Ga naar inhoud

bud

Lid
  • Items

    14
  • Registratiedatum

  • Laatst bezocht

bud's prestaties

  1. bud

    rsit log

    SlimCleaner 4.0.30878.55015 Hijack Log 03/01/2014 03:26:04 PM Microsoft Windows XP Professional Service Pack 3 5.01 build 2600 Service Pack 3 Gebruiker In groups: LOKAAL Administrators Iedereen Gebruikers Geen INTERACTIEF Geverifieerde gebruikers Running Processes: \SystemRoot\System32\smss.exe \??\C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\WinZipper\winzipersvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\monitor.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SlimCleaner\SlimCleaner.exe Start Page Software\Microsoft\Internet Explorer\Main Google BHO Groove GFS Browser Helper C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll Toolbar Locked Startup: Registry ctfmon.exe C:\WINDOWS\system32\ctfmon.exe Startup: Registry BrowserChoice C:\WINDOWS\system32\browserchoice.exe Startup: Registry SkyTel C:\WINDOWS\SkyTel.EXE Startup: Registry IgfxTray C:\WINDOWS\system32\igfxtray.exe Startup: Registry HotKeysCmds C:\WINDOWS\system32\hkcmd.exe Startup: Registry Persistence C:\WINDOWS\system32\igfxpers.exe Startup: Registry MSC c:\Program Files\Microsoft Security Client\msseces.exe Startup: Registry Adobe ARM C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Startup: Registry HP Software Update C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Startup: Registry RTHDCPL C:\WINDOWS\RTHDCPL.EXE Startup: Registry Alcmtr C:\WINDOWS\ALCMTR.EXE Startup: Registry GrooveMonitor C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe Startup: Registry StartupPrograms C:\WINDOWS\system32\rdpclip.exe Startup: Registry BootExecute C:\WINDOWS\system32\autochk.exe Startup: FileSystem HP Digital Imaging Monitor.lnk C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk Startup: FileSystem OneNote 2007 Schermopname en Snel starten.lnk C:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten\OneNote 2007 Schermopname en Snel starten.lnk Extra Button Verzenden naar OneNote Extra 'Tools' menu-item Verz&enden naar OneNote Extra Button Research Extra 'Tools' menu-item @xpsp3res.dll,-20001 %windir%\Network Diagnostic\xpnetdiag.exe Extra Button Messenger C:\Program Files\Messenger\msmsgs.exe Extra 'Tools' menu-item Windows Messenger C:\Program Files\Messenger\msmsgs.exe Unknown file in WinSock LSP Tcpip Microsoft Corporation Unknown file in WinSock LSP NTDS Microsoft Corporation Unknown file in WinSock LSP Naamruimte voor Network Location Awareness (NLA) Microsoft Corporation Downloaded ActiveX Object WUWebControl Class http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362578095687 Downloaded ActiveX Object MUWebControl Class http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1365597776265 Downloaded ActiveX Object Microsoft Download Manager ActiveX control http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab Downloaded ActiveX Object Shockwave Flash Object http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab Protocol ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll Protocol http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll Protocol https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - c:\windows\system32\urlmon.dll WinLogon Notify crypt32chain Microsoft Corporation WinLogon Notify cryptnet Microsoft Corporation WinLogon Notify cscdll Microsoft Corporation WinLogon Notify dimsntfy Microsoft Corporation WinLogon Notify igfxcui Intel Corporation WinLogon Notify ScCertProp Microsoft Corporation WinLogon Notify Schedule Microsoft Corporation WinLogon Notify sclgntfy Microsoft Corporation WinLogon Notify SensLogn Microsoft Corporation WinLogon Notify termsrv Microsoft Corporation WinLogon Notify WgaLogon Microsoft Corporation WinLogon Notify wlballoon Microsoft Corporation Shell Service AutoRun Object PostBootReminder c:\windows\system32\shell32.dll Shell Service AutoRun Object CDBurn c:\windows\system32\shell32.dll Shell Service AutoRun Object WebCheck c:\windows\system32\webcheck.dll Shell Service AutoRun Object SysTray c:\windows\system32\stobject.dll Shell Service AutoRun Object CopierMircosoft Shell Service AutoRun Object WPDShServiceObj c:\windows\system32\wpdshserviceobj.dll SharedTaskScheduler {438755C2-A8BA-11D1-B96B-00A0C90312E1} c:\windows\system32\browseui.dll SharedTaskScheduler {8C7461EF-2B13-11d2-BE35-3078302C2030} c:\windows\system32\browseui.dll Service Windows Audio (AudioSrv) - Microsoft Corporation c:\windows\system32\svchost.exe Service Intelligente achtergrondsoverdrachtservice (BITS) - Microsoft Corporation c:\windows\system32\svchost.exe Service Computer Browser (Browser) - Microsoft Corporation c:\windows\system32\svchost.exe Service Microsoft .NET Framework NGEN v4.0.30319_X86 (clr_optimization_v4.0.30319_32) - Microsoft Corporation c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe Service Services voor cryptografie (CryptSvc) - Microsoft Corporation c:\windows\system32\svchost.exe Service DCOM Server Process Launcher (DcomLaunch) - Microsoft Corporation c:\windows\system32\svchost.exe Service DHCP Client (Dhcp) - Microsoft Corporation c:\windows\system32\svchost.exe Service Logical Disk Manager (dmserver) - Microsoft Corporation c:\windows\system32\svchost.exe Service DNS Client (Dnscache) - Microsoft Corporation c:\windows\system32\svchost.exe Service Service voor het rapporteren van fouten (ERSvc) - Microsoft Corporation c:\windows\system32\svchost.exe Service Event Log (Eventlog) - Microsoft Corporation c:\windows\system32\services.exe Service Help en ondersteuning (helpsvc) - Microsoft Corporation c:\windows\system32\svchost.exe Service HP CUE DeviceDiscovery-service (hpqddsvc) - Microsoft Corporation c:\windows\system32\svchost.exe Service Server (lanmanserver) - Microsoft Corporation c:\windows\system32\svchost.exe Service Workstation (lanmanworkstation) - Microsoft Corporation c:\windows\system32\svchost.exe Service TCP/IP NetBIOS Helper (LmHosts) - Microsoft Corporation c:\windows\system32\svchost.exe Service Microsoft Antimalware Service (MsMpSvc) - Microsoft Corporation c:\program files\microsoft security client\msmpeng.exe Service NA (Net Driver HPZ12) - Microsoft Corporation c:\windows\system32\svchost.exe Service Plug and Play (PlugPlay) - Microsoft Corporation c:\windows\system32\services.exe Service NA (Pml Driver HPZ12) - Microsoft Corporation c:\windows\system32\svchost.exe Service IPSEC-services (PolicyAgent) - Microsoft Corporation c:\windows\system32\lsass.exe Service Protected Storage (ProtectedStorage) - Microsoft Corporation c:\windows\system32\lsass.exe Service Protect Monitor (ProtectMonitor) - Unknown owner c:\monitorsvc.exe Service Remote Registry (RemoteRegistry) - Microsoft Corporation c:\windows\system32\svchost.exe Service Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation c:\windows\system32\svchost.exe Service Security Accounts Manager (SamSs) - Microsoft Corporation c:\windows\system32\lsass.exe Service Task Scheduler (Schedule) - Microsoft Corporation c:\windows\system32\svchost.exe Service Secondary Logon (seclogon) - Microsoft Corporation c:\windows\system32\svchost.exe Service System Event Notification (SENS) - Microsoft Corporation c:\windows\system32\svchost.exe Service Windows Firewall (WF) / Internet-verbinding delen (ICS) (SharedAccess) - Microsoft Corporation c:\windows\system32\svchost.exe Service Shell Hardware Detection (ShellHWDetection) - Microsoft Corporation c:\windows\system32\svchost.exe Service Print Spooler (Spooler) - Microsoft Corporation c:\windows\system32\spoolsv.exe Service System Restore-service (srservice) - Microsoft Corporation c:\windows\system32\svchost.exe Service Windows Image Acquisition (WIA) (stisvc) - Microsoft Corporation c:\windows\system32\svchost.exe Service TeamViewer 8 (TeamViewer8) - TeamViewer GmbH c:\program files\teamviewer\version8\teamviewer_service.exe Service Thema's (Themes) - Microsoft Corporation c:\windows\system32\svchost.exe Service Distributed Link Tracking Client (TrkWks) - Microsoft Corporation c:\windows\system32\svchost.exe Service Windows Time (W32Time) - Microsoft Corporation c:\windows\system32\svchost.exe Service WebClient (WebClient) - Microsoft Corporation c:\windows\system32\svchost.exe Service Windows Management Instrumentation (winmgmt) - Microsoft Corporation c:\windows\system32\svchost.exe Service WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited. c:\program files\winzipper\winzipersvc.exe Service Security Center (wscsvc) - Microsoft Corporation c:\windows\system32\svchost.exe Service Automatic Updates (wuauserv) - Microsoft Corporation c:\windows\system32\svchost.exe Service Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Microsoft Corporation c:\windows\system32\svchost.exe Service Wireless Zero Configuration-service (WZCSVC) - Microsoft Corporation c:\windows\system32\svchost.exe Context Menu Handlers SlimShellExt Slimware Utilities, Inc. Context Menu Handlers WinZipper 337 Technology Limited. Context Menu Handlers {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Context Menu Handlers SlimShellExt Slimware Utilities, Inc. Directory Context Menu Handlers SlimShellExt Slimware Utilities, Inc. Directory Context Menu Handlers WinZipper 337 Technology Limited. Folder Context Menu Handlers WinZipper 337 Technology Limited. Background Context Menu Handlers igfxcui Intel Corporation Shell Extensions Approved Eigenschappenvenster van multimediabestand Shell Extensions Approved Configuratiescherm-uitbreiding Beeldscherm-panning Shell Extensions Approved Shell-uitbreidingen voor bestandscompressie Shell Extensions Approved Snelmenu Codering Shell Extensions Approved HyperTerminal-pictogramuitbreiding Hilgraeve, Inc. Shell Extensions Approved Taakbalk en menu Start Shell Extensions Approved &Adres Shell Extensions Approved Lijst voor AutoAanvullen: Microsoft Geschiedenis Shell Extensions Approved Lijst voor AutoAanvullen: Microsoft Shell-map Shell Extensions Approved Microsoft-container met meervoudige lijst voor AutoAanvullen Shell Extensions Approved Autoplay for SlideShow Shell Extensions Approved Gebruikersaccounts Shell Extensions Approved Microsoft Office Outlook Custom Icon Handler Shell Extensions Approved Microsoft Office Outlook Desktop Icon Handler Shell Extensions Approved WinZipper Shell Extension 337 Technology Limited. Driver Stuurprogramma voor Schijfbeheer c:\windows\system32\drivers\dmio.sys Driver dmload c:\windows\system32\drivers\dmload.sys Driver hmqrokmk c:\windows\system32\drivers\hmqrokmk.sys (file missing) Driver iSafeNetFilter c:\program files\isafe\isafenetfilter.sys (file missing) Codec msacm.trspch DSP GROUP, INC. Codec vidc.cvid Radius Inc. Codec vidc.iv31 <Not available> Codec vidc.iv32 <Not available> Codec vidc.iv41 Intel Corporation Codec msacm.sl_anet Sipro Lab Telecom Inc. Codec msacm.iac2 Intel Corporation Codec vidc.iv50 Intel Corporation Codec msacm.l3acm