 23:14 . 2012-04-04 13:56 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-25 23:14 . 2012-05-25 23:14 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-25 23:09 . 2012-05-25 23:10 ——– d—–w- c:\program files\WiseConvert
    2012-05-02 16:50 . 2012-05-02 16:50 ——– d–h–w- c:\programdata\F4D55F3E006DCD5264632BC4EEC1FB6E
    2012-04-29 17:47 . 2012-04-29 17:47 ——– d–h–w- c:\programdata\EA Core
    2012-04-29 13:46 . 2012-04-29 13:46 ——– d—–w- c:\program files\Toggle Downloader
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-26 12:26 . 2009-03-28 02:29 45056 —-a-w- c:\windows\system32\acovcnt.exe
    2012-05-05 17:24 . 2012-04-18 19:11 419488 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 17:24 . 2011-05-14 08:57 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-20 07:31 . 2012-04-20 07:31 887888 —ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-04-26 07:34 . 2012-03-15 12:19 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-06-18 09:01 . 2009-07-22 16:07 119808 —-a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    2011-05-09 08:49 176936 —-a-w- c:\program files\uTorrentBar_NL\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 15:31 1514152 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    2011-05-09 08:49 176936 —-a-w- c:\program files\WiseConvert\prxtbWis0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{87775FDB-6972-41F9-AE51-8326E38CB206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 00:08 143360 —-a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-28 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
    "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]
    "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
    "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
    "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-20 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-20 150552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
    "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-03-28 33136]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/nl.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctOTMwMjk2NjcyLVhMKzEtVDEtRkwrOC1GOE04QyszLVFJWDErNC1YMjAxMCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsx" [?]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-3-28 12862]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:24]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 23:16]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 23:16]
    .
    2012-05-25 c:\windows\Tasks\User_Feed_Synchronization-{0756C380-CC00-478D-A667-251547C387A6}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716
    mStart Page = hxxp://nl.woofi.info
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\zguvbgg0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.zwemkroniek.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-NPSStartup - (no file)
    HKLM-Run-hpqSRMon - (no file)
    AddRemove-uTorrent - f:\torrent\uTorrent.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-26 15:30
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    .
    C:\ADSM_PData_0150
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'lsass.exe'(576)
    c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
    .
    - - - - - - - > 'Explorer.exe'(1864)
    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
    .
    Voltooingstijd: 2012-05-26 15:39:01
    ComboFix-quarantined-files.txt 2012-05-26 13:38
    .
    Pre-Run: 31.025.111.040 bytes beschikbaar
    Post-Run: 31.997.366.272 bytes beschikbaar
    .
    - - End Of File - - 19F7FA8CCF633C45A7149AE656BAB932
  • Zo, hoe gaat het inmiddels?
  • Ondertussen staan de icoontjes op het bureaublad weer helder in plaats van wazig. In menu start staan weer de mappen: documenten, afbeeldingen, muziek, computer, netwerk, configuratiescherm, help en ondersteuning.
    Ook de documenten zijn weer zichtbaar.

    Is er verder nog iets aan te doen om alle bestanden veilig weg te zetten?
    Ik ben gister verder zo stom geweest om alles over te zetten op de externe harde schijf. Dus die zal ook wel besmet zijn.
    Het gaat me niet zo zeer om de laptop, ik heb ondertussen een nieuwe, de bestanden zijn het belangrijkst, dat ze weer veilig zijn.
    Anders breng ik de oude laptop nog weg naar een computerspeciaalzaak.

    Alvast bedankt!
  • Dan gaan we nu Eset Online gebruiken gebruiken.

    Sluit de externe HD ook aan, voordat je met de scan begint!
    Want dan wordt die ook meegenomen in de scan.
    Daardoor wordt het een langer durende scan, want dat hangt ook af van de processor, hoe snel die is!

