nieuw venster op voorgrond

[kape]

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop hasplms

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete hasplms

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/freedesktopclock/{E067DA3B-56FD-4C18-A8B8-06967DB40E2D }

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)

R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

[ldubbelo]

Malwarebytes' Anti-Malware 1.51.0.1200

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: 6953

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

26 juni 2011 10 23 07

mbam-log-2011-06-26 (10-23-07).txt

Scantype: Snelle scan

Objecten gescand: 172060

Verstreken tijd: 2 minuut/minuten, 7 seconde(n)

Geheugenprocessen geïnfecteerd: 1

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 1

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 3

Bestanden geïnfecteerd: 6

Geheugenprocessen geïnfecteerd:

c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> 2432 -> Unloaded process successfully.

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_CURRENT_USER\Software\ErrorRepairPro (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

c:\program files (x86)\error repair professional (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

c:\program files (x86)\error repair professional\Backups (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

c:\program files (x86)\error repair professional\startbug (Rogue.ErrorRepairProfessional) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\Windows\kmservice.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\program files\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

c:\program files (x86)\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

c:\Users\danny\AppData\Local\Temp\MGASetup.exe (Hacktool.WPA) -> Quarantined and deleted successfully.

c:\program files (x86)\common files\alg.exe (Trojan.Agent) -> Quarantined and deleted successfully.

________________________________________________

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10 32:57, on 26 juni 2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\System32\spool\drivers\x64\3\E_S0BIC1.EXE

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files (x86)\Start Menu 7\StartMenu7.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\VistaLauncher.exe

O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Program Files (x86)\WashAndgo\checker.exe /check

O4 - HKCU\..\Run: [startMenu7] "C:\Program Files (x86)\Start Menu 7\StartMenu7.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe

O23 - Service: G Data Filesystem Monitor (AVKWCtl) - Unknown owner - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe

O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11463 bytes

[kape]

Heb je dit ook uitgevoerd ?

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop hasplms

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete hasplms

Druk op Enter.

... want die gegevens bevinden zich nog steeds in je nieuwe logje ?

[ldubbelo]

ja, dat is gebeurd

nu nogmaals,

daarna :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12 56:26, on 26 juni 2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\System32\spool\drivers\x64\3\E_S0BIC1.EXE

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files (x86)\Start Menu 7\StartMenu7.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Windows\SysWOW64\fixmapi.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\VistaLauncher.exe

O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Program Files (x86)\WashAndgo\checker.exe /check

O4 - HKCU\..\Run: [startMenu7] "C:\Program Files (x86)\Start Menu 7\StartMenu7.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe

O23 - Service: G Data Filesystem Monitor (AVKWCtl) - Unknown owner - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe

O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11745 bytes

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[ldubbelo]

ComboFix 11-06-27.01 - danny 7 jun 2011 18 24 21.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8174.6331 [GMT 2:00]

Gestart vanuit: c:\users\danny\Desktop\ComboFix.exe

AV: G Data AntiVirus 2011 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml

c:\users\danny\AppData\Roaming\Mozilla\Firefox\Profiles\hjbvoqxa.default\searchplugins\SearchquWebSearch.xml

c:\windows\shutdown.dll

c:\windows\SysWow64\syspvc.dll

E:\Autorun.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))

.

.

2011-06-27 16:30 . 2011-06-27 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-27 05:39 . 2011-06-27 05:39 -------- d-----w- c:\users\danny\AppData\Local\{88109156-56ED-466F-AB24-70C8EA3A3B0E}

2011-06-26 10:07 . 2011-06-26 10:07 -------- d-----w- c:\users\danny\AppData\Local\{B4724B6E-9915-40C6-97BA-516BD4E14183}

2011-06-26 08:08 . 2011-06-26 08:08 -------- d-----w- c:\users\danny\AppData\Roaming\Malwarebytes

2011-06-26 08:07 . 2011-06-26 08:07 -------- d-----w- c:\programdata\Malwarebytes

2011-06-26 08:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-26 08:07 . 2011-06-26 08:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-26 08:07 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 22:07 . 2011-06-25 22:07 -------- d-----w- c:\users\danny\AppData\Local\{6BBAC248-54EF-45AF-A977-A2737B913A40}