Fraunhofer Institut Integrierte Schaltungen IIS Codec VIDC.FFDS Unknown owner Codec WMT MuxDeMux Filter Codec ffdshow Video Decoder Codec ffdshow DXVA Video Decoder <Not available> Codec ffdshow raw video filter <Not available> Codec ffdshow Audio Decoder <Not available> Codec Indeo® video 5.10 Compression Filter Intel Corporation Codec AC3 Parser Filter <Not available> Codec StreamBufferSink <Not available> Codec Indeo® video 5.10 Decompression Filter Intel Corporation Codec MPEG Layer-3 Decoder Fraunhofer Institut Integrierte Schaltungen IIS Codec MPC - MPEG-2 Video Decoder (Gabest) MPC-HC Team Codec MPEG-2 Splitter <Not available> Codec ACELP.net Sipro Lab Audio Decoder Sipro Lab Telecom Inc. Codec MPC - FLV Splitter (Gabest) MPC-HC Team Codec WavPack Audio Decoder - Codec Haali Media Splitter <Not available> Codec Haali Media Splitter (AR) <Not available> Codec HP VTK MPEG-1 Encoder Hewlett-Packard Co. Codec MPEG-2 Video Stream Analyzer <Not available> Codec Haali Video Renderer Unknown owner Codec HP VTK Rotate Filter Hewlett-Packard Co. Codec Haali Simple Media Splitter <Not available> Codec DirectVobSub MPC-HC Team Codec DirectVobSub (auto-loading version) MPC-HC Team Codec Haali Matroska Muxer <Not available> Codec MPEG-2 Demultiplexer <Not available> Codec Indeo® audio software Intel Corporation Codec ffdshow Audio Processor <Not available> Codec WIA Stream Snapshot Filter <Not available> Codec HP VTK Frame Grabber Filter Hewlett-Packard Co. Codec MPEG-2 Sections and Tables <Not available> Codec MPC - FLV Source (Gabest) MPC-HC Team Codec StreamBufferSource <Not available> Codec WavPack Audio Splitter - Codec HP VTK Resize Filter Hewlett-Packard Co. Codec ffdshow subtitles filter <Not available> Codec Haali Video Sink <Not available> Network Provider RDPNP Microsoft Corporation Network Provider LanmanWorkstation Microsoft Corporation Network Provider WebClient Microsoft Corporation Print Monitor LIDIL hpzll5ha Hewlett-Packard Company Print Monitor LIDIL hpzll64X Hewlett-Packard Company
  2. bud

    rsit log

    hierbij mijn rst log Logfile of random's system information tool 1.09 (written by random/random) Run by Bud at 2014-02-27 22:35:51 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 177 GB (75%) free of 236 GB Total RAM: 4076 MB (70% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:35:53, on 27-2-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16518) Boot mode: Normal Running processes: C:\Program Files (x86)\Re-markit\Re-markit_wd.exe C:\Program Files (x86)\fst_nl_22\fst_nl_22.exe C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Users\Bud\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE C:\Program Files\trend micro\Bud.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=NL&userid=5ea2c8de-a25e-e5da-f758-0a61283bd009&searchtype=ds&q={searchTerms}&installDate=08/02/2014 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=NL&userid=5ea2c8de-a25e-e5da-f758-0a61283bd009&searchtype=ds&q={searchTerms}&installDate=08/02/2014 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Mysearchdial Search= R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=NL&userid=5ea2c8de-a25e-e5da-f758-0a61283bd009&searchtype=ds&q={searchTerms}&installDate=08/02/2014 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=NL&userid=5ea2c8de-a25e-e5da-f758-0a61283bd009&searchtype=ds&q={searchTerms}&installDate=08/02/2014 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Samsung BHO Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files (x86)\BrowseSmart\BrowseSmartBHO.dll O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [fst_nl_22] "C:\Program Files (x86)\fst_nl_22\fst_nl_22.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Bud\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Re-markit - Unknown owner - C:\Program Files (x86)\Re-markit\Re-markit153.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Update BrowseSmart - Unknown owner - C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe O23 - Service: Util BrowseSmart - Unknown owner - C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12504 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\lsm.exe winlogon.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS "C:\Program Files\Microsoft Security Client\MsMpEng.exe" C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup "C:\Program Files\HitmanPro\hmpsched.exe" C:\windows\system32\svchost.exe -k NetworkService "C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe" C:\windows\system32\nvvsvc.exe -session -first C:\windows\system32\WLANExt.exe 24034656 \??\C:\windows\system32\conhost.exe "1888558410-16614543802067675957-1164830509-12168546761017750576-16460801431874448595 C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "taskhost.exe" taskeng.exe {26232D99-1B0B-4444-9278-020EAF0E42AB} "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" "C:\Program Files (x86)\Re-markit\Re-markit_wd.exe" "C:\windows\system32\Dwm.exe" "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" C:\windows\Explorer.EXE "C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe" "C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" "C:\Program Files (x86)\fst_nl_22\fst_nl_22.exe" "C:\Program Files\Microsoft Security Client\NisSrv.exe" C:\windows\system32\svchost.exe -k bthsvcs "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" WLIDSvcM.exe 1520 "C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe" hide "C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe" taskeng.exe {4238C91F-C54F-419F-BB75-BE0CFCC1274F} "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" "C:\Program Files\SRS Labs\SRS Control Panel\srspanel_64.exe" /h C:\windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe" "C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe" C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" C:\windows\system32\svchost.exe -k imgsvc "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe" "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" "C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe" "C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe" "C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe" "C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe" C:\windows\system32\svchost.exe -k SDRSVC C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Internet Explorer\IELowutil.exe" -embedding taskeng.exe {D477E217-42B8-4D7D-8E95-B5F897DFA33C} C:\windows\SYSTEM32\cmd.exe /c "C:\Windows\Setup\Office.bat" \??\C:\windows\system32\conhost.exe "-20617161051360026027-1880104754789987815-2063277715-2077132921-783908003707279616 "C:\windows\system32\wuauclt.exe" C:\windows\system32\Macromed\Flash\FlashUtil64_12_0_0_70_ActiveX.exe -Embedding C:\Users\Bud\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE /Check "C:\Users\Bud\Desktop\RSITx64.exe" ======Scheduled tasks folder====== C:\windows\tasks\Adobe Flash Player Updater.job C:\windows\tasks\AmiUpdXp.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000Core.job C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3745490635-2143929647-3478600528-1000UA.job C:\windows\tasks\MySearchDial.job C:\windows\tasks\Re-markit Update.job C:\windows\tasks\Re-markit_wd.job C:\windows\tasks\UpdaterEX.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 4171464] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA609D72-8482-4076-8991-8CDAE5B93BCB}] Samsung BHO Class - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25 1973760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffbb88a9-c663-4b9b-9170-70fa0a5a2786}] BrowseSmart - C:\Program Files (x86)\BrowseSmart\BrowseSmartBHO.dll [2014-01-26 249632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {ae07101b-46d4-4a98-af68-0333ea26e113} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-27 11780712] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-04 2679592] "BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 112512] "MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2013-10-23 1266912] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=C:\Users\Bud\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12 138096] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-09-13 59720] "fst_nl_22"=C:\Program Files (x86)\fst_nl_22\fst_nl_22.exe [2014-01-31 3995632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-06-12 6721936] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-03-08 4171464] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableTaskMgr"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave6"=wdmaud.drv "midi6"=wdmaud.drv "mixer6"=wdmaud.drv "wave5"=wdmaud.drv "midi5"=wdmaud.drv "mixer5"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2014-02-27 22:24:33 ----D---- C:\Program Files\trend micro 2014-02-27 22:24:32 ----D---- C:\rsit 2014-02-25 21:21:13 ----D---- C:\sh4ldr 2014-02-25 20:54:11 ----D---- C:\Program Files\HitmanPro 2014-02-25 20:19:11 ----A---- C:\windows\ntbtlog.txt 2014-02-25 19:53:59 ----D---- C:\Program Files (x86)\Microsoft Security Client 2014-02-25 19:53:54 ----D---- C:\Program Files\Microsoft Security Client 2014-02-25 19:25:50 ----D---- C:\Users\Bud\AppData\Roaming\mysearchdial 2014-02-25 18:56:58 ----D---- C:\Program Files (x86)\MediaViewerV1 2014-02-17 16:57:02 ----A---- C:\windows\SYSWOW64\vbscript.dll 2014-02-17 16:57:02 ----A---- C:\windows\system32\vbscript.dll 2014-02-17 16:55:42 ----A---- C:\windows\SYSWOW64\msrating.dll 2014-02-17 16:55:42 ----A---- C:\windows\system32\msrating.dll 2014-02-17 16:55:41 ----A---- C:\windows\SYSWOW64\ieui.dll 2014-02-17 16:55:41 ----A---- C:\windows\system32\ieui.dll 2014-02-17 16:55:39 ----A---- C:\windows\system32\iernonce.dll 2014-02-17 16:55:39 ----A---- C:\windows\system32\ieetwcollectorres.dll 2014-02-17 16:55:39 ----A---- C:\windows\system32\ie4uinit.exe 2014-02-17 16:55:38 ----A---- C:\windows\SYSWOW64\msfeeds.dll 2014-02-17 16:55:38 ----A---- C:\windows\SYSWOW64\jsproxy.dll 2014-02-17 16:55:38 ----A---- C:\windows\system32\msfeeds.dll 2014-02-17 16:55:38 ----A---- C:\windows\system32\jsproxy.dll 2014-02-17 16:55:37 ----A---- C:\windows\SYSWOW64\ieUnatt.exe 2014-02-17 16:55:37 ----A---- C:\windows\SYSWOW64\iesetup.dll 2014-02-17 16:55:37 ----A---- C:\windows\SYSWOW64\iernonce.dll 2014-02-17 16:55:37 ----A---- C:\windows\system32\ieUnatt.exe 2014-02-17 16:55:37 ----A---- C:\windows\system32\iesetup.dll 2014-02-17 16:55:36 ----A---- C:\windows\SYSWOW64\ieetwproxystub.dll 2014-02-17 16:55:36 ----A---- C:\windows\system32\ieetwproxystub.dll 2014-02-17 16:55:36 ----A---- C:\windows\system32\ieetwcollector.exe 2014-02-17 16:55:35 ----A---- C:\windows\SYSWOW64\jscript9diag.dll 2014-02-17 16:55:35 ----A---- C:\windows\system32\mshtml.dll 2014-02-17 16:55:34 ----A---- C:\windows\SYSWOW64\ieapfltr.dll 2014-02-17 16:55:34 ----A---- C:\windows\system32\jscript9diag.dll 2014-02-17 16:55:34 ----A---- C:\windows\system32\ieapfltr.dll 2014-02-17 16:55:33 ----A---- C:\windows\SYSWOW64\iertutil.dll 2014-02-17 16:55:32 ----A---- C:\windows\SYSWOW64\wininet.dll 2014-02-17 16:55:32 ----A---- C:\windows\system32\iertutil.dll 2014-02-17 16:55:31 ----A---- C:\windows\SYSWOW64\urlmon.dll 2014-02-17 16:55:31 ----A---- C:\windows\system32\wininet.dll 2014-02-17 16:55:31 ----A---- C:\windows\system32\urlmon.dll 2014-02-17 16:55:29 ----A---- C:\windows\system32\ieframe.dll 2014-02-17 16:55:28 ----A---- C:\windows\SYSWOW64\ieframe.dll 2014-02-17 16:55:26 ----A---- C:\windows\SYSWOW64\mshtml.dll 2014-02-17 16:55:25 ----A---- C:\windows\SYSWOW64\jscript9.dll 2014-02-17 16:55:24 ----A---- C:\windows\system32\jscript9.dll 2014-02-16 14:23:25 ----A---- C:\windows\SYSWOW64\msxml3r.dll 2014-02-16 14:23:25 ----A---- C:\windows\SYSWOW64\msxml3.dll 2014-02-16 14:23:25 ----A---- C:\windows\system32\msxml3r.dll 2014-02-16 14:23:25 ----A---- C:\windows\system32\msxml3.dll 2014-02-16 14:23:14 ----A---- C:\windows\SYSWOW64\RMActivate_ssp_isv.exe 2014-02-16 14:23:14 ----A---- C:\windows\SYSWOW64\RMActivate_isv.exe 2014-02-16 14:23:14 ----A---- C:\windows\SYSWOW64\RMActivate.exe 2014-02-16 14:23:14 ----A---- C:\windows\system32\RMActivate_isv.exe 2014-02-16 14:23:14 ----A---- C:\windows\system32\RMActivate.exe 2014-02-16 14:23:13 ----A---- C:\windows\SYSWOW64\secproc_ssp_isv.dll 2014-02-16 14:23:13 ----A---- C:\windows\SYSWOW64\secproc_ssp.dll 2014-02-16 14:23:13 ----A---- C:\windows\SYSWOW64\secproc_isv.dll 2014-02-16 14:23:13 ----A---- C:\windows\SYSWOW64\secproc.dll 2014-02-16 14:23:13 ----A---- C:\windows\SYSWOW64\RMActivate_ssp.exe 2014-02-16 14:23:13 ----A---- C:\windows\SYSWOW64\msdrm.dll 2014-02-16 14:23:13 ----A---- C:\windows\system32\secproc_ssp_isv.dll 2014-02-16 14:23:13 ----A---- C:\windows\system32\secproc_ssp.dll 2014-02-16 14:23:13 ----A---- C:\windows\system32\secproc_isv.dll 2014-02-16 14:23:13 ----A---- C:\windows\system32\secproc.dll 2014-02-16 14:23:13 ----A---- C:\windows\system32\RMActivate_ssp_isv.exe 2014-02-16 14:23:13 ----A---- C:\windows\system32\RMActivate_ssp.exe 2014-02-16 14:23:13 ----A---- C:\windows\system32\msdrm.dll 2014-02-16 14:23:08 ----A---- C:\windows\SYSWOW64\d3d10warp.dll 2014-02-16 14:23:08 ----A---- C:\windows\system32\d3d10warp.dll 2014-02-16 14:23:07 ----A---- C:\windows\SYSWOW64\d2d1.dll 2014-02-16 14:23:07 ----A---- C:\windows\system32\d2d1.dll 2014-02-09 23:21:16 ----A---- C:\windows\system32\FNTCACHE.DAT 2014-02-09 23:20:25 ----N---- C:\bootsqm.dat 2014-02-09 20:11:55 ----D---- C:\Users\Bud\AppData\Roaming\AVG 2014-02-09 20:11:09 ----D---- C:\ProgramData\AVG 2014-02-09 20:11:00 ----SHD---- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} 2014-02-09 19:58:54 ----D---- C:\Users\Bud\AppData\Roaming\TuneUp Software 2014-02-08 17:32:01 ----D---- C:\Users\Bud\AppData\Roaming\newnext.me 2014-02-08 17:30:18 ----D---- C:\Program Files (x86)\fst_nl_22 2014-02-08 17:30:00 ----D---- C:\Program Files (x86)\Re-markit 2014-02-08 16:59:08 ----D---- C:\ProgramData\HitmanPro 2014-01-31 16:57:45 ----A---- C:\autoexec.bat 2014-01-31 16:57:14 ----A---- C:\windows\system32\drivers\EsgScanner.sys 2014-01-31 16:57:05 ----D---- C:\Program Files\Enigma Software Group 2014-01-31 16:55:54 ----D---- C:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP ======List of files/folders modified in the last 1 month====== 2014-02-27 22:31:12 ----D---- C:\windows\system32\config 2014-02-27 22:29:43 ----D---- C:\windows\Temp 2014-02-27 22:24:33 ----RD---- C:\Program Files 2014-02-27 22:20:26 ----D---- C:\windows\system32\drivers 2014-02-27 22:12:29 ----D---- C:\Users\Bud\AppData\Roaming\Belastingdienst 2014-02-27 22:12:00 ----A---- C:\windows\SYSWOW64\log.txt 2014-02-27 22:07:43 ----D---- C:\windows\system32\NDF 2014-02-25 22:30:18 ----D---- C:\windows\inf 2014-02-25 21:35:58 ----SHD---- C:\System Volume Information 2014-02-25 21:21:22 ----SHD---- C:\windows\Installer 2014-02-25 21:21:20 ----D---- C:\windows\system32\Tasks 2014-02-25 21:21:16 ----SD---- C:\Users\Bud\AppData\Roaming\Microsoft 2014-02-25 21:15:51 ----D---- C:\windows\Microsoft.NET 2014-02-25 21:15:30 ----RSD---- C:\windows\assembly 2014-02-25 21:03:32 ----D---- C:\windows\System32 2014-02-25 20:35:11 ----D---- C:\windows\debug 2014-02-25 20:24:36 ----D---- C:\Windows 2014-02-25 20:20:58 ----D---- C:\windows\system32\catroot2 2014-02-25 20:18:31 ----D---- C:\windows\system32\catroot 2014-02-25 20:07:03 ----D---- C:\windows\SysWOW64 2014-02-25 20:06:56 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe 2014-02-25 19:53:59 ----D---- C:\Program Files (x86) 2014-02-25 19:33:01 ----HD---- C:\ProgramData 2014-02-25 19:32:55 ----D---- C:\ProgramData\MFAData 2014-02-25 19:26:00 ----D---- C:\windows\Tasks 2014-02-25 18:44:22 ----D---- C:\windows\system32\MRT 2014-02-25 18:41:03 ----A---- C:\windows\system32\MRT.exe 2014-02-25 18:03:51 ----D---- C:\windows\winsxs 2014-02-17 17:22:25 ----D---- C:\windows\SYSWOW64\nl-NL 2014-02-17 17:22:24 ----D---- C:\windows\system32\nl-NL 2014-02-17 17:22:18 ----D---- C:\Program Files\Internet Explorer 2014-02-17 17:22:18 ----D---- C:\Program Files (x86)\Internet Explorer 2014-02-17 17:16:47 ----A---- C:\windows\system32\PerfStringBackup.INI 2014-02-17 16:57:39 ----D---- C:\ProgramData\Microsoft Help 2014-02-17 16:57:39 ----A---- C:\windows\win.ini 2014-02-08 20:13:56 ----D---- C:\windows\rescache 2014-02-08 17:33:18 ----D---- C:\Program Files (x86)\Mobogenie 2014-01-31 16:55:50 ----D---- C:\Program Files (x86)\Common Files 2014-01-31 16:51:48 ----D---- C:\Program Files (x86)\Mozilla Firefox ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-02-18 439320] R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2013-09-27 248240] R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys [2010-10-07 13824] R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416] R2 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-09-27 134944] R2 Sentinel64;Sentinel64; C:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448] R2 TurboB;Turbo Boost UI Monitor driver; C:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192] R3 BCM43XX;Stuurprogramma voor Broadcom 802.11-netwerkadapter; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-07-05 4745280] R3 BthEnum;Bluetooth-stuurprogramma voor aanvraagblok; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984] R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784] R3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384] R3 BTWAMPFL;btwampfl; C:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 349736] R3 btwaudio;Bluetooth-audioapparaat; C:\windows\system32\drivers\btwaudio.sys [2011-02-08 107560] R3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2011-02-08 138280] R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 39464] R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2011-02-08 21416] R3 clwvd;CyberLink WebCam Virtual Driver; C:\windows\system32\DRIVERS\clwvd.sys [2010-11-10 31088] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-03-02 2787688] R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys [2013-02-18 189288] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720] R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064] R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-14 12288] R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-04 1413680] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2011-01-25 18432] S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-01-07 14872] S3 EsgScanner;EsgScanner; C:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 22704] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [] S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416] S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-27 26112] S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456] S3 RimUsb;BlackBerry Smartphone; C:\windows\System32\Drivers\RimUsb_AMD64.sys [] S3 RimVSerPort;RIM Virtual Serial Port v2; C:\windows\system32\DRIVERS\RimSerial_AMD64.sys [2011-07-20 44032] S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2009-07-14 11264] S3 rtport;rtport; \??\C:\windows\SysWOW64\drivers\rtport.sys [2011-07-29 15144] S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2010-11-21 32768] S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-18 65432] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2013-09-07 55624] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-02-08 956192] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HitmanProScheduler;HitmanPro Scheduler; C:\Program Files\HitmanPro\hmpsched.exe [2014-02-25 127752] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-21 325656] R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808] R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvvsvc.exe [2011-03-06 993896] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-12-01 244904] R2 SpyHunter 4 Service;SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-01-09 1025408] R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-03-06 3560288] R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] R2 Update BrowseSmart;Update BrowseSmart; C:\Program Files (x86)\BrowseSmart\updateBrowseSmart.exe [2014-02-08 80160] R2 Util BrowseSmart;Util BrowseSmart; C:\Program Files (x86)\BrowseSmart\bin\utilBrowseSmart.exe [2014-02-08 80160] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096] R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] S2 Re-markit;Re-markit; C:\Program Files (x86)\Re-markit\Re-markit153.exe [] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-25 257928] S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe [2010-06-03 246520] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-02-06 111616] S3 iPod Service;iPod-service; C:\Program Files\iPod\bin\iPodService.exe [2013-11-02 641352] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 Samsung UPD Service;Samsung UPD Service; C:\windows\System32\SUPDSvc.exe [2010-08-09 166704] S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-08-01 724888] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] -----------------EOF-----------------
  3. kan buzzdock niet verwijderen
  4. Het is nu ietjes verbeterd. Maar nu krijg ik deze melding bij een update : De volgende updates kunnen niet worden geinstalleerd. KB2656370: Beveiligingsupdate voor Microsoft .NET Framework 1.1 SP1 op Windows XP, Windows Vista en Windows Server 2008 x86 KB2656353: Beveiligingsupdate voor Microsoft .NET Framework 1.1 SP1 op Windows XP, Windows Vista en Windows Server 2008 x86
  5. kan combofix/uninstall niet vinden en kan Qoobox ook niet verwijderen??
  6. geeft als melding: windows kan het bestand combofix/uninstall niet vinden ---------- Post toegevoegd om 11:48 ---------- Vorige post was om 11:45 ---------- In de map Qoobox zit een map met de naam backenv die kan niet verwijderd worden?
  7. Veel beter, maar toch nog wat traag bij het opstarten. En als ik combofix opstart geeft ie de volgende melding: windows/cmd32/niet van toepassing.