    [b:9705d97af7]Doe de ESET online scan (Klik).[/b:9705d97af7]
    [list:9705d97af7]
    [*:9705d97af7]Klik op de knop [b:9705d97af7]ESET Online Scanner[/b:9705d97af7]
    [*:9705d97af7]Zet een vinkje bij [b:9705d97af7]YES, I accept the Terms of Use[/b:9705d97af7]
    [*:9705d97af7]Klik op [b:9705d97af7]Start[/b:9705d97af7]
    [*:9705d97af7]Sta het ActiveX control toe om te installeren.
    [*:9705d97af7]Zet een vinkje bij de volgende opties:
    [list:9705d97af7][*:9705d97af7][b:9705d97af7]Remove found threats[/b:9705d97af7]
    [*:9705d97af7][b:9705d97af7]Scan archives[/b:9705d97af7][/list:u:9705d97af7]
    [*:9705d97af7]Klik vervolgens op [b:9705d97af7]
  • De eset scan is eindelijk klaar:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=5ce43b00abdec8479c758f73909938db
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-05-26 08:09:45
    # local_time=2012-05-26 10:09:45 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.0.6001 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 59983 59983 0 0
    # compatibility_mode=5892 16776574 100 100 45901014 175582474 0 0
    # compatibility_mode=8192 67108863 100 0 68064046 68064046 0 0
    # scanned=261742
    # found=10
    # cleaned=10
    # scan_time=13239
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
    C:\Users\Gebruiker\AppData\Roaming\OpenCandy\OpenCandy_F9DFAB78E73248849B913DE7D54B346B\registrybooster11.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Users\Gebruiker\AppData\Roaming\OpenCandy\OpenCandy_F9DFAB78E73248849B913DE7D54B346B\registrybooster11Wrapped.exe a variant of Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Users\Gebruiker\Downloads\winamp5581_full_bundle_emusic-7plus_nl-nl.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Users\Gebruiker\Downloads\winamp5621_full_emusic-7plus_nl-nl.exe Win32/OpenCandy application (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RR4N8TIY\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application (deleted - quarantined) 00000000000000000000000000000000 C
  • Goed gedaan, dan gaan we nu weer ComboFix gebruiken.
    Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

    - of ComboFix wil geupdated worden;
    - of ComboFix wil opnieuw gedownload worden.

    Post wederom de inhoud van het ComboFix-log.
  • Log van Combofix:

    ComboFix 12-05-27.01 - Gebruiker 27-05-2012 10:48:38.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3062.2603 [GMT 2:00]
    Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Gebruiker\AppData\Roaming\inst.exe
    c:\users\Gebruiker\AppData\Roaming\vso_ts_preview.xml
    .
    c:\windows\system32\userinit.exe . . . is geïnfecteerd!!
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-27 to 2012-05-27 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-27 09:03 . 2012-05-27 09:03 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
    2012-05-25 23:49 . 2012-05-25 23:49 388096 —-a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-25 23:49 . 2012-05-25 23:49 ——– d—–w- c:\program files\Trend Micro
    2012-05-25 23:14 . 2012-05-25 23:14 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
    2012-05-25 23:14 . 2012-05-26 12:28 ——– d—–w- c:\programdata\Malwarebytes
    2012-05-25 23:14 . 2012-04-04 13:56 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-25 23:14 . 2012-05-25 23:14 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-25 23:09 . 2012-05-25 23:10 ——– d—–w- c:\program files\WiseConvert
    2012-05-02 16:50 . 2012-05-02 16:50 ——– d—–w- c:\programdata\F4D55F3E006DCD5264632BC4EEC1FB6E
    2012-04-29 17:47 . 2012-04-29 17:47 ——– d—–w- c:\programdata\EA Core
    2012-04-29 13:46 . 2012-04-29 13:46 ——– d—–w- c:\program files\Toggle Downloader
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-26 13:45 . 2009-03-28 02:29 45056 —-a-w- c:\windows\system32\acovcnt.exe
    2012-05-05 17:24 . 2012-04-18 19:11 419488 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 17:24 . 2011-05-14 08:57 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-20 07:31 . 2012-04-20 07:31 887888 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-04-26 07:34 . 2012-03-15 12:19 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-06-18 09:01 . 2009-07-22 16:07 119808 —-a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2010-07-28 1267024]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
    [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
    [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    2011-05-09 08:49 176936 —-a-w- c:\program files\uTorrentBar_NL\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 15:31 1514152 —-a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    2011-05-09 08:49 176936 —-a-w- c:\program files\WiseConvert\prxtbWis0.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    "{87775fdb-6972-41f9-ae51-8326e38cb206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{87775FDB-6972-41F9-AE51-8326E38CB206}"= "c:\program files\uTorrentBar_NL\prxtbuTor.dll" [2011-05-09 176936]
    "{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1}"= "c:\program files\WiseConvert\prxtbWis0.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{87775fdb-6972-41f9-ae51-8326e38cb206}]
    .
    [HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 00:08 143360 —-a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-28 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
    "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]
    "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
    "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
    "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-20 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-20 150552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
    "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-03-28 33136]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-3-28 12862]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Userinit"="c:\windows\explorer.exe,"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:24]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 23:16]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 23:16]
    .
    2012-05-25 c:\windows\Tasks\User_Feed_Synchronization-{0756C380-CC00-478D-A667-251547C387A6}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716
    mStart Page = hxxp://nl.woofi.info
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\zguvbgg0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.zwemkroniek.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-27 11:03
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'lsass.exe'(580)
    c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
    .
    - - - - - - - > 'Explorer.exe'(412)
    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
    .
    Voltooingstijd: 2012-05-27 11:06:06
    ComboFix-quarantined-files.txt 2012-05-27 09:06
    ComboFix2.txt 2012-05-26 13:39
    .
    Pre-Run: 32.017.854.464 bytes beschikbaar
    Post-Run: 31.988.707.328 bytes beschikbaar
    .
    - - End Of File - - 5E8CAB2B6233B518EF8785B373DAC8A7
  • Het is duidelijk dat er snel een antivirusprogramma in jouw Windows gezet dient te worden.