2011-06-25 13:56 . 2011-06-25 13:56 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle

2011-06-25 13:55 . 2011-06-25 13:55 -------- d-----w- c:\programdata\Studio 15

2011-06-25 13:55 . 2011-06-25 13:55 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging

2011-06-25 13:02 . 2011-06-25 13:02 388096 ----a-r- c:\users\danny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-25 13:02 . 2011-06-25 13:02 -------- d-----w- c:\program files (x86)\Trend Micro

2011-06-25 06:21 . 2011-06-25 06:21 -------- d-----w- c:\users\danny\AppData\Local\{4C8F31FA-C913-4D13-A5A6-8966A8FD4D93}

2011-06-25 06:21 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23639D27-DAA6-4DF6-B214-0486F992B1D9}\mpengine.dll

2011-06-24 18:05 . 2011-06-24 18:05 -------- d-----w- c:\users\danny\AppData\Local\{8B850446-9E87-46F6-A7C8-DE222A005890}

2011-06-24 06:05 . 2011-06-24 06:05 -------- d-----w- c:\users\danny\AppData\Local\{2742C931-D34C-42AD-9E50-089A2479F186}

2011-06-23 18:04 . 2011-06-23 18:04 -------- d-----w- c:\users\danny\AppData\Local\{03B7F44E-6656-4D80-8C06-5C921D47F772}

2011-06-23 06:02 . 2011-06-23 06:02 -------- d-----w- c:\users\danny\AppData\Local\{93688D76-35D8-48AD-915D-05BBAEFD4227}

2011-06-22 18:15 . 2011-06-22 18:17 -------- d-----w- c:\users\danny\AppData\Roaming\Download Manager

2011-06-22 14:48 . 2011-06-22 14:49 -------- d-----w- c:\users\Greta

2011-06-22 14:10 . 2011-06-22 14:10 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-22 14:10 . 2011-06-22 14:10 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-22 06:40 . 2011-06-22 06:40 -------- d-----w- c:\users\danny\AppData\Local\{41CC3E33-5B73-4369-93FD-647BA213B136}

2011-06-21 18:12 . 2011-06-21 18:12 -------- d-----w- c:\users\danny\AppData\Local\{52FD5D47-B02C-42A3-B4FA-E57A7AA7663B}

2011-06-21 15:01 . 2011-06-21 15:01 -------- d-----w- c:\windows\Sun

2011-06-21 06:12 . 2011-06-21 06:12 -------- d-----w- c:\users\danny\AppData\Local\{93B6CC62-8DE8-405F-9313-581AF6E59C07}

2011-06-20 18:11 . 2011-06-20 18:12 -------- d-----w- c:\users\danny\AppData\Local\{5040161D-7DA2-4CE5-A039-021C92A95A60}

2011-06-20 15:20 . 2011-06-20 15:20 -------- d-----w- c:\program files (x86)\Photodex Presenter

2011-06-20 15:20 . 2011-06-20 15:20 -------- d-----w- c:\users\danny\AppData\Roaming\Netscape

2011-06-20 15:19 . 2011-06-20 15:19 -------- d-----w- c:\program files (x86)\Photodex

2011-06-20 15:17 . 2011-06-20 15:20 -------- d-----w- c:\programdata\Photodex

2011-06-20 15:17 . 2011-06-20 15:17 -------- d-----w- c:\users\danny\AppData\Roaming\Photodex

2011-06-20 06:11 . 2011-06-20 06:11 -------- d-----w- c:\users\danny\AppData\Local\{7C99448D-1371-48CD-AEC5-E3369487404F}

2011-06-19 08:10 . 2011-06-19 08:10 -------- d-----w- c:\programdata\Wondershare

2011-06-19 08:09 . 2011-06-21 15:02 -------- d-----w- c:\program files (x86)\Wondershare

2011-06-19 07:58 . 2011-06-19 07:58 -------- d-----w- c:\users\danny\AppData\Roaming\Softplicity

2011-06-19 07:58 . 2011-06-19 07:58 -------- d-----w- c:\program files (x86)\PhotoMusic