  8. ComboFix 12-06-10.01 - mike 11-06-2012 13:15:27.4.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.653 [GMT 2:00] Gestart vanuit: c:\documents and settings\mike\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\mike\Bureaublad\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Aanwezig AV is actief . . FILE :: "c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys" "c:\windows\album77.zip" "c:\windows\album95.zip" "d:\menu start\Programma's\Opstarten\WindowsUpdate56629[1].exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\AVG Secure Search c:\program files\AVG Secure Search\about.gif c:\program files\AVG Secure Search\active-threats18.gif c:\program files\AVG Secure Search\avguidx.dll c:\program files\AVG Secure Search\calc.gif c:\program files\AVG Secure Search\CleanHistory.gif c:\program files\AVG Secure Search\configuration.xml c:\program files\AVG Secure Search\current.gif c:\program files\AVG Secure Search\currently-safe18.gif c:\program files\AVG Secure Search\Facebook.gif c:\program files\AVG Secure Search\favicon.ico c:\program files\AVG Secure Search\feedback.gif c:\program files\AVG Secure Search\help.gif c:\program files\AVG Secure Search\icon18.gif c:\program files\AVG Secure Search\iGearedHelper.dll c:\program files\AVG Secure Search\labs.gif c:\program files\AVG Secure Search\Licenses\hmac.txt c:\program files\AVG Secure Search\Licenses\LICENSE-bsdiff.txt c:\program files\AVG Secure Search\Licenses\LICENSE-bzip.txt c:\program files\AVG Secure Search\Licenses\LICENSE-MPL-NPAPI.txt c:\program files\AVG Secure Search\Licenses\LICENSE-sparsehash.txt c:\program files\AVG Secure Search\lip.exe c:\program files\AVG Secure Search\MigrationTool.exe c:\program files\AVG Secure Search\note.gif c:\program files\AVG Secure Search\PostInstall.exe c:\program files\AVG Secure Search\radio\bg.gif c:\program files\AVG Secure Search\radio\play.gif c:\program files\AVG Secure Search\radio\play_hover.gif c:\program files\AVG Secure Search\radio\radio.html c:\program files\AVG Secure Search\radio\radio.js c:\program files\AVG Secure Search\radio\stations.xml c:\program files\AVG Secure Search\radio\stop.gif c:\program files\AVG Secure Search\radio\stop_hover.gif c:\program files\AVG Secure Search\radio\v_minus.gif c:\program files\AVG Secure Search\radio\v_minus_1.gif c:\program files\AVG Secure Search\radio\v_plus.gif c:\program files\AVG Secure Search\radio\v_plus_1.gif c:\program files\AVG Secure Search\radio\vol_line_emp.gif c:\program files\AVG Secure Search\radio\vol_line_full.gif c:\program files\AVG Secure Search\radio\vol_line_half.gif c:\program files\AVG Secure Search\remote_configuration.xml c:\program files\AVG Secure Search\search.gif c:\program files\AVG Secure Search\SecuredSearch.gif c:\program files\AVG Secure Search\setup.bmp c:\program files\AVG Secure Search\speed-test.gif c:\program files\AVG Secure Search\surf-with-caution18.gif c:\program files\AVG Secure Search\toolbar.zip c:\program files\AVG Secure Search\Uninstall.exe c:\program files\AVG Secure Search\updating18.gif c:\program files\AVG Secure Search\vprot.exe c:\program files\AVG Secure Search\weather.gif c:\program files\AVG Secure Search\windows.gif . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_KASPERSKY1 -------\Service_kaspersky1 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))) . . 2012-06-07 08:26 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2012-06-06 12:22 . 2012-06-06 12:22 388096 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-06 12:22 . 2012-06-06 12:22 -------- d-----w- c:\program files\Trend Micro 2012-06-06 09:43 . 2012-06-06 09:43 -------- d-----w- c:\program files\Common Files\Java 2012-06-06 09:42 . 2012-06-06 09:42 -------- d-----w- c:\program files\Oracle 2012-06-06 09:42 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-06 09:41 . 2012-06-06 09:41 -------- d-----w- c:\program files\Java 2012-06-05 15:49 . 2004-05-11 07:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll 2012-06-05 15:49 . 2004-03-08 21:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx 2012-06-05 15:49 . 2003-11-19 11:59 512688 ----a-w- c:\windows\system32\XceedCry.dll 2012-06-05 15:49 . 2007-06-11 20:04 2267368 ----a-w- c:\windows\system32\Flash.ocx 2012-06-05 15:49 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2012-06-05 15:49 . 2001-03-28 20:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx 2012-06-05 14:00 . 2012-06-05 14:00 -------- d-----w- c:\documents and settings\mike\Application Data\TuneUp Software 2012-06-05 13:59 . 2012-06-05 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2012-06-05 13:59 . 2012-06-05 13:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-06-05 13:43 . 2012-06-05 13:43 -------- d-sh--w- c:\documents and settings\mike\IECompatCache 2012-06-05 12:04 . 2012-06-11 11:15 -------- d-----w- C:\QUARANTINE 2012-06-05 11:31 . 2012-06-05 11:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-06-05 11:22 . 2012-06-05 11:22 -------- d-----w- c:\documents and settings\mike\Application Data\Oracle 2012-06-05 11:22 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-05 10:55 . 2012-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-06-05 10:55 . 2006-11-17 01:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll 2012-06-05 10:55 . 2006-11-30 06:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-06-05 10:55 . 2006-11-30 06:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-05 10:55 . 2006-11-30 06:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-05 10:55 . 2006-11-30 06:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-06-05 10:54 . 2006-11-30 06:50 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-05 10:54 . 2012-06-05 10:55 -------- d-----w- c:\program files\McAfee 2012-06-05 10:54 . 2012-06-05 10:54 -------- d-----w- c:\program files\Common Files\McAfee 2012-06-05 10:28 . 2012-06-11 10:53 -------- d--h--r- c:\documents and settings\mike\Onlangs geopend 2012-06-05 09:20 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2012-06-05 09:20 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-06-05 09:17 . 2012-06-05 09:19 -------- d-----w- c:\windows\SHELLNEW 2012-06-05 09:16 . 2012-06-05 09:16 -------- d-----w- c:\program files\Microsoft.NET 2012-06-04 12:39 . 2012-06-04 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-06-04 12:33 . 2012-06-05 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2012-06-04 12:32 . 2012-06-04 12:32 -------- d-sh--w- c:\documents and settings\mike\PrivacIE 2012-06-04 12:30 . 2012-06-04 12:30 -------- d-sh--w- c:\documents and settings\mike\IETldCache 2012-06-04 12:22 . 2012-06-04 12:23 -------- dc-h--w- c:\windows\ie8 2012-06-04 12:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-06-04 12:18 . 2012-03-01 11:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-04 12:18 . 2012-03-01 11:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-04 12:18 . 2012-03-01 11:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2012-06-04 10:54 . 2012-06-04 10:54 -------- d-----w- c:\documents and settings\mike\Application Data\Canon 2012-06-04 10:52 . 2012-06-04 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2012-06-04 10:52 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll 2012-06-04 10:52 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll 2012-06-04 10:52 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll 2012-06-04 10:52 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll 2012-06-04 10:52 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2012-06-04 10:52 . 2012-06-04 10:52 -------- d-----w- c:\documents and settings\mike\Application Data\Canon Easy-WebPrint EX 2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\program files\Common Files\CANON 2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2012-06-04 10:47 . 2011-05-23 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL 2012-06-04 10:47 . 2011-05-23 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL 2012-06-04 10:47 . 2011-05-23 03:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL 2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-06-04 10:47 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll 2012-06-04 10:47 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL 2012-06-04 10:46 . 2012-06-04 10:46 -------- d-----w- c:\windows\system32\STRING 2012-06-04 10:46 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL 2012-06-04 10:46 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL 2012-06-04 10:45 . 2012-06-04 10:52 -------- d-----w- c:\program files\Canon 2012-06-04 10:41 . 2012-06-04 10:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-04 10:30 . 2012-06-04 10:30 -------- d-----w- c:\documents and settings\All Users\Uniblue . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-05 12:37 . 2007-08-16 19:00 22 -c--a-w- c:\windows\album95.zip 2012-06-05 12:36 . 2007-08-16 20:01 22 -c--a-w- c:\windows\album77.zip 2012-06-04 10:50 . 2011-05-26 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:55 . 2005-03-02 18:09 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2005-03-02 18:09 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2003-08-04 13:02 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-04 16:47 . 2011-06-10 08:38 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 13:56 . 2011-08-19 14:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-06-08_15.08.27 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-11 11:28 . 2012-06-11 11:28 16384 c:\windows\Temp\Perflib_Perfdata_22c.dat + 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\734ce53.msp + 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\20e7792.msp + 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\20d7b7f.msp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] . d:\menu start\Programma's\Opstarten\ WindowsUpdate56629[1].exe [2004-11-9 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "win-xp"=winis.exe "nwiz"=nwiz.exe /installquiet "ATIModeChange"=Ati2mdxx.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-8-2011 16:07 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-8-2011 16:07 22344] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-6-2012 12:41 257696] S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29-8-2006 0:54 10664] . Inhoud van de 'Gedeelde Taken' map . 2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:50] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: net-nucleus.com\awbeta TCP: DhcpNameServer = 192.168.2.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-11 13:30 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f0,2e,e4,66,9e,e0,24,a0,62,0e,78,13,fe,32,8a,b4,11,72,ef,6d,e6,19,c1, 83,3a,ac,dd,50,6f,f9,49,91,39,b2,8f,9d,50,1f,18,39,18,d0,ca,ae,0b,51,4b,26,\ "??"=hex:87,25,1d,2d,c9,80,e6,81,fb,9d,b7,d9,d8,9b,42,e9 . [HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\License information*] "datasecu"=hex:a6,54,38,81,ed,c1,d1,15,17,e0,cd,91,6c,89,7e,c8,cc,5b,11,f9,81, f9,98,df,07,35,4a,7a,d4,8f,dc,03,76,2c,c0,82,5d,95,52,27,61,ac,71,80,4a,8c,\ "rkeysecu"=hex:31,17,29,56,96,ad,4e,69,11,61,05,0e,05,17,70,6a . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(720) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(1384) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe . ************************************************************************** . Voltooingstijd: 2012-06-11 13:35:55 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-11 11:35 ComboFix2.txt 2012-06-09 15:34 ComboFix3.txt 2012-06-08 15:16 ComboFix4.txt 2012-06-07 09:52 . - - End Of File - - D19B1FC09F32128BBB1C741A376DFC1C
  9. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:35:38, on 9-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - Startup: WindowsUpdate56629[1].exe O4 - User Startup: WindowsUpdate56629[1].exe O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 5181 bytes ComboFix 12-06-08.01 - mike 09-06-2012 17:12:46.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.787 [GMT 2:00] Gestart vanuit: c:\documents and settings\mike\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Aanwezig AV is actief . . FILE :: "c:\windows\album77.zip" "c:\windows\album95.zip" "d:\menu start\Programma's\Opstarten\indowsUpdate56629[1].exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\AVG Secure Search c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\chrome.manifest c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\chrome\avg.jar c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\components\toolbarhomeApi.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\icon.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\install.rdf c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\locale\en-US\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\locale\en-US\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\avg.xml c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\avgJsm.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\Bindings.xml c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration_0.css c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration_0.xul c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\HistoryCleaner.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\IOJsm.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\cs\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\cs\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\da\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\da\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\de\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\de\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\en\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\en\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es-es\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es-es\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\fr\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\fr\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\hu\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\hu\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\id\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\id\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\it\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\it\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ja\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ja\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ko\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ko\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ms\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ms\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\nl\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\nl\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pl\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pl\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt-br\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt-br\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ru\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ru\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sk\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sk\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sr\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sr\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\tr\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\tr\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-cn\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-cn\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-tw\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-tw\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\Preferences.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\propertiesJsm.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\about.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\active-threats18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\ajax-loader.gif c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\calc.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\CleanHistory.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\close.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\current.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\currently-safe18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\Facebook.gif c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\feedback.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\feedicon.