    Vertel hoe jij e-mailt.
    Gaat dat via Webmail of via een programma in jouw Windows?

    We gebruiken ComboFix nu via een script.

    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:f107d8e326]Kladblok (of Notepad)[/b:f107d8e326]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:f107d8e326]
  • Ik mail altijd via Hotmail. Via outlook lukte niet, omdat er iets mis was gegaan bij het installeren.

    ComboFix 12-05-27.01 - Gebruiker 27-05-2012 12:22:27.1.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1043.18.3062.2383 [GMT 2:00]
    Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    FILE ::
    "c:\program files\Ask.com\GenericAskToolbar.dll"
    "c:\program files\Ask.com\Updater\Updater.exe"
    "c:\program files\uTorrentBar_NL\prxtbuTor.dll"
    "c:\program files\WiseConvert\prxtbWis0.dll"
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Ask.com
    c:\program files\Ask.com\assets\oobe\b.png
    c:\program files\Ask.com\assets\oobe\bl.png
    c:\program files\Ask.com\assets\oobe\br.png
    c:\program files\Ask.com\assets\oobe\l.png
    c:\program files\Ask.com\assets\oobe\pointer.png
    c:\program files\Ask.com\assets\oobe\r.png
    c:\program files\Ask.com\assets\oobe\t.png
    c:\program files\Ask.com\assets\oobe\tl.png
    c:\program files\Ask.com\assets\oobe\tr.png
    c:\program files\Ask.com\cobrand.ico
    c:\program files\Ask.com\config.xml
    c:\program files\Ask.com\favicon.ico
    c:\program files\Ask.com\GenericAskToolbar.dll
    c:\program files\Ask.com\mupcfg.xml
    c:\program files\Ask.com\precache.exe
    c:\program files\Ask.com\SaUpdate.exe
    c:\program files\Ask.com\Updater\config.xml
    c:\program files\Ask.com\Updater\Updater.exe
    c:\program files\Ask.com\UpdateTask.exe
    c:\program files\uTorrentBar_NL
    c:\program files\uTorrentBar_NL\GottenAppsContextMenu.xml
    c:\program files\uTorrentBar_NL\ldrtbuTor.dll
    c:\program files\uTorrentBar_NL\OtherAppsContextMenu.xml
    c:\program files\uTorrentBar_NL\prxtbuTor.dll
    c:\program files\uTorrentBar_NL\SharedAppsContextMenu.xml
    c:\program files\uTorrentBar_NL\tbuTor.dll
    c:\program files\uTorrentBar_NL\toolbar.cfg
    c:\program files\uTorrentBar_NL\ToolbarContextMenu.xml
    c:\program files\uTorrentBar_NL\uninstall.exe
    c:\program files\uTorrentBar_NL\uTorrentBar_NLToolbarHelper.exe
    c:\program files\WiseConvert
    c:\program files\WiseConvert\GottenAppsContextMenu.xml
    c:\program files\WiseConvert\ldrtbWise.dll
    c:\program files\WiseConvert\OtherAppsContextMenu.xml
    c:\program files\WiseConvert\prxtbWis0.dll
    c:\program files\WiseConvert\prxtbWise.dll
    c:\program files\WiseConvert\SharedAppsContextMenu.xml
    c:\program files\WiseConvert\tbWise.dll
    c:\program files\WiseConvert\toolbar.cfg
    c:\program files\WiseConvert\ToolbarContextMenu.xml
    c:\program files\WiseConvert\uninstall.exe
    c:\program files\WiseConvert\WiseConvertToolbarHelper.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-27 to 2012-05-27 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-27 10:30 . 2012-05-27 10:30 ——– d—–w- c:\users\Gebruiker\AppData\Local\temp
    2012-05-27 10:30 . 2012-05-27 10:30 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-05-25 23:49 . 2012-05-25 23:49 388096 —-a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-25 23:49 . 2012-05-25 23:49 ——– d—–w- c:\program files\Trend Micro
    2012-05-25 23:14 . 2012-05-25 23:14 ——– d—–w- c:\users\Gebruiker\AppData\Roaming\Malwarebytes
    2012-05-25 23:14 . 2012-05-26 12:28 ——– d—–w- c:\programdata\Malwarebytes
    2012-05-25 23:14 . 2012-04-04 13:56 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-25 23:14 . 2012-05-25 23:14 ——– d—–w- c:\program files\Malwarebytes' Anti-Malware
    2012-05-02 16:50 . 2012-05-02 16:50 ——– d—–w- c:\programdata\F4D55F3E006DCD5264632BC4EEC1FB6E
    2012-04-29 17:47 . 2012-04-29 17:47 ——– d—–w- c:\programdata\EA Core
    2012-04-29 13:46 . 2012-04-29 13:46 ——– d—–w- c:\program files\Toggle Downloader
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-26 13:45 . 2009-03-28 02:29 45056 —-a-w- c:\windows\system32\acovcnt.exe
    2012-05-05 17:24 . 2012-04-18 19:11 419488 —-a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-05 17:24 . 2011-05-14 08:57 70304 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-20 07:31 . 2012-04-20 07:31 887888 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-04-26 07:34 . 2012-03-15 12:19 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-06-18 09:01 . 2009-07-22 16:07 119808 —-a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-02 00:08 143360 —-a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-28 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
    "P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]
    "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-12 98304]
    "ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
    "ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-18 7737344]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-20 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-20 150552]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-23 6707744]
    "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2009-03-28 33136]
    "fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]
    "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
    "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-11-02 36864]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    FancyStart daemon.lnk - c:\windows\Installer\{DC905847-D537-427F-BF91-47CC7ACCDE58}\_DF3A81D17C478A2A6C60A5.exe [2009-3-28 12862]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 17:14 451872 —-a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 17:24]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 23:16]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-22 23:16]
    .
    2012-05-25 c:\windows\Tasks\User_Feed_Synchronization-{0756C380-CC00-478D-A667-251547C387A6}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-15 04:32]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3196716
    mStart Page = hxxp://nl.woofi.info
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki… - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
    FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\zguvbgg0.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.zwemkroniek.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
    AddRemove-uTorrentBar_NL Toolbar - c:\program files\uTorrentBar_NL\uninstall.exe
    AddRemove-WiseConvert Toolbar - c:\program files\WiseConvert\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-27 12:30
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'lsass.exe'(580)
    c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
    .
    - - - - - - - > 'Explorer.exe'(1496)
    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
    c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
    .
    Voltooingstijd: 2012-05-27 12:32:42
    ComboFix-quarantined-files.txt 2012-05-27 10:32
    ComboFix2.txt 2012-05-27 09:06
    ComboFix3.txt 2012-05-26 13:39
    .
    Pre-Run: 32.011.124.736 bytes beschikbaar
    Post-Run: 31.999.172.608 bytes beschikbaar
    .
    - - End Of File - - 27463E0C157AE1218ADB7187BCFFD514
  • Dan Adviseer ik jou [b:bdbbe3a09d]Avira Antivir2012[/b:bdbbe3a09d] - downloadlink
    Zeer goede virusherkenning en licht draaiend in Windows.
    Bij installatie wordt gevraagd om de ASK-toolbar te installeren - indien je van Avira's webrep gebruik wil maken!
    Maar dat wil je niet doen, want installeer beter daarna ook nog WOT (Web of Trust - http://www.mywot.com/ )