2011-06-19 06:41 . 2011-06-19 06:41 -------- d-----w- c:\users\danny\AppData\Local\{F441E191-5AB9-4663-8275-4F452B4D7FC6}

2011-06-18 07:18 . 2011-06-18 07:18 -------- d-----w- c:\users\danny\AppData\Local\{B8F79CC7-694C-4089-847E-16B46512C433}

2011-06-17 09:18 . 2011-06-17 09:18 -------- d-----w- c:\users\danny\AppData\Roaming\VanDale

2011-06-17 09:17 . 2011-06-17 09:17 -------- d-----w- c:\program files (x86)\Woordenboeken

2011-06-17 07:15 . 2011-06-17 07:15 -------- d-----w- c:\users\danny\AppData\Local\{9E9BE2D3-282C-433A-9023-EEC3B874515D}

2011-06-17 06:33 . 2011-06-17 06:33 -------- d-----w- c:\users\danny\AppData\Roaming\7 Taskbar Tweaker

2011-06-16 19:03 . 2011-06-16 19:03 -------- d-----w- c:\users\danny\AppData\Local\{6488AB90-1F90-4FDE-A7EE-17C3CC00E3D5}

2011-06-16 16:09 . 2011-06-16 16:09 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-16 08:48 . 2011-06-16 08:48 -------- d-----w- c:\program files (x86)\FilerFrog

2011-06-16 07:03 . 2011-06-16 07:03 -------- d-----w- c:\users\danny\AppData\Local\{D372E22B-4C7C-41C5-A6FE-283E43017B38}

2011-06-15 18:44 . 2011-06-15 18:44 -------- d-----w- c:\users\danny\AppData\Local\{1ABA0797-F2F0-46E0-A12A-0D422179A0E7}

2011-06-10 18:38 . 2011-06-10 18:38 -------- d-----w- c:\users\danny\AppData\Local\{DB5CD066-52A8-419B-88DC-AB8D5098CC23}

2011-06-10 06:38 . 2011-06-10 06:38 -------- d-----w- c:\users\danny\AppData\Local\{6A5324E8-5A1C-46D5-8702-D5E869E93C50}

2011-06-09 18:38 . 2011-06-09 18:38 -------- d-----w- c:\users\danny\AppData\Local\{B73BADC2-B5F4-484A-86F7-AE5795563576}

2011-06-09 06:38 . 2011-06-09 06:38 -------- d-----w- c:\users\danny\AppData\Local\{69CB1C0E-6563-4A5B-ADE3-28A1C0E439C5}

2011-06-08 18:37 . 2011-06-08 18:37 -------- d-----w- c:\users\danny\AppData\Local\{E7F59AD0-A388-4032-9203-1539D921D896}

2011-06-08 16:46 . 2011-06-08 16:46 -------- d-----w- c:\program files (x86)\Image Resizer

2011-06-08 16:05 . 2011-06-08 16:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-06-08 16:05 . 2011-06-08 16:05 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-08 06:09 . 2011-06-08 06:09 -------- d-----w- c:\users\danny\AppData\Local\{02AC37C9-0841-4BAD-A7D0-EF10ED13C2B3}

2011-06-07 16:57 . 2011-06-07 16:57 8296 ----a-w- c:\programdata\xml560D.tmp

2011-06-07 16:57 . 2011-06-07 16:57 2263 ----a-w- c:\programdata\xml5718.tmp

2011-06-07 16:57 . 2011-06-07 16:57 13455 ----a-w- c:\programdata\xml56C9.tmp

2011-06-07 16:56 . 2011-06-07 16:56 -------- d-----w- c:\program files\SiSoftware

2011-06-07 15:47 . 2011-06-07 15:47 -------- d-----w- c:\users\danny\AppData\Local\{05C69990-B6AB-4116-B612-344EAC1322FE}

2011-06-07 05:39 . 2011-06-07 05:39 -------- d-----w- c:\users\danny\AppData\Local\{31C8B5B9-7E66-43A3-981A-C199E91DCBC9}

2011-06-06 12:11 . 2009-08-28 11:23 1521893 ----a-w- c:\program files (x86)\winrar-x64-390.exe