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\help.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\icon_search.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\icon18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\information-24.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\labs.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\loader.gif c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\note.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\questionmarkIcon.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\search.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\SecuredSearch.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\speed-test.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\surf-with-caution18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\updating18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\weather.gif c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\window-close.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\windows.png c:\documents and settings\All Users\Application Data\AVG2012 c:\documents and settings\All Users\Application Data\AVG2012\Cfg\admin.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\advisor.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\changecfgreg.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\csl.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\erd.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\except.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\idp2.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\krnl.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mail.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mailsrv.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mailsrvvsapi.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\malrep.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\rsexcludes.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\scan.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\sched.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\setup.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\spsrv.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\update.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\updatecomps.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\user.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\falsealarm.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\krnlall.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\pctuneupall.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\srmall.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\updateall.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\userall.cfg c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\md5Cache.dat c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\quarantinedList.zip c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\ShortcutCache.dat c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\userList.zip c:\documents and settings\All Users\Application Data\AVG2012\log\avgadvisor.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfg.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfg.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfgex.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.6 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgdecider.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgdecider.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgdiagex.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgdiagex.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgemc.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgexc.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagentremoved.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgldr.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avglng.log c:\documents and settings\All Users\Application Data\AVG2012\log\avglng.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.6 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgpostinst.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgpostinst.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgrkt.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgscan.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.6 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrmac.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgtdi.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgtdi.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgual.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgual.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgui_idp_mike.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgui_idp_mike.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\commonpriv.log c:\documents and settings\All Users\Application Data\AVG2012\log\commonpriv.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\fixcfg.log c:\documents and settings\All Users\Application Data\AVG2012\log\fixcfg.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\history.xml c:\documents and settings\All Users\Application Data\AVG2012\log\vault.log.lock c:\documents and settings\All Users\Application Data\AVG2012\scanlogs\srm.idx c:\documents and settings\mike\Application Data\AVG Secure Search c:\documents and settings\mike\Application Data\AVG Secure Search\cache\272512937d9e61a4.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\272512937d9e61a4__exp__1338908416 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\287204568329e189.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\28bc8f716fd76a47.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\28bc8f716fd76a47__exp__1338908414 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\2c53092c95605355.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\32c84fe32bb74d60.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\32c84fe32bb74d60__exp__1338908417 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\3917078cb68ec657.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\590ba23ce359fd0c.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\590ba23ce359fd0c__exp__1338908416 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\62bcb3ff25821cb3.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\62bcb3ff25821cb3__exp__1338908413 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\651c5d3cdbfb8bd1.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\651c5d3cdbfb8bd1__exp__1338908415 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\66e48017c057d766.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\66e48017c057d766__exp__1338981356 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1338908416 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6d03dad1035885d3.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6d03dad1035885d3__exp__1338908418 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\a8556537add6dfc5.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\a8556537add6dfc5__exp__1338908416 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1338908415 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c1fa887b03019701.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c1fa887b03019701__exp__1338908418 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c4d28dca2e7648be.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c4d28dca2e7648be__exp__1338908415 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d201ef9910cd39de.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d201ef9910cd39de__exp__1338908415 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d2e94710a5708128.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d79b9dfe81484ec4.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\f998975c9cc711ee.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\f998975c9cc711ee__exp__1338908418 c:\documents and settings\mike\Application Data\AVG2012 c:\documents and settings\mike\Application Data\AVG2012\cfgall\usergui.cfg c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search\SiteSafety\l_2012_06_04_05_40_27.db c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search\SiteSafety\l_2012_06_06_04_17_27.db c:\program files\Common Files\AVG Secure Search c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.0.2\CommonInstaller.exe c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.0.2\ScriptHelper.exe c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.0.2\toolband c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\UpdaterConfig.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_EFIPSK -------\Legacy_VTOOLBARUPDATER11.0.2 -------\Service_efipsk -------\Service_vToolbarUpdater11.0.2 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))) . . 2012-06-07 08:26 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2012-06-06 12:22 . 2012-06-06 12:22 388096 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-06 12:22 . 2012-06-06 12:22 -------- d-----w- c:\program files\Trend Micro 2012-06-06 09:43 . 2012-06-06 09:43 -------- d-----w- c:\program files\Common Files\Java 2012-06-06 09:42 . 2012-06-06 09:42 -------- d-----w- c:\program files\Oracle 2012-06-06 09:42 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-06 09:41 . 2012-06-06 09:41 -------- d-----w- c:\program files\Java 2012-06-05 15:49 . 2004-05-11 07:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll 2012-06-05 15:49 . 2004-03-08 21:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx 2012-06-05 15:49 . 2003-11-19 11:59 512688 ----a-w- c:\windows\system32\XceedCry.dll 2012-06-05 15:49 . 2007-06-11 20:04 2267368 ----a-w- c:\windows\system32\Flash.ocx 2012-06-05 15:49 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2012-06-05 15:49 . 2001-03-28 20:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx 2012-06-05 14:00 . 2012-06-05 14:00 -------- d-----w- c:\documents and settings\mike\Application Data\TuneUp Software 2012-06-05 13:59 . 2012-06-05 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2012-06-05 13:59 . 2012-06-05 13:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-06-05 13:43 . 2012-06-05 13:43 -------- d-sh--w- c:\documents and settings\mike\IECompatCache 2012-06-05 12:04 . 2012-06-09 15:12 -------- d-----w- C:\QUARANTINE 2012-06-05 11:31 . 2012-06-05 11:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-06-05 11:22 . 2012-06-05 11:22 -------- d-----w- c:\documents and settings\mike\Application Data\Oracle 2012-06-05 11:22 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-05 10:55 . 2012-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-06-05 10:55 . 2006-11-17 01:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll 2012-06-05 10:55 . 2006-11-30 06:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-06-05 10:55 . 2006-11-30 06:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-05 10:55 . 2006-11-30 06:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-05 10:55 . 2006-11-30 06:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-06-05 10:54 . 2006-11-30 06:50 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-05 10:54 . 2012-06-05 10:55 -------- d-----w- c:\program files\McAfee 2012-06-05 10:54 . 2012-06-05 10:54 -------- d-----w- c:\program files\Common Files\McAfee 2012-06-05 10:45 . 2012-06-05 10:45 -------- d-----w- c:\program files\AVG Secure Search 2012-06-05 10:28 . 2012-06-09 15:03 -------- d--h--r- c:\documents and settings\mike\Onlangs geopend 2012-06-05 09:20 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2012-06-05 09:20 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-06-05 09:17 . 2012-06-05 09:19 -------- d-----w- c:\windows\SHELLNEW 2012-06-05 09:16 . 2012-06-05 09:16 -------- d-----w- c:\program files\Microsoft.NET 2012-06-04 12:39 . 2012-06-04 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-06-04 12:33 . 2012-06-05 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2012-06-04 12:32 . 2012-06-04 12:32 -------- d-sh--w- c:\documents and settings\mike\PrivacIE 2012-06-04 12:30 . 2012-06-04 12:30 -------- d-sh--w- c:\documents and settings\mike\IETldCache 2012-06-04 12:22 . 2012-06-04 12:23 -------- dc-h--w- c:\windows\ie8 2012-06-04 12:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-06-04 12:18 . 2012-03-01 11:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-04 12:18 . 2012-03-01 11:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-04 12:18 . 2012-03-01 11:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2012-06-04 10:54 . 2012-06-04 10:54 -------- d-----w- c:\documents and settings\mike\Application Data\Canon 2012-06-04 10:52 . 2012-06-04 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2012-06-04 10:52 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll 2012-06-04 10:52 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll 2012-06-04 10:52 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll 2012-06-04 10:52 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll 2012-06-04 10:52 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2012-06-04 10:52 . 2012-06-04 10:52 -------- d-----w- c:\documents and settings\mike\Application Data\Canon Easy-WebPrint EX 2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\program files\Common Files\CANON 2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2012-06-04 10:47 . 2011-05-23 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL 2012-06-04 10:47 . 2011-05-23 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL 2012-06-04 10:47 . 2011-05-23 03:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL 2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-06-04 10:47 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll 2012-06-04 10:47 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL 2012-06-04 10:46 . 2012-06-04 10:46 -------- d-----w- c:\windows\system32\STRING 2012-06-04 10:46 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL 2012-06-04 10:46 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL 2012-06-04 10:45 . 2012-06-04 10:52 -------- d-----w- c:\program files\Canon 2012-06-04 10:41 . 2012-06-04 10:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-04 10:30 . 2012-06-04 10:30 -------- d-----w- c:\documents and settings\All Users\Uniblue . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-05 12:37 . 2007-08-16 19:00 22 -c--a-w- c:\windows\album95.zip 2012-06-05 12:36 . 2007-08-16 20:01 22 -c--a-w- c:\windows\album77.zip 2012-06-04 10:50 . 2011-05-26 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:55 . 2005-03-02 18:09 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2005-03-02 18:09 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2003-08-04 13:02 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-04 16:47 . 2011-06-10 08:38 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 13:56 . 2011-08-19 14:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-06-08_15.08.27 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-09 15:26 . 2012-06-09 15:26 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat + 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\20d7b7f.msp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] . d:\menu start\Programma's\Opstarten\ WindowsUpdate56629[1].exe [2004-11-9 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "win-xp"=winis.exe "nwiz"=nwiz.exe /installquiet "ATIModeChange"=Ati2mdxx.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-8-2011 16:07 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-8-2011 16:07 22344] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-6-2012 12:41 257696] S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29-8-2006 0:54 10664] S3 kaspersky1;kaspersky1;\??\c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys --> c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:50] . 2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58] . 2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: net-nucleus.com\awbeta TCP: DhcpNameServer = 192.168.2.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-09 17:28 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f0,2e,e4,66,9e,e0,24,a0,62,0e,78,13,fe,32,8a,b4,11,72,ef,6d,e6,19,c1, 83,3a,ac,dd,50,6f,f9,49,91,39,b2,8f,9d,50,1f,18,39,18,d0,ca,ae,0b,51,4b,26,\ "??"=hex:87,25,1d,2d,c9,80,e6,81,fb,9d,b7,d9,d8,9b,42,e9 . [HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\License information*] "datasecu"=hex:a6,54,38,81,ed,c1,d1,15,17,e0,cd,91,6c,89,7e,c8,cc,5b,11,f9,81, f9,98,df,07,35,4a,7a,d4,8f,dc,03,76,2c,c0,82,5d,95,52,27,61,ac,71,80,4a,8c,\ "rkeysecu"=hex:31,17,29,56,96,ad,4e,69,11,61,05,0e,05,17,70,6a . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(2196) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\McAfee\VirusScan Enterprise\Scriptcl.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe . ************************************************************************** . Voltooingstijd: 2012-06-09 17:34:37 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-09 15:34 ComboFix2.txt 2012-06-08 15:16 ComboFix3.txt 2012-06-07 09:52 . - - End Of File - - 97C047787C33DE77A83E08BE2B27D791 ComboFix 12-06-08.01 - mike 09-06-2012 17:12:46.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.787 [GMT 2:00] Gestart vanuit: c:\documents and settings\mike\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Aanwezig AV is actief . . FILE :: "c:\windows\album77.zip" "c:\windows\album95.zip" "d:\menu start\Programma's\Opstarten\indowsUpdate56629[1].exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\AVG Secure Search c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\chrome.manifest c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\chrome\avg.jar c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\components\toolbarhomeApi.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\icon.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\install.rdf c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\locale\en-US\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\locale\en-US\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\avg.xml c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\avgJsm.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\Bindings.xml c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration_0.css c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\configuration_0.xul c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\HistoryCleaner.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\IOJsm.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\cs\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\cs\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\da\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\da\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\de\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\de\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\en\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\en\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es-es\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es-es\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\es\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\fr\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\fr\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\hu\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\hu\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\id\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\id\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\it\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\it\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ja\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ja\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ko\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ko\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ms\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ms\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\nl\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\nl\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pl\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pl\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt-br\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt-br\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\pt\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ru\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\ru\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sk\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sk\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sr\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\sr\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\tr\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\tr\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-cn\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-cn\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-tw\global.dtd c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\locale\zh-tw\global.properties c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\Preferences.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\propertiesJsm.js c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\about.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\active-threats18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\ajax-loader.gif c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\calc.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\CleanHistory.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\close.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\current.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\currently-safe18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\Facebook.gif c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\feedback.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\feedicon.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\help.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\icon_search.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\icon18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\information-24.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\labs.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\loader.gif c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\note.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\questionmarkIcon.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\search.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\SecuredSearch.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\speed-test.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\surf-with-caution18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\updating18.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\weather.gif c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\window-close.png c:\documents and settings\All Users\Application Data\AVG Secure Search\11.0.0.9\modules\skin\windows.png c:\documents and settings\All Users\Application Data\AVG2012 c:\documents and settings\All Users\Application Data\AVG2012\Cfg\admin.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\advisor.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\changecfgreg.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\csl.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\erd.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\except.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\idp2.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\krnl.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mail.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mailsrv.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\mailsrvvsapi.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\malrep.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\rsexcludes.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\scan.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\sched.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\setup.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\spsrv.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\update.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\updatecomps.cfg c:\documents and settings\All Users\Application Data\AVG2012\Cfg\user.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\falsealarm.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\krnlall.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\pctuneupall.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\srmall.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\updateall.cfg c:\documents and settings\All Users\Application Data\AVG2012\cfgall\userall.cfg c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\md5Cache.dat c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\quarantinedList.zip c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\ShortcutCache.dat c:\documents and settings\All Users\Application Data\AVG2012\IDS\config\userList.zip c:\documents and settings\All Users\Application Data\AVG2012\log\avgadvisor.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfg.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfg.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgcfgex.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgchjw.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.6 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcore.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgcsl.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgdecider.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgdecider.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgdiagex.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgdiagex.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgemc.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgexc.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagent.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgidpagentremoved.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgldr.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avglng.log c:\documents and settings\All Users\Application Data\AVG2012\log\avglng.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.6 c:\documents and settings\All Users\Application Data\AVG2012\log\avgns.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgpostinst.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgpostinst.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgrkt.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgrs.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgscan.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.4 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.5 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.6 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsched.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrm.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgsrmac.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgss.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgtdi.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgtdi.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgtray_idp_mike.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgual.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgual.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgui.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgui_idp_mike.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgui_idp_mike.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgupd.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.3 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwd.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.1 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.2 c:\documents and settings\All Users\Application Data\AVG2012\log\avgwdsvc_idp_SYSTEM.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\commonpriv.log c:\documents and settings\All Users\Application Data\AVG2012\log\commonpriv.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\fixcfg.log c:\documents and settings\All Users\Application Data\AVG2012\log\fixcfg.log.lock c:\documents and settings\All Users\Application Data\AVG2012\log\history.xml c:\documents and settings\All Users\Application Data\AVG2012\log\vault.log.lock c:\documents and settings\All Users\Application Data\AVG2012\scanlogs\srm.idx c:\documents and settings\mike\Application Data\AVG Secure Search c:\documents and settings\mike\Application Data\AVG Secure Search\cache\272512937d9e61a4.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\272512937d9e61a4__exp__1338908416 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\287204568329e189.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\28bc8f716fd76a47.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\28bc8f716fd76a47__exp__1338908414 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\2c53092c95605355.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\32c84fe32bb74d60.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\32c84fe32bb74d60__exp__1338908417 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\3917078cb68ec657.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\590ba23ce359fd0c.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\590ba23ce359fd0c__exp__1338908416 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\610289e025a3ee9a.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\62bcb3ff25821cb3.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\62bcb3ff25821cb3__exp__1338908413 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\651c5d3cdbfb8bd1.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\651c5d3cdbfb8bd1__exp__1338908415 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\66e48017c057d766.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\66e48017c057d766__exp__1338981356 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6c59ac5e7e7a3ad0__exp__1338908416 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6d03dad1035885d3.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\6d03dad1035885d3__exp__1338908418 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\a8556537add6dfc5.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\a8556537add6dfc5__exp__1338908416 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\ad10a52aff5e038d.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\ad10a52aff5e038d__exp__1338908415 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c1fa887b03019701.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c1fa887b03019701__exp__1338908418 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c4d28dca2e7648be.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\c4d28dca2e7648be__exp__1338908415 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d201ef9910cd39de.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d201ef9910cd39de__exp__1338908415 c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d2e94710a5708128.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\d79b9dfe81484ec4.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\f998975c9cc711ee.fb c:\documents and settings\mike\Application Data\AVG Secure Search\cache\f998975c9cc711ee__exp__1338908418 c:\documents and settings\mike\Application Data\AVG2012 c:\documents and settings\mike\Application Data\AVG2012\cfgall\usergui.cfg c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search\SiteSafety\l_2012_06_04_05_40_27.db c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search\SiteSafety\l_2012_06_06_04_17_27.db c:\program files\Common Files\AVG Secure Search c:\program files\Common Files\AVG Secure Search\CommonInstaller\11.0.2\CommonInstaller.exe c:\program files\Common Files\AVG Secure Search\InstalledProducts.ini c:\program files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.0.2\ScriptHelper.exe c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll c:\program files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll c:\program files\Common Files\AVG Secure Search\ToolBandTlb\11.0.2\toolband c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\UpdaterConfig.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_EFIPSK -------\Legacy_VTOOLBARUPDATER11.0.2 -------\Service_efipsk -------\Service_vToolbarUpdater11.0.2 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))) . . 2012-06-07 08:26 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2012-06-06 12:22 . 2012-06-06 12:22 388096 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-06 12:22 . 2012-06-06 12:22 -------- d-----w- c:\program files\Trend Micro 2012-06-06 09:43 . 2012-06-06 09:43 -------- d-----w- c:\program files\Common Files\Java 2012-06-06 09:42 . 2012-06-06 09:42 -------- d-----w- c:\program files\Oracle 2012-06-06 09:42 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-06 09:41 . 2012-06-06 09:41 -------- d-----w- c:\program files\Java 2012-06-05 15:49 . 2004-05-11 07:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll 2012-06-05 15:49 . 2004-03-08 21:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx 2012-06-05 15:49 . 