    Laat na installatie en updaten Avira een volledige systeemscan doen en post de inhoud van het scanlog.
  • de Avira log:


    Avira Free Antivirus
    Datum rapportbestand: zondag 27 mei 2012 13:43

    Bezig met scannen op 3750486 virusstammen en ongewenste programma's.

    Het programma wordt uitgevoerd als een onbeperkte volledig versie.
    Online services zijn beschikbaar:

    Licentiegebruiker : Avira AntiVir Personal - Free Antivirus
    Serienummer : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows-versie : (Service Pack 1) [6.0.6001]
    Opstartmodus : Normaal opgestart
    Gebruikersnaam : SYSTEEM
    Computernaam : PC_VAN_GEBRUIKE

    Versie-informatie:
    BUILD.DAT : 12.0.0.97 41961 Bytes 4-2-2012 01:06:00
    AVSCAN.EXE : 12.1.0.20 492496 Bytes 3-2-2012 13:28:13
    AVSCAN.DLL : 12.1.0.18 62416 Bytes 3-2-2012 13:28:36
    LUKE.DLL : 12.1.0.19 68304 Bytes 3-2-2012 13:28:20
    AVSCPLR.DLL : 12.3.0.14 97032 Bytes 27-5-2012 10:57:57
    AVREG.DLL : 12.3.0.17 232200 Bytes 27-5-2012 10:57:56
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 6-11-2009 17:18:34
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14-12-2010 08:07:39
    VBASE002.VDF : 7.11.19.170 14374912 Bytes 20-12-2011 13:28:30
    VBASE003.VDF : 7.11.21.238 4472832 Bytes 1-2-2012 10:57:22
    VBASE004.VDF : 7.11.26.44 4329472 Bytes 28-3-2012 10:57:26
    VBASE005.VDF : 7.11.29.136 2166272 Bytes 10-5-2012 10:57:28
    VBASE006.VDF : 7.11.29.137 2048 Bytes 10-5-2012 10:57:28
    VBASE007.VDF : 7.11.29.138 2048 Bytes 10-5-2012 10:57:28
    VBASE008.VDF : 7.11.29.139 2048 Bytes 10-5-2012 10:57:28
    VBASE009.VDF : 7.11.29.140 2048 Bytes 10-5-2012 10:57:28
    VBASE010.VDF : 7.11.29.141 2048 Bytes 10-5-2012 10:57:29
    VBASE011.VDF : 7.11.29.142 2048 Bytes 10-5-2012 10:57:29
    VBASE012.VDF : 7.11.29.143 2048 Bytes 10-5-2012 10:57:29
    VBASE013.VDF : 7.11.29.144 2048 Bytes 10-5-2012 10:57:29
    VBASE014.VDF : 7.11.30.3 198144 Bytes 14-5-2012 10:57:29
    VBASE015.VDF : 7.11.30.69 186368 Bytes 17-5-2012 10:57:30
    VBASE016.VDF : 7.11.30.143 223744 Bytes 21-5-2012 10:57:30
    VBASE017.VDF : 7.11.30.207 287744 Bytes 23-5-2012 10:57:31
    VBASE018.VDF : 7.11.30.208 2048 Bytes 23-5-2012 10:57:31
    VBASE019.VDF : 7.11.30.209 2048 Bytes 23-5-2012 10:57:31
    VBASE020.VDF : 7.11.30.210 2048 Bytes 23-5-2012 10:57:31
    VBASE021.VDF : 7.11.30.211 2048 Bytes 23-5-2012 10:57:31
    VBASE022.VDF : 7.11.30.212 2048 Bytes 23-5-2012 10:57:31
    VBASE023.VDF : 7.11.30.213 2048 Bytes 23-5-2012 10:57:31
    VBASE024.VDF : 7.11.30.214 2048 Bytes 23-5-2012 10:57:32
    VBASE025.VDF : 7.11.30.215 2048 Bytes 23-5-2012 10:57:32
    VBASE026.VDF : 7.11.30.216 2048 Bytes 23-5-2012 10:57:32
    VBASE027.VDF : 7.11.30.217 2048 Bytes 23-5-2012 10:57:32
    VBASE028.VDF : 7.11.30.218 2048 Bytes 23-5-2012 10:57:32
    VBASE029.VDF : 7.11.30.219 2048 Bytes 23-5-2012 10:57:32
    VBASE030.VDF : 7.11.30.220 2048 Bytes 23-5-2012 10:57:32
    VBASE031.VDF : 7.11.31.32 118272 Bytes 26-5-2012 10:57:33
    Programmaversie : 8.2.10.68
    AEVDF.DLL : 8.1.2.2 106868 Bytes 3-2-2012 13:28:11
    AESCRIPT.DLL : 8.1.4.19 455034 Bytes 27-5-2012 10:57:56
    AESCN.DLL : 8.1.8.2 131444 Bytes 27-5-2012 10:57:55
    AESBX.DLL : 8.2.5.5 606579 Bytes 27-5-2012 10:57:56
    AERDL.DLL : 8.1.9.15 639348 Bytes 20-1-2012 22:29:19
    AEPACK.DLL : 8.2.16.13 807287 Bytes 27-5-2012 10:57:54
    AEOFFICE.DLL : 8.1.2.28 201082 Bytes 27-5-2012 10:57:54
    AEHEUR.DLL : 8.1.4.28 4800886 Bytes 27-5-2012 10:57:53
    AEHELP.DLL : 8.1.21.0 254326 Bytes 27-5-2012 10:57:34
    AEGEN.DLL : 8.1.5.28 422260 Bytes 27-5-2012 10:57:34
    AEEXP.DLL : 8.1.0.40 82292 Bytes 27-5-2012 10:57:56
    AEEMU.DLL : 8.1.3.0 393589 Bytes 1-9-2011 20:46:01
    AECORE.DLL : 8.1.25.6 201078 Bytes 27-5-2012 10:57:33
    AEBB.DLL : 8.1.1.0 53618 Bytes 1-9-2011 20:46:01
    AVWINLL.DLL : 12.1.0.17 27344 Bytes 3-2-2012 13:28:15
    AVPREF.DLL : 12.1.0.17 51920 Bytes 3-2-2012 13:28:13
    AVREP.DLL : 12.3.0.15 179208 Bytes 27-5-2012 10:57:57
    AVARKT.DLL : 12.1.0.23 209360 Bytes 3-2-2012 13:28:11
    AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 3-2-2012 13:28:12
    SQLITE3.DLL : 3.7.0.0 398288 Bytes 3-2-2012 13:28:24
    AVSMTP.DLL : 12.1.0.17 62928 Bytes 3-2-2012 13:28:14
    NETNT.DLL : 12.1.0.17 17104 Bytes 3-2-2012 13:28:21
    RCIMAGE.DLL : 12.1.0.13 4449488 Bytes 20-1-2012 22:30:13
    RCTEXT.DLL : 12.1.1.16 98256 Bytes 3-2-2012 13:28:37