2011-06-06 11:57 . 2009-08-28 11:23 1521893 ----a-w- c:\program files (x86)\Mozilla Firefox\winrar-x64-390.exe

2011-06-06 11:56 . 2009-08-28 11:23 1521893 ----a-w- c:\program files\winrar-x64-390.exe

2011-06-06 11:29 . 2011-06-07 14:44 -------- d-----w- c:\users\danny\AppData\Roaming\7plus

2011-06-06 06:27 . 2011-06-06 06:27 -------- d-----w- c:\users\danny\AppData\Local\{D3708114-E7B3-4A40-8104-778977D76C5E}

2011-06-05 18:10 . 2011-06-05 18:10 -------- d-----w- c:\users\danny\AppData\Local\{5074A7ED-6540-4DEE-B0EF-318430AAD51F}

2011-06-05 08:00 . 2011-06-05 07:58 8192 ----a-w- c:\windows\SysWow64\srvany.exe

2011-06-05 07:55 . 2011-06-05 08:08 -------- d-----w- c:\program files (x86)\Genuine Advantage

2011-06-05 07:55 . 2011-06-05 07:55 -------- d-----w- c:\windows\Genuine Advantage

2011-06-05 06:22 . 2011-06-05 06:22 -------- d-----w- c:\users\danny\AppData\Local\Ilivid Player

2011-06-05 06:21 . 2011-06-05 06:21 -------- d-----w- c:\users\danny\AppData\Local\PackageAware

2011-06-05 06:09 . 2011-06-05 06:09 -------- d-----w- c:\users\danny\AppData\Local\{65275FC3-6BEB-4B4E-9DEE-BA1AE9020B65}

2011-06-04 16:27 . 2011-06-04 16:27 -------- d-----w- c:\users\danny\AppData\Roaming\Serif

2011-06-04 07:37 . 2011-06-04 07:37 -------- d-----w- c:\users\danny\AppData\Local\{27E83095-BB7A-4F9B-AA86-C864BDC4C3F3}

2011-06-04 06:51 . 2011-06-04 06:51 -------- d-----w- c:\programdata\FilerFrog

2011-06-03 19:37 . 2011-06-03 19:37 -------- d-----w- c:\users\danny\AppData\Local\{1559ED03-27BC-4DD0-9215-F018F25B7D46}

2011-06-03 06:49 . 2011-06-03 06:49 -------- d-----w- c:\users\danny\AppData\Local\{1B444250-28BE-47CB-9F4E-0957A9726347}

2011-06-02 18:49 . 2011-06-02 18:49 -------- d-----w- c:\users\danny\AppData\Local\{273EA5F4-4AD7-43A7-9B62-E6BA3279CA51}

2011-06-02 06:48 . 2011-06-02 06:48 -------- d-----w- c:\users\danny\AppData\Local\{EE71B61A-EED0-41A6-B23E-E7CA55F71489}

2011-06-01 17:54 . 2011-06-01 17:54 -------- d-----w- c:\users\danny\AppData\Local\{A2CB0DB6-C59F-4CDD-A848-0A865BF7E63C}

2011-06-01 05:54 . 2011-06-01 05:54 -------- d-----w- c:\users\danny\AppData\Local\{EBFCE801-0B22-470D-BDE5-777211310208}

2011-05-31 16:50 . 2011-06-16 11:05 -------- d-----w- c:\users\danny\AppData\Local\Ashampoo Photo Optimizer 4

2011-05-31 16:35 . 2011-05-31 16:51 -------- d-----w- c:\users\danny\AppData\Local\photoOptimizeHistoryDataBase

2011-05-31 16:35 . 2011-05-31 16:49 -------- d-----w- c:\users\danny\AppData\Local\Ashampoo Photo Optimizer 3

2011-05-31 15:22 . 2011-05-31 15:24 -------- d-----w- c:\program files (x86)\Picasa2

2011-05-31 15:16 . 2011-05-31 15:16 -------- d-----w- c:\users\danny\AppData\Roaming\Ashampoo Photo Commander 5