2003-11-19 11:59 512688 ----a-w- c:\windows\system32\XceedCry.dll 2012-06-05 15:49 . 2007-06-11 20:04 2267368 ----a-w- c:\windows\system32\Flash.ocx 2012-06-05 15:49 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2012-06-05 15:49 . 2001-03-28 20:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx 2012-06-05 14:00 . 2012-06-05 14:00 -------- d-----w- c:\documents and settings\mike\Application Data\TuneUp Software 2012-06-05 13:59 . 2012-06-05 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2012-06-05 13:59 . 2012-06-05 13:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-06-05 13:43 . 2012-06-05 13:43 -------- d-sh--w- c:\documents and settings\mike\IECompatCache 2012-06-05 12:04 . 2012-06-09 15:12 -------- d-----w- C:\QUARANTINE 2012-06-05 11:31 . 2012-06-05 11:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-06-05 11:22 . 2012-06-05 11:22 -------- d-----w- c:\documents and settings\mike\Application Data\Oracle 2012-06-05 11:22 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-05 10:55 . 2012-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-06-05 10:55 . 2006-11-17 01:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll 2012-06-05 10:55 . 2006-11-30 06:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-06-05 10:55 . 2006-11-30 06:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-05 10:55 . 2006-11-30 06:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-05 10:55 . 2006-11-30 06:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-06-05 10:54 . 2006-11-30 06:50 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-05 10:54 . 2012-06-05 10:55 -------- d-----w- c:\program files\McAfee 2012-06-05 10:54 . 2012-06-05 10:54 -------- d-----w- c:\program files\Common Files\McAfee 2012-06-05 10:45 . 2012-06-05 10:45 -------- d-----w- c:\program files\AVG Secure Search 2012-06-05 10:28 . 2012-06-09 15:03 -------- d--h--r- c:\documents and settings\mike\Onlangs geopend 2012-06-05 09:20 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2012-06-05 09:20 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-06-05 09:17 . 2012-06-05 09:19 -------- d-----w- c:\windows\SHELLNEW 2012-06-05 09:16 . 2012-06-05 09:16 -------- d-----w- c:\program files\Microsoft.NET 2012-06-04 12:39 . 2012-06-04 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-06-04 12:33 . 2012-06-05 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2012-06-04 12:32 . 2012-06-04 12:32 -------- d-sh--w- c:\documents and settings\mike\PrivacIE 2012-06-04 12:30 . 2012-06-04 12:30 -------- d-sh--w- c:\documents and settings\mike\IETldCache 2012-06-04 12:22 . 2012-06-04 12:23 -------- dc-h--w- c:\windows\ie8 2012-06-04 12:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-06-04 12:18 . 2012-03-01 11:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-04 12:18 . 2012-03-01 11:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-04 12:18 . 2012-03-01 11:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2012-06-04 10:54 . 2012-06-04 10:54 -------- d-----w- c:\documents and settings\mike\Application Data\Canon 2012-06-04 10:52 . 2012-06-04 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2012-06-04 10:52 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll 2012-06-04 10:52 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll 2012-06-04 10:52 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll 2012-06-04 10:52 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll 2012-06-04 10:52 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2012-06-04 10:52 . 2012-06-04 10:52 -------- d-----w- c:\documents and settings\mike\Application Data\Canon Easy-WebPrint EX 2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\program files\Common Files\CANON 2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2012-06-04 10:47 . 2011-05-23 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL 2012-06-04 10:47 . 2011-05-23 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL 2012-06-04 10:47 . 2011-05-23 03:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL 2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-06-04 10:47 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll 2012-06-04 10:47 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL 2012-06-04 10:46 . 2012-06-04 10:46 -------- d-----w- c:\windows\system32\STRING 2012-06-04 10:46 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL 2012-06-04 10:46 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL 2012-06-04 10:45 . 2012-06-04 10:52 -------- d-----w- c:\program files\Canon 2012-06-04 10:41 . 2012-06-04 10:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-04 10:30 . 2012-06-04 10:30 -------- d-----w- c:\documents and settings\All Users\Uniblue . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-05 12:37 . 2007-08-16 19:00 22 -c--a-w- c:\windows\album95.zip 2012-06-05 12:36 . 2007-08-16 20:01 22 -c--a-w- c:\windows\album77.zip 2012-06-04 10:50 . 2011-05-26 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:55 . 2005-03-02 18:09 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2005-03-02 18:09 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2003-08-04 13:02 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-04 16:47 . 2011-06-10 08:38 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 13:56 . 2011-08-19 14:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-06-08_15.08.27 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-09 15:26 . 2012-06-09 15:26 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat + 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\20d7b7f.msp . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] . d:\menu start\Programma's\Opstarten\ WindowsUpdate56629[1].exe [2004-11-9 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "win-xp"=winis.exe "nwiz"=nwiz.exe /installquiet "ATIModeChange"=Ati2mdxx.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-8-2011 16:07 654408] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-8-2011 16:07 22344] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-6-2012 12:41 257696] S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29-8-2006 0:54 10664] S3 kaspersky1;kaspersky1;\??\c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys --> c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:50] . 2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58] . 2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: net-nucleus.com\awbeta TCP: DhcpNameServer = 192.168.2.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-09 17:28 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f0,2e,e4,66,9e,e0,24,a0,62,0e,78,13,fe,32,8a,b4,11,72,ef,6d,e6,19,c1, 83,3a,ac,dd,50,6f,f9,49,91,39,b2,8f,9d,50,1f,18,39,18,d0,ca,ae,0b,51,4b,26,\ "??"=hex:87,25,1d,2d,c9,80,e6,81,fb,9d,b7,d9,d8,9b,42,e9 . [HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\License information*] "datasecu"=hex:a6,54,38,81,ed,c1,d1,15,17,e0,cd,91,6c,89,7e,c8,cc,5b,11,f9,81, f9,98,df,07,35,4a,7a,d4,8f,dc,03,76,2c,c0,82,5d,95,52,27,61,ac,71,80,4a,8c,\ "rkeysecu"=hex:31,17,29,56,96,ad,4e,69,11,61,05,0e,05,17,70,6a . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(712) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(2196) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\McAfee\VirusScan Enterprise\Scriptcl.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe . ************************************************************************** . Voltooingstijd: 2012-06-09 17:34:37 - machine werd herstart ComboFix-quarantined-files.txt 2012-06-09 15:34 ComboFix2.txt 2012-06-08 15:16 ComboFix3.txt 2012-06-07 09:52 . - - End Of File - - 97C047787C33DE77A83E08BE2B27D791
  10. ComboFix 12-06-08.01 - mike 08-06-2012 16:57:47.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.830 [GMT 2:00] Gestart vanuit: c:\documents and settings\mike\Bureaublad\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))) . . 2012-06-07 08:26 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll 2012-06-06 12:22 . 2012-06-06 12:22 388096 ----a-r- c:\documents and settings\mike\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-06 12:22 . 2012-06-06 12:22 -------- d-----w- c:\program files\Trend Micro 2012-06-06 09:43 . 2012-06-06 09:43 -------- d-----w- c:\program files\Common Files\Java 2012-06-06 09:42 . 2012-06-06 09:42 -------- d-----w- c:\program files\Oracle 2012-06-06 09:42 . 2012-04-04 16:47 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-06-06 09:41 . 2012-06-06 09:41 -------- d-----w- c:\program files\Java 2012-06-05 15:49 . 2004-05-11 07:56 423784 ----a-w- c:\windows\system32\XceedBkp.dll 2012-06-05 15:49 . 2004-03-08 21:00 131856 ----a-w- c:\windows\system32\MSADODC.ocx 2012-06-05 15:49 . 2003-11-19 11:59 512688 ----a-w- c:\windows\system32\XceedCry.dll 2012-06-05 15:49 . 2007-06-11 20:04 2267368 ----a-w- c:\windows\system32\Flash.ocx 2012-06-05 15:49 . 2000-07-15 03:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL 2012-06-05 15:49 . 2001-03-28 20:02 89088 ----a-w- c:\windows\system32\ProgressBar4.ocx 2012-06-05 14:00 . 2012-06-05 14:00 -------- d-----w- c:\documents and settings\mike\Application Data\TuneUp Software 2012-06-05 13:59 . 2012-06-05 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2012-06-05 13:59 . 2012-06-05 13:59 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-06-05 13:43 . 2012-06-05 13:43 -------- d-sh--w- c:\documents and settings\mike\IECompatCache 2012-06-05 12:04 . 2012-06-08 14:57 -------- d-----w- C:\QUARANTINE 2012-06-05 11:31 . 2012-06-05 11:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2012-06-05 11:22 . 2012-06-05 11:22 -------- d-----w- c:\documents and settings\mike\Application Data\Oracle 2012-06-05 11:22 . 2012-04-04 16:47 772504 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-06-05 10:55 . 2012-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-06-05 10:55 . 2006-11-17 01:06 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll 2012-06-05 10:55 . 2006-11-30 06:50 34152 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-06-05 10:55 . 2006-11-30 06:50 72264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-05 10:55 . 2006-11-30 06:50 64360 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-05 10:55 . 2006-11-30 06:50 52136 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-06-05 10:54 . 2006-11-30 06:50 168776 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-05 10:54 . 2012-06-05 10:55 -------- d-----w- c:\program files\McAfee 2012-06-05 10:54 . 2012-06-05 10:54 -------- d-----w- c:\program files\Common Files\McAfee 2012-06-05 10:45 . 2012-06-05 10:45 -------- d-----w- c:\program files\AVG Secure Search 2012-06-05 10:28 . 2012-06-08 12:05 -------- d--h--r- c:\documents and settings\mike\Onlangs geopend 2012-06-05 09:20 . 2007-04-09 11:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll 2012-06-05 09:20 . 2007-04-09 11:23 28040 ----a-w- c:\windows\system32\mdimon.dll 2012-06-05 09:17 . 2012-06-05 09:19 -------- d-----w- c:\windows\SHELLNEW 2012-06-05 09:16 . 2012-06-05 09:16 -------- d-----w- c:\program files\Microsoft.NET 2012-06-04 12:41 . 2012-06-04 12:41 -------- d-----w- c:\documents and settings\mike\Application Data\AVG2012 2012-06-04 12:39 . 2012-06-04 12:39 -------- d-----w- c:\documents and settings\mike\Local Settings\Application Data\AVG Secure Search 2012-06-04 12:39 . 2012-06-04 12:39 -------- d-----w- c:\documents and settings\mike\Application Data\AVG Secure Search 2012-06-04 12:39 . 2012-06-04 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2012-06-04 12:39 . 2012-06-04 12:39 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-06-04 12:39 . 2012-06-04 12:39 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2012-06-04 12:38 . 2012-06-05 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012 2012-06-04 12:37 . 2012-06-08 09:05 -------- d-----w- c:\program files\AVG 2012-06-04 12:33 . 2012-06-05 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2012-06-04 12:32 . 2012-06-04 12:32 -------- d-sh--w- c:\documents and settings\mike\PrivacIE 2012-06-04 12:30 . 2012-06-04 12:30 -------- d-sh--w- c:\documents and settings\mike\IETldCache 2012-06-04 12:22 . 2012-06-04 12:23 -------- dc-h--w- c:\windows\ie8 2012-06-04 12:18 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll 2012-06-04 12:18 . 2012-03-01 11:00 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2012-06-04 12:18 . 2012-03-01 11:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2012-06-04 12:18 . 2012-03-01 11:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJSolutionMenuEX 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP 2012-06-04 10:54 . 2012-06-04 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJMyPrinter 2012-06-04 10:54 . 2012-06-04 10:54 -------- d-----w- c:\documents and settings\mike\Application Data\Canon 2012-06-04 10:52 . 2012-06-04 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2012-06-04 10:52 . 2011-04-27 09:00 323584 ----a-w- c:\windows\system32\CNC_ASL.dll 2012-06-04 10:52 . 2011-03-31 08:07 114688 ----a-w- c:\windows\system32\CNC_ASU.dll 2012-06-04 10:52 . 2011-03-31 08:05 286720 ----a-w- c:\windows\system32\CNC_ASC.dll 2012-06-04 10:52 . 2011-03-31 08:05 114688 ----a-w- c:\windows\system32\CNC_ASI.dll 2012-06-04 10:52 . 2008-08-25 16:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll 2012-06-04 10:52 . 2012-06-04 10:52 -------- d-----w- c:\documents and settings\mike\Application Data\Canon Easy-WebPrint EX 2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\program files\Common Files\CANON 2012-06-04 10:51 . 2012-06-04 10:51 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJWSpt 2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2012-06-04 10:47 . 2011-05-23 03:00 83968 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAS.DLL 2012-06-04 10:47 . 2011-05-23 03:00 29184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAS.DLL 2012-06-04 10:47 . 2011-05-23 03:00 310272 ----a-w- c:\windows\system32\CNMLMAS.DLL 2012-06-04 10:47 . 2012-06-04 10:47 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-06-04 10:47 . 2010-11-18 06:15 90112 ----a-w- c:\windows\system32\CNC_ASO.dll 2012-06-04 10:47 . 2011-02-03 00:20 184320 ----a-w- c:\windows\system32\CNMIUAS.DLL 2012-06-04 10:46 . 2012-06-04 10:46 -------- d-----w- c:\windows\system32\STRING 2012-06-04 10:46 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL 2012-06-04 10:46 . 2011-02-01 08:22 363008 ----a-w- c:\windows\system32\CNMNPPM.DLL 2012-06-04 10:45 . 2012-06-04 10:52 -------- d-----w- c:\program files\Canon 2012-06-04 10:41 . 2012-06-04 10:50 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-04 10:30 . 2012-06-04 10:30 -------- d-----w- c:\documents and settings\All Users\Uniblue . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-05 12:37 . 2007-08-16 19:00 22 -c--a-w- c:\windows\album95.zip 2012-06-05 12:36 . 2007-08-16 20:01 22 -c--a-w- c:\windows\album77.zip 2012-06-04 10:50 . 2011-05-26 12:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2002-09-23 13:11 602624 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:55 . 2005-03-02 18:09 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-11 13:55 . 2005-03-02 18:09 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:55 . 2003-08-04 13:02 1862400 ----a-w- c:\windows\system32\win32k.sys 2012-04-04 16:47 . 2011-06-10 08:38 687504 ----a-w- c:\windows\system32\deployJava1.dll 2012-04-04 13:56 . 2011-08-19 14:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-07_09.44.26 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-08 14:38 . 2012-06-08 14:38 16384 c:\windows\Temp\Perflib_Perfdata_4f0.dat - 2003-08-04 13:12 . 2011-12-01 11:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2003-08-04 13:12 . 2012-06-07 13:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2003-08-04 13:12 . 2012-06-07 13:09 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2003-08-04 13:12 . 2011-12-01 11:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat - 2003-08-04 13:12 . 2011-12-01 11:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2012-06-07 13:10 . 2012-06-07 13:09 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2012-06-07 12:35 . 2012-06-07 12:35 19968 c:\windows\Installer\3e552.msi + 2012-06-07 13:04 . 2012-06-07 13:04 22016 c:\windows\Installer\1c47d1.msi + 2012-06-07 12:59 . 2012-06-07 12:59 24064 c:\windows\Installer\1c47ca.msi + 2012-06-05 09:20 . 2012-06-07 12:40 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2012-06-05 09:20 . 2012-06-06 01:08 23040 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2012-06-05 09:20 . 