    Configuratie-instellingen voor de scan:
    Taaknaam……………………………..: Volledige systeemscan
    Configuratiebestand……………………: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logboekregistratie…………………….: standaard
    Primaire actie………………………..: interactief
    Secundaire actie………………………: negeren
    Hoofdopstartsector scannen……………..: aan
    Opstartsector scannen………………….: aan
    Opstartsectoren……………………….: C:, D:,
    Processcan……………………………: aan
    Uitgebreide processcan…………………: aan
    Register scannen………………………: aan
    Zoeken naar rootkits…………………..: aan
    Integriteitscontrole van systeembestanden..: uit
    Alle bestanden scannen…………………: Alle bestanden
    Archieven scannen……………………..: aan
    Aantal herhalingen…………………….: 20
    Slimme extensies………………………: aan
    Macroheuristiek……………………….: aan
    Bestandsheuristiek…………………….: uitgebreid

    Begin van de scan: zondag 27 mei 2012 13:43

    Hoofdopstartsectorscan wordt gestart:
    Hoofdopstartsector HD0
    [INFO] Er is geen virus gevonden!

    Start met het scannen van opstartsectoren:
    Opstartsector 'C:'
    [INFO] Er is geen virus gevonden!
    Opstartsector 'D:'
    [INFO] Er is geen virus gevonden!

    Het zoeken naar verborgen objecten wordt gestart.
    c:\adsm_pdata_0150\dragwait.exe
    c:\adsm_pdata_0150\dragwait.exe
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\adsm_pdata_0150\_avt
    c:\adsm_pdata_0150\_avt
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\adsm_pdata_0150\db\si.db
    c:\adsm_pdata_0150\db\si.db
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\adsm_pdata_0150\db\ul.db
    c:\adsm_pdata_0150\db\ul.db
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\adsm_pdata_0150\db\vl.db
    c:\adsm_pdata_0150\db\vl.db
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\adsm_pdata_0150\db\wal.db
    c:\adsm_pdata_0150\db\wal.db
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\adsm_pdata_0150\db\_avt
    c:\adsm_pdata_0150\db\_avt
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\program files\asus\asus data security manager\driver\x86\asdsm.sys
    c:\program files\asus\asus data security manager\driver\x86\asdsm.sys
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\program files\asus\asus data security manager\driver\x86\_avt
    c:\program files\asus\asus data security manager\driver\x86\_avt
    [OPMERKING] Het bestand is niet zichtbaar.
    c:\adsm_pdata_0150
    c:\adsm_pdata_0150
    [OPMERKING] De map is niet zichtbaar.
    c:\adsm_pdata_0150\db
    c:\adsm_pdata_0150\db
    [OPMERKING] De map is niet zichtbaar.
    c:\program files\asus\asus data security manager\driver\x86
    c:\program files\asus\asus data security manager\driver\x86
    [OPMERKING] De map is niet zichtbaar.