2011-05-31 06:19 . 2011-05-31 06:19 -------- d-----w- c:\users\danny\AppData\Local\{4B5123F0-3F9D-4D79-B26C-3F8A6709C4EB}

2011-05-30 14:02 . 2011-05-30 14:03 -------- d-----w- c:\users\danny\AppData\Local\{14F30BFF-1385-425C-8E7A-015CE8FA57E5}

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-23 12:07 . 2011-03-29 12:02 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys

2011-06-16 07:02 . 2011-05-14 07:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-24 17:14 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-18 16:16 . 2011-05-18 16:16 137544 ----a-w- c:\windows\SysWow64\atl100.dll

2011-04-23 08:08 . 2011-02-25 12:07 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2011-04-23 08:08 . 2011-02-25 12:07 49096 ----a-w- c:\windows\system32\drivers\HookCentre.sys

2011-04-23 08:08 . 2011-02-25 12:07 85960 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2011-04-22 22:15 . 2011-05-25 06:04 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-21 19:24 . 2011-04-21 19:24 53248 ----a-r- c:\users\danny\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-04-21 19:24 . 2011-04-21 19:24 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr

2011-04-09 07:02 . 2011-05-11 05:23 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-19 05:49 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 05:23 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 05:23 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-19 05:49 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WashAndGo - Cleanup of old Backupfiles"="c:\program files (x86)\WashAndgo\checker.exe" [2003-04-07 71680]

"StartMenu7"="c:\program files (x86)\Start Menu 7\StartMenu7.exe" [2011-04-29 2752920]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2010-09-10 997960]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]

"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"ST Recovery Launcher"="c:\windows\SMINST\VistaLauncher.exe" [2008-09-11 46416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 136176]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]

S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]

S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]

S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]

S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/05 18:40];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-09-02 1098312]

S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [2010-05-04 410696]

S2 AVKWCtl;G Data Filesystem Monitor;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2010-08-25 1865344]

S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]

S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]

S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]

S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]

S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]

S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-08-25 340552]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 15:54]

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 15:54]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

"EPSON Stylus C62 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_S0BIC1.EXE" [2002-04-10 74240]

"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-04-25 1901888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.searchqu.com/406

mStart Page = hxxp://www.bigseekpro.com/freedesktopclock/{E067DA3B-56FD-4C18-A8B8-06967DB40E2D}

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.1 195.130.131.1

FF - ProfilePath - c:\users\danny\AppData\Roaming\Mozilla\Firefox\Profiles\hjbvoqxa.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2117678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - hxxp://www.deredactie.be/cm/vrtnieuws|http://www.krantenkoppen.be/|http://www.netvibes.com/privatepage/1#Mijn_overzicht

FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

Notify-WgaLogon - (no file)

Toolbar-10 - (no file)

WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)

AddRemove-7 Taskbar Tweaker - c:\users\danny\AppData\Roaming\7 Taskbar Tweaker\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\hasplms.exe

c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-27 18:33:20 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-27 16:33

.

Pre-Run: 36.698.828.800 bytes beschikbaar

Post-Run: 40.279.568.384 bytes beschikbaar

.

- - End Of File - - F330C80BC5E66C172C93679842B15EF3

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\programdata\xml560D.tmp

c:\programdata\xml5718.tmp

c:\programdata\xml56C9.tmp

Folder::