2012-06-06 01:08 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2012-06-05 09:20 . 2012-06-07 12:40 61440 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2012-06-05 09:20 . 2012-06-07 12:40 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2012-06-05 09:20 . 2012-06-06 01:08 27136 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2012-06-05 09:20 . 2012-06-06 01:08 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2012-06-05 09:20 . 2012-06-07 12:40 11264 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2012-06-05 09:20 . 2012-06-06 01:08 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2012-06-05 09:20 . 2012-06-07 12:40 86016 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2012-06-05 09:20 . 2012-06-06 01:08 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2012-06-05 09:20 . 2012-06-07 12:40 12288 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2011-06-06 10:55 . 2011-06-06 10:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\ViewerPS.dll + 2011-06-06 10:55 . 2011-06-06 10:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\reader_sl.exe + 2011-06-06 10:55 . 2011-06-06 10:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\PDFPrevHndlr.dll + 2011-06-06 10:55 . 2011-06-06 10:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\eula.exe + 2011-06-06 10:55 . 2011-06-06 10:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acrotextextractor.exe + 2011-06-06 10:55 . 2011-06-06 10:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32Info.exe + 2011-06-06 10:55 . 2011-06-06 10:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acroiehelpershim.dll + 2011-06-06 10:55 . 2011-06-06 10:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroIEHelper.dll + 2011-06-06 10:55 . 2011-06-06 10:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\Acrofx32.dll + 2007-03-22 17:07 . 2007-03-22 17:07 78168 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\RM.DLL + 2007-03-22 17:07 . 2007-03-22 17:07 41824 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\RECALL.DLL + 2007-03-22 17:05 . 2007-03-22 17:05 97632 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL + 2007-04-19 11:53 . 2007-04-19 11:53 69984 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLRPC.DLL + 2007-03-22 17:13 . 2007-03-22 17:13 23904 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\IPDMCTRL.DLL + 2007-03-22 17:07 . 2007-03-22 17:07 80224 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\DLGSETP.DLL + 2007-03-22 17:07 . 2007-03-22 17:07 91488 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\ADDRPARS.DLL - 2012-06-05 09:20 . 2012-06-06 01:08 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2012-06-05 09:20 . 2012-06-07 12:40 4096 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2009-09-03 09:51 . 2009-09-03 09:51 630784 c:\windows\Installer\3e5cc.msp + 2007-10-06 06:45 . 2007-10-06 06:45 203264 c:\windows\Installer\3e4ee.msp + 2008-07-28 12:45 . 2008-07-28 12:45 162304 c:\windows\Installer\3e476.msp + 2010-11-12 10:13 . 2010-11-12 10:13 883712 c:\windows\Installer\3e461.msp + 2012-06-05 09:20 . 2012-06-07 12:40 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2012-06-05 09:20 . 2012-06-06 01:08 409600 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2012-06-05 09:20 . 2012-06-07 12:40 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2012-06-05 09:20 . 2012-06-06 01:08 286720 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2012-06-05 09:20 . 2012-06-07 12:40 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2012-06-05 09:20 . 2012-06-06 01:08 249856 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2012-06-05 09:20 . 2012-06-06 01:08 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2012-06-05 09:20 . 2012-06-07 12:40 794624 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2012-06-05 09:20 . 2012-06-07 12:40 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2012-06-05 09:20 . 2012-06-06 01:08 135168 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe + 2012-06-05 09:20 . 2012-06-07 12:40 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2012-06-05 09:20 . 2012-06-06 01:08 593920 c:\windows\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2011-06-06 10:55 . 2011-06-06 10:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\sqlite.dll + 2011-06-06 10:55 . 2011-06-06 10:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\pdfshell.dll + 2011-06-06 10:55 . 2011-06-06 10:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe + 2011-06-06 10:55 . 2011-06-06 10:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\nppdf32.dll + 2011-06-06 10:55 . 2011-06-06 10:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AiodLite.dll + 2011-06-06 10:55 . 2011-06-06 10:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRdIF.dll + 2011-06-06 10:55 . 2011-06-06 10:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroPDF.dll + 2011-06-06 10:55 . 2011-06-06 10:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\acrobroker.exe + 2011-06-06 10:55 . 2011-06-06 10:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\a3dutils.dll + 2007-03-22 17:22 . 2007-03-22 17:22 103264 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\TRANSMGR.DLL + 2007-05-10 11:34 . 2007-05-10 11:34 562528 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PUBCONV.DLL + 2007-05-31 11:36 . 2007-05-31 11:36 612184 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PTXT9.DLL + 2007-05-31 11:35 . 2007-05-31 11:35 133976 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PRTF9.DLL + 2007-04-19 11:53 . 2007-04-19 11:53 149856 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLPH.DLL + 2007-05-31 11:42 . 2007-05-31 11:42 200032 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLOOK.EXE + 2007-04-19 11:53 . 2007-04-19 11:53 106336 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLMIME.DLL + 2007-04-19 11:53 . 2007-04-19 11:53 109408 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLCTL.DLL + 2007-04-19 12:01 . 2007-04-19 12:01 238424 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSCDM.DLL + 2007-01-16 18:32 . 2007-01-16 18:32 136032 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSAEXP30.DLL + 2007-04-19 11:54 . 2007-04-19 11:54 183136 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MIMEDIR.DLL + 2012-06-06 01:06 . 2012-06-06 01:06 103776 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\IPATHPIA.DLL + 2007-04-19 11:53 . 2007-04-19 11:53 127328 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\IMPMAIL.DLL + 2007-04-19 12:09 . 2007-04-19 12:09 167256 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\IETAG.DLL + 2007-04-19 11:53 . 2007-04-19 11:53 137568 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\ENVELOPE.DLL + 2007-04-19 11:54 . 2007-04-19 11:54 169312 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\ACCWIZ.DLL + 2003-07-15 09:18 . 2003-07-15 09:18 141360 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.5614\ATP.DLL + 2011-01-14 05:10 . 2011-01-14 05:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL + 2011-01-14 05:10 . 2011-01-14 05:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL + 2012-06-07 12:29 . 2012-06-07 12:29 111624 c:\windows\assembly\GAC\Microsoft.Office.Interop.InfoPath\11.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.InfoPath.dll + 2009-08-04 17:52 . 2009-08-04 17:52 1193832 c:\windows\system32\FM20.DLL + 2012-01-30 18:46 . 2012-01-30 18:46 7069184 c:\windows\Installer\4081908.msp + 2011-07-21 10:34 . 2011-07-21 10:34 3456000 c:\windows\Installer\4081907.msp + 2010-08-05 10:59 . 2010-08-05 10:59 4033536 c:\windows\Installer\3e63a.msp + 2009-10-16 16:07 . 2009-10-16 16:07 6115328 c:\windows\Installer\3e618.msp + 2010-10-22 13:45 . 2010-10-22 13:45 8444928 c:\windows\Installer\3e602.msp + 2009-08-20 03:02 . 2009-08-20 03:02 5204992 c:\windows\Installer\3e5b7.msp + 2010-06-11 15:55 . 2010-06-11 15:55 1827328 c:\windows\Installer\3e5a0.msp + 2009-07-01 11:21 . 2009-07-01 11:21 8891904 c:\windows\Installer\3e585.msp + 2012-01-30 18:46 . 2012-01-30 18:46 7069184 c:\windows\Installer\3e56b.msp + 2008-01-14 14:53 . 2008-01-14 14:53 5213696 c:\windows\Installer\3e569.msp + 2011-05-17 16:28 . 2011-05-17 16:28 6862848 c:\windows\Installer\3e54b.msp + 2011-04-29 11:04 . 2011-04-29 11:04 5053440 c:\windows\Installer\3e535.msp + 2009-12-16 20:58 . 2009-12-16 20:58 5382144 c:\windows\Installer\3e51d.msp + 2012-04-09 14:50 . 2012-04-09 14:50 6829568 c:\windows\Installer\3e504.msp + 2012-03-19 20:02 . 2012-03-19 20:02 6695936 c:\windows\Installer\3e4e7.msp + 2008-10-25 07:15 . 2008-10-25 07:15 6227456 c:\windows\Installer\3e4d1.msp + 2011-10-31 10:37 . 2011-10-31 10:37 4146688 c:\windows\Installer\3e4bb.msp + 2011-05-23 12:15 . 2011-05-23 12:15 3617792 c:\windows\Installer\3e48c.msp + 2010-08-25 15:06 . 2010-08-25 15:06 6479360 c:\windows\Installer\3e448.msp + 2012-04-17 10:11 . 2012-04-17 10:11 7681024 c:\windows\Installer\3e432.msp + 2010-03-30 10:34 . 2010-03-30 10:34 3826688 c:\windows\Installer\3e41c.msp + 2012-01-30 18:46 . 2012-01-30 18:46 7069184 c:\windows\Installer\25c623d.msp + 2012-06-07 12:58 . 2012-06-07 12:58 2309120 c:\windows\Installer\1c47c0.msi + 2011-06-06 10:55 . 2011-06-06 10:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\rt3d.dll + 2011-06-06 10:55 . 2011-06-06 10:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\authplay.dll + 2011-06-06 10:55 . 2011-06-06 10:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AdobeCollabSync.exe + 2011-06-06 10:55 . 2011-06-06 10:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32.exe + 2007-05-09 15:19 . 2007-05-09 15:19 2585936 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\VBE6.DLL + 2007-04-19 11:49 . 2007-04-19 11:49 1661280 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\PPTVIEW.EXE + 2007-05-31 11:35 . 2007-05-31 11:35 6420320 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\POWERPNT.EXE + 2007-05-10 11:45 . 2007-05-10 11:45 8069464 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OWC11.DLL + 2007-03-14 11:10 . 2007-03-14 11:10 7255384 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OWC10.DLL + 2007-05-31 11:43 . 2007-05-31 11:43 7613280 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OUTLLIB.DLL + 2007-04-19 12:09 . 2007-04-19 12:09 1061720 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\OMFC.DLL + 2007-05-10 11:35 . 2007-05-10 11:35 6747480 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSPUB.EXE + 2007-05-10 11:43 . 2007-05-10 11:43 6688096 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSACCESS.EXE + 2007-04-30 12:57 . 2007-04-30 12:57 7084384 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\INFOPATH.EXE + 2007-06-06 08:53 . 2007-06-06 08:53 1195888 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\FM20.DLL + 2011-01-14 05:10 . 2011-01-14 05:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL + 2011-01-14 05:10 . 2011-01-14 05:10 2180992 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKPOWERPOINT.DLL + 2011-01-14 05:10 . 2011-01-14 05:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL + 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\40818fa.msp + 2011-07-26 14:33 . 2011-07-26 14:33 10984448 c:\windows\Installer\3e5e2.msp + 2010-06-11 15:52 . 2010-06-11 15:52 45542912 c:\windows\Installer\3e5a1.msp + 2009-07-01 11:19 . 2009-07-01 11:19 10607104 c:\windows\Installer\3e586.msp + 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\3e553.msp + 2012-03-28 16:10 . 2012-03-28 16:10 12098048 c:\windows\Installer\3e4a2.msp + 2012-04-04 13:32 . 2012-04-04 13:32 16613376 c:\windows\Installer\3514a.msp + 2011-12-26 07:02 . 2011-12-26 07:02 19677184 c:\windows\Installer\25c623a.msp + 2011-06-06 10:55 . 2011-06-06 10:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73401B744AA0100000010\10.1.0\AcroRd32.dll + 2007-05-31 11:37 . 2007-05-31 11:37 12310368 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\WINWORD.EXE + 2007-06-18 15:16 . 2007-06-18 15:16 12259160 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\MSO.DLL + 2007-05-31 11:41 . 2007-05-31 11:41 10352472 c:\windows\Installer\$PatchCache$\Managed\3140110900063D11C8EF10054038389C\11.0.8173\EXCEL.EXE . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-07 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216] . d:\menu start\Programma's\Opstarten\ WindowsUpdate56629[1].exe [2004-11-9 0] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "win-xp"=winis.exe "nwiz"=nwiz.exe /installquiet "ATIModeChange"=Ati2mdxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= . R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19-8-2011 16:07 654408] R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [4-6-2012 14:39 932736] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19-8-2011 16:07 22344] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4-6-2012 12:41 257696] S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?] S3 efipsk;efipsk;\??\c:\docume~1\mike\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\mike\LOCALS~1\Temp\efipsk.sys [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7-6-2012 14:58 136176] S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [29-8-2006 0:54 10664] S3 kaspersky1;kaspersky1;\??\c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys --> c:\documents and settings\mike\Mijn documenten\kaspersky\kaspersky.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 10:50] . 2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58] . 2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-06-07 12:58] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Trusted Zone: getmirar.com\click Trusted Zone: mirarsearch.com\click Trusted Zone: mirarsearch.com\redirect Trusted Zone: net-nucleus.com\awbeta TCP: DhcpNameServer = 192.168.2.254 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-06-08 17:08 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:f0,2e,e4,66,9e,e0,24,a0,62,0e,78,13,fe,32,8a,b4,11,72,ef,6d,e6,19,c1, 83,3a,ac,dd,50,6f,f9,49,91,39,b2,8f,9d,50,1f,18,39,18,d0,ca,ae,0b,51,4b,26,\ "??"=hex:87,25,1d,2d,c9,80,e6,81,fb,9d,b7,d9,d8,9b,42,e9 . [HKEY_USERS\S-1-5-21-3424684324-1530385744-49028143-1005\Software\SecuROM\License information*] "datasecu"=hex:a6,54,38,81,ed,c1,d1,15,17,e0,cd,91,6c,89,7e,c8,cc,5b,11,f9,81, f9,98,df,07,35,4a,7a,d4,8f,dc,03,76,2c,c0,82,5d,95,52,27,61,ac,71,80,4a,8c,\ "rkeysecu"=hex:31,17,29,56,96,ad,4e,69,11,61,05,0e,05,17,70,6a . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(716) c:\windows\system32\Ati2evxx.dll c:\program files\common files\logitech\bluetooth\LBTWlgn.dll c:\program files\common files\logitech\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(1472) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-06-08 17:11:00 ComboFix-quarantined-files.txt 2012-06-08 15:10 ComboFix2.txt 2012-06-07 09:52 . - - End Of File - - 59F5CE745071518396A894518D6A7156
  11. hoi, computer zegt dat norton en avg antiv. actief is terwijl ik deze heb verwijderd. ik nu alleen nog mcafee.
  12. hoi, hijcack kan de 04 startup en 04 user startup niet verwijderen
  13. Malwarebytes Anti-Malware 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: v2012.06.06.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 mike :: UW-6RSPZYDFVPYJ [administrator] 6-6-2012 17:04:46 mbam-log-2012-06-06 (17-04-46).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 218288 Verstreken tijd: 11 minuut/minuten, 4 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 4 C:\RECYCLER\S-1-5-21-3424684324-1530385744-49028143-1005\Dc1.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd. C:\RECYCLER\S-1-5-21-3424684324-1530385744-49028143-1005\Dc2.exe (Adware.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd. C:\RECYCLER\S-1-5-21-3424684324-1530385744-49028143-1005\Dc3.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd. C:\WINDOWS\system32\md5.dll (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:27:15, on 6-6-2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: WindowsUpdate56629[1].exe O4 - User Startup: WindowsUpdate56629[1].exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: vToolbarUpdater11.0.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe O24 - Desktop Component 0: (no name) - http://www.weapons.be/weaponslogov2.jpg -- End of file - 4200 bytes
  14. Sorry maar bedoel je hiermee??? ---------- Post toegevoegd om 15:20 ---------- Vorige post was om 15:19 ---------- Wat bedoel je hiermee???
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.