    De scan van processen die worden uitgevoerd, wordt gestart
    Scan proces 'SearchFilterHost.exe' - '55' module(s) zijn gescand
    Scan proces 'SearchProtocolHost.exe' - '52' module(s) zijn gescand
    Scan proces 'MpCmdRun.exe' - '27' module(s) zijn gescand
    Scan proces 'vssvc.exe' - '49' module(s) zijn gescand
    Scan proces 'avscan.exe' - '79' module(s) zijn gescand
    Scan proces 'avscan.exe' - '27' module(s) zijn gescand
    Scan proces 'avcenter.exe' - '66' module(s) zijn gescand
    Scan proces 'hpqgpc01.exe' - '30' module(s) zijn gescand
    Scan proces 'hpqbam08.exe' - '28' module(s) zijn gescand
    Scan proces 'hpqSTE08.exe' - '60' module(s) zijn gescand
    Scan proces 'wuauclt.exe' - '34' module(s) zijn gescand
    Scan proces 'BrMfcmon.exe' - '28' module(s) zijn gescand
    Scan proces 'wmpnetwk.exe' - '74' module(s) zijn gescand
    Scan proces 'brccMCtl.exe' - '79' module(s) zijn gescand
    Scan proces 'wmpnscfg.exe' - '29' module(s) zijn gescand
    Scan proces 'igfxsrvc.exe' - '28' module(s) zijn gescand
    Scan proces 'hpqtra08.exe' - '77' module(s) zijn gescand
    Scan proces 'avgnt.exe' - '56' module(s) zijn gescand
    Scan proces 'hppusg.exe' - '76' module(s) zijn gescand
    Scan proces 'jusched.exe' - '29' module(s) zijn gescand
    Scan proces 'iTunesHelper.exe' - '76' module(s) zijn gescand
    Scan proces 'SynTPEnh.exe' - '29' module(s) zijn gescand
    Scan proces 'hpwuSchd2.exe' - '16' module(s) zijn gescand
    Scan proces 'winampa.exe' - '18' module(s) zijn gescand
    Scan proces 'BrMfcWnd.exe' - '42' module(s) zijn gescand
    Scan proces 'pptd40nt.exe' - '26' module(s) zijn gescand
    Scan proces 'Monitor.exe' - '22' module(s) zijn gescand
    Scan proces 'ASScrPro.exe' - '30' module(s) zijn gescand
    Scan proces 'RtHDVCpl.exe' - '50' module(s) zijn gescand
    Scan proces 'igfxpers.exe' - '24' module(s) zijn gescand
    Scan proces 'hkcmd.exe' - '23' module(s) zijn gescand
    Scan proces 'igfxtray.exe' - '24' module(s) zijn gescand
    Scan proces 'ATKOSD2.exe' - '23' module(s) zijn gescand
    Scan proces 'ADSMTray.exe' - '19' module(s) zijn gescand
    Scan proces 'HControlUser.exe' - '17' module(s) zijn gescand
    Scan proces 'GoogleDesktop.exe' - '81' module(s) zijn gescand
    Scan proces 'CLMLSvc.exe' - '45' module(s) zijn gescand
    Scan proces 'WDC.exe' - '27' module(s) zijn gescand
    Scan proces 'KBFiltr.exe' - '13' module(s) zijn gescand
    Scan proces 'ATKOSD.exe' - '13' module(s) zijn gescand
    Scan proces 'ALU.exe' - '42' module(s) zijn gescand
    Scan proces 'BatteryLife.exe' - '32' module(s) zijn gescand
    Scan proces 'ACEngSvr.exe' - '32' module(s) zijn gescand
    Scan proces 'sensorsrv.exe' - '22' module(s) zijn gescand
    Scan proces 'Explorer.EXE' - '133' module(s) zijn gescand
    Scan proces 'taskeng.exe' - '25' module(s) zijn gescand
    Scan proces 'Dwm.exe' - '38' module(s) zijn gescand
    Scan proces 'taskeng.exe' - '84' module(s) zijn gescand