c:\users\danny\AppData\Local\{88109156-56ED-466F-AB24-70C8EA3A3B0E}

c:\users\danny\AppData\Local\{B4724B6E-9915-40C6-97BA-516BD4E14183}

c:\users\danny\AppData\Local\{6BBAC248-54EF-45AF-A977-A2737B913A40}

c:\users\danny\AppData\Local\{4C8F31FA-C913-4D13-A5A6-8966A8FD4D93}

c:\users\danny\AppData\Local\{8B850446-9E87-46F6-A7C8-DE222A005890}

c:\users\danny\AppData\Local\{2742C931-D34C-42AD-9E50-089A2479F186}

c:\users\danny\AppData\Local\{03B7F44E-6656-4D80-8C06-5C921D47F772}

c:\users\danny\AppData\Local\{93688D76-35D8-48AD-915D-05BBAEFD4227}

c:\users\danny\AppData\Local\{41CC3E33-5B73-4369-93FD-647BA213B136}

c:\users\danny\AppData\Local\{52FD5D47-B02C-42A3-B4FA-E57A7AA7663B}

c:\users\danny\AppData\Local\{93B6CC62-8DE8-405F-9313-581AF6E59C07}

c:\users\danny\AppData\Local\{5040161D-7DA2-4CE5-A039-021C92A95A60}

c:\users\danny\AppData\Local\{7C99448D-1371-48CD-AEC5-E3369487404F}

c:\users\danny\AppData\Local\{F441E191-5AB9-4663-8275-4F452B4D7FC6}

c:\users\danny\AppData\Local\{B8F79CC7-694C-4089-847E-16B46512C433}

c:\users\danny\AppData\Local\{9E9BE2D3-282C-433A-9023-EEC3B874515D}

c:\users\danny\AppData\Local\{6488AB90-1F90-4FDE-A7EE-17C3CC00E3D5}

c:\users\danny\AppData\Local\{D372E22B-4C7C-41C5-A6FE-283E43017B38}

c:\users\danny\AppData\Local\{1ABA0797-F2F0-46E0-A12A-0D422179A0E7}

c:\users\danny\AppData\Local\{DB5CD066-52A8-419B-88DC-AB8D5098CC23}

c:\users\danny\AppData\Local\{6A5324E8-5A1C-46D5-8702-D5E869E93C50}

c:\users\danny\AppData\Local\{B73BADC2-B5F4-484A-86F7-AE5795563576}

c:\users\danny\AppData\Local\{69CB1C0E-6563-4A5B-ADE3-28A1C0E439C5}

c:\users\danny\AppData\Local\{E7F59AD0-A388-4032-9203-1539D921D896}

c:\users\danny\AppData\Local\{02AC37C9-0841-4BAD-A7D0-EF10ED13C2B3}

c:\users\danny\AppData\Local\{05C69990-B6AB-4116-B612-344EAC1322FE}

c:\users\danny\AppData\Local\{31C8B5B9-7E66-43A3-981A-C199E91DCBC9}

c:\users\danny\AppData\Local\{D3708114-E7B3-4A40-8104-778977D76C5E}

c:\users\danny\AppData\Local\{5074A7ED-6540-4DEE-B0EF-318430AAD51F}

c:\users\danny\AppData\Local\{65275FC3-6BEB-4B4E-9DEE-BA1AE9020B65}

c:\users\danny\AppData\Local\{27E83095-BB7A-4F9B-AA86-C864BDC4C3F3}

c:\users\danny\AppData\Local\{1559ED03-27BC-4DD0-9215-F018F25B7D46}

c:\users\danny\AppData\Local\{1B444250-28BE-47CB-9F4E-0957A9726347}

c:\users\danny\AppData\Local\{273EA5F4-4AD7-43A7-9B62-E6BA3279CA51}

c:\users\danny\AppData\Local\{EE71B61A-EED0-41A6-B23E-E7CA55F71489}

c:\users\danny\AppData\Local\{A2CB0DB6-C59F-4CDD-A848-0A865BF7E63C}

c:\users\danny\AppData\Local\{EBFCE801-0B22-470D-BDE5-777211310208}

c:\users\danny\AppData\Local\{4B5123F0-3F9D-4D79-B26C-3F8A6709C4EB}

c:\users\danny\AppData\Local\{14F30BFF-1385-425C-8E7A-015CE8FA57E5}

Firefox::

FF - ProfilePath - c:\users\danny\AppData\Roaming\Mozilla\Firefox\Profiles\hjbvoqxa.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[ldubbelo]

ComboFix 11-06-27.01 - danny 7 jun 2011 20 05 17.3.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8174.6222 [GMT 2:00]

Gestart vanuit: c:\users\danny\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\danny\Desktop\CFScript.txt

AV: G Data AntiVirus 2011 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\programdata\xml560D.tmp"

"c:\programdata\xml56C9.tmp"