    Scan proces 'wcourier.exe' - '22' module(s) zijn gescand
    Scan proces 'ACMON.exe' - '37' module(s) zijn gescand
    Scan proces 'HControl.exe' - '59' module(s) zijn gescand
    Scan proces 'MsgTranAgt.exe' - '13' module(s) zijn gescand
    Scan proces 'smartlogon.exe' - '31' module(s) zijn gescand
    Scan proces 'svchost.exe' - '47' module(s) zijn gescand
    Scan proces 'svchost.exe' - '36' module(s) zijn gescand
    Scan proces 'iPodService.exe' - '30' module(s) zijn gescand
    Scan proces 'avshadow.exe' - '33' module(s) zijn gescand
    Scan proces 'avguard.exe' - '83' module(s) zijn gescand
    Scan proces 'SearchIndexer.exe' - '66' module(s) zijn gescand
    Scan proces 'svchost.exe' - '27' module(s) zijn gescand
    Scan proces 'svchost.exe' - '46' module(s) zijn gescand
    Scan proces 'spmgr.exe' - '38' module(s) zijn gescand
    Scan proces 'svchost.exe' - '42' module(s) zijn gescand
    Scan proces 'svchost.exe' - '30' module(s) zijn gescand
    Scan proces 'svchost.exe' - '22' module(s) zijn gescand
    Scan proces 'LSSrvc.exe' - '23' module(s) zijn gescand
    Scan proces 'svchost.exe' - '41' module(s) zijn gescand
    Scan proces 'FsUsbExService.Exe' - '23' module(s) zijn gescand
    Scan proces 'mDNSResponder.exe' - '28' module(s) zijn gescand
    Scan proces 'SeaPort.EXE' - '55' module(s) zijn gescand
    Scan proces 'AppleMobileDeviceService.exe' - '49' module(s) zijn gescand
    Scan proces 'armsvc.exe' - '24' module(s) zijn gescand
    Scan proces 'svchost.exe' - '57' module(s) zijn gescand
    Scan proces 'sched.exe' - '52' module(s) zijn gescand
    Scan proces 'taskeng.exe' - '49' module(s) zijn gescand
    Scan proces 'spoolsv.exe' - '94' module(s) zijn gescand
    Scan proces 'WLANExt.exe' - '45' module(s) zijn gescand
    Scan proces 'GFNEXSrv.exe' - '12' module(s) zijn gescand
    Scan proces 'ASLDRSrv.exe' - '25' module(s) zijn gescand
    Scan proces 'ADSMSrv.exe' - '18' module(s) zijn gescand
    Scan proces 'svchost.exe' - '92' module(s) zijn gescand
    Scan proces 'svchost.exe' - '87' module(s) zijn gescand
    Scan proces 'SLsvc.exe' - '23' module(s) zijn gescand
    Scan proces 'svchost.exe' - '37' module(s) zijn gescand
    Scan proces 'svchost.exe' - '154' module(s) zijn gescand
    Scan proces 'svchost.exe' - '104' module(s) zijn gescand
    Scan proces 'svchost.exe' - '64' module(s) zijn gescand
    Scan proces 'winlogon.exe' - '30' module(s) zijn gescand
    Scan proces 'csrss.exe' - '14' module(s) zijn gescand
    Scan proces 'svchost.exe' - '39' module(s) zijn gescand
    Scan proces 'svchost.exe' - '45' module(s) zijn gescand
    Scan proces 'lsm.exe' - '22' module(s) zijn gescand
    Scan proces 'lsass.exe' - '65' module(s) zijn gescand
    Scan proces 'services.exe' - '35' module(s) zijn gescand
    Scan proces 'wininit.exe' - '26' module(s) zijn gescand
    Scan proces 'csrss.exe' - '14' module(s) zijn gescand
    Scan proces 'smss.exe' - '2' module(s) zijn gescand

    Beginnen met het scannen van uitvoerbare bestanden (register).
    Het register is gescand ('5142' bestanden).


    De bestandsscan wordt gestart:

    Begin scan in 'C:' <VistaOS>
    C:\Users\Gebruiker\Downloads\phdl_1_7_eur.exe
    [DETECTIE] Bevat viruspatronen van adware ADWARE/Rabio.acn
    Begin scan in 'D:' <DATA>
    D:
    ieuw\outdoor living stuff\Fairlight\flt-s3ol.exe
    [DETECTIE] Is het trojaanse paard TR/Crypt.PEPM.Gen

    Er wordt begonnen met desinfecteren:
    D:
    ieuw\outdoor living stuff\Fairlight\flt-s3ol.exe
    [DETECTIE] Is het trojaanse paard TR/Crypt.PEPM.Gen
    [OPMERKING] Het bestand verplaatst naar de quarantainemap onder de naam '5534e00d.qua'.
    C:\Users\Gebruiker\Downloads\phdl_1_7_eur.exe
    [DETECTIE] Bevat viruspatronen van adware ADWARE/Rabio.acn
    [OPMERKING] Het bestand verplaatst naar de quarantainemap onder de naam '4db3cfae.qua'.


    Einde van de scan: zondag 27 mei 2012 17:46
    Gebruikte tijd: 2:55:56 Uur/uren

    De scan is volledig uitgevoerd.

    33370 Gescande mappen
    596998 Bestanden zijn gescand
    2 Er zijn virussen en ongewenste programma's gevonden
    0 Er zijn bestanden als verdacht aangemerkt
    0 Bestanden zijn verwijderd
    0 Virussen en ongewenste programma's zijn gerepareerd
    2 Bestanden zijn in quarantaine geplaatst
    0 Bestanden zijn hernoemd
    0 Bestanden kunnen niet worden gescand
    596996 Bestanden niet betrokken
    5360 Archieven zijn gescand
    0 Waarschuwingen
    14 Opmerkingen
    691643 Objecten zijn gescand met de rootkitscan
    12 Er zijn verborgen objecten gevonden

  • Welnu, hoe doet jouw Windows het inmiddels?
  • Op het bureaublad staan gewoon de iconen, zonder verborgen te zijn.
    Alleen de taakbalk, die naast het start-menu, is nog weg.
    En de laatst gebruikten in het startmenu is ook nog leeg.
  • Hmm, had dat over het startmenu eerder gezegd.

    Maar proberen kunnen we het nog.

    Download [b:6b045c7cee] naar het bureaublad, als u een melding krijgt dat het bestand mogelijk onveilig is kunt u dit negeren.
    [list:6b045c7cee]
    [*:6b045c7cee] Dubbelklik op "[b:6b045c7cee]Unhide.exe[/b:6b045c7cee]" om de tool te starten.
    [*:6b045c7cee] [b:6b045c7cee]
  • Ik krijg niet precies deze melding. Maar wel een melding waarin staat: Your files should now be visible. If you are still missing start-menu items, please temporarily disable your anti virus or security programs, and try again. In the events that they interfered with the restoral process. Once completed it is adviced that you reboot your computer for all the settings to function properly.

    A log file containing information about what actions Unhide performed can be found on your Windows Desktop.
  • Dan Avira maar even deaktiveren!
    Rechtsklik op het parapluutje in de systray en het vinkje weghalen bij de bovenste melding in het uitklapmenu.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.