"c:\programdata\xml5718.tmp"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xml560D.tmp

c:\programdata\xml56C9.tmp

c:\programdata\xml5718.tmp

c:\users\danny\AppData\Local\{02AC37C9-0841-4BAD-A7D0-EF10ED13C2B3}

c:\users\danny\AppData\Local\{03B7F44E-6656-4D80-8C06-5C921D47F772}

c:\users\danny\AppData\Local\{05C69990-B6AB-4116-B612-344EAC1322FE}

c:\users\danny\AppData\Local\{14F30BFF-1385-425C-8E7A-015CE8FA57E5}

c:\users\danny\AppData\Local\{1559ED03-27BC-4DD0-9215-F018F25B7D46}

c:\users\danny\AppData\Local\{1ABA0797-F2F0-46E0-A12A-0D422179A0E7}

c:\users\danny\AppData\Local\{1B444250-28BE-47CB-9F4E-0957A9726347}

c:\users\danny\AppData\Local\{273EA5F4-4AD7-43A7-9B62-E6BA3279CA51}

c:\users\danny\AppData\Local\{2742C931-D34C-42AD-9E50-089A2479F186}

c:\users\danny\AppData\Local\{27E83095-BB7A-4F9B-AA86-C864BDC4C3F3}

c:\users\danny\AppData\Local\{31C8B5B9-7E66-43A3-981A-C199E91DCBC9}

c:\users\danny\AppData\Local\{41CC3E33-5B73-4369-93FD-647BA213B136}

c:\users\danny\AppData\Local\{4B5123F0-3F9D-4D79-B26C-3F8A6709C4EB}

c:\users\danny\AppData\Local\{4C8F31FA-C913-4D13-A5A6-8966A8FD4D93}

c:\users\danny\AppData\Local\{5040161D-7DA2-4CE5-A039-021C92A95A60}

c:\users\danny\AppData\Local\{5074A7ED-6540-4DEE-B0EF-318430AAD51F}

c:\users\danny\AppData\Local\{52FD5D47-B02C-42A3-B4FA-E57A7AA7663B}

c:\users\danny\AppData\Local\{6488AB90-1F90-4FDE-A7EE-17C3CC00E3D5}

c:\users\danny\AppData\Local\{65275FC3-6BEB-4B4E-9DEE-BA1AE9020B65}

c:\users\danny\AppData\Local\{69CB1C0E-6563-4A5B-ADE3-28A1C0E439C5}

c:\users\danny\AppData\Local\{6A5324E8-5A1C-46D5-8702-D5E869E93C50}

c:\users\danny\AppData\Local\{6BBAC248-54EF-45AF-A977-A2737B913A40}

c:\users\danny\AppData\Local\{7C99448D-1371-48CD-AEC5-E3369487404F}

c:\users\danny\AppData\Local\{88109156-56ED-466F-AB24-70C8EA3A3B0E}

c:\users\danny\AppData\Local\{8B850446-9E87-46F6-A7C8-DE222A005890}

c:\users\danny\AppData\Local\{93688D76-35D8-48AD-915D-05BBAEFD4227}

c:\users\danny\AppData\Local\{93B6CC62-8DE8-405F-9313-581AF6E59C07}

c:\users\danny\AppData\Local\{9E9BE2D3-282C-433A-9023-EEC3B874515D}

c:\users\danny\AppData\Local\{A2CB0DB6-C59F-4CDD-A848-0A865BF7E63C}

c:\users\danny\AppData\Local\{B4724B6E-9915-40C6-97BA-516BD4E14183}

c:\users\danny\AppData\Local\{B73BADC2-B5F4-484A-86F7-AE5795563576}

c:\users\danny\AppData\Local\{B8F79CC7-694C-4089-847E-16B46512C433}

c:\users\danny\AppData\Local\{D3708114-E7B3-4A40-8104-778977D76C5E}

c:\users\danny\AppData\Local\{D372E22B-4C7C-41C5-A6FE-283E43017B38}

c:\users\danny\AppData\Local\{DB5CD066-52A8-419B-88DC-AB8D5098CC23}

c:\users\danny\AppData\Local\{E7F59AD0-A388-4032-9203-1539D921D896}

c:\users\danny\AppData\Local\{EBFCE801-0B22-470D-BDE5-777211310208}

c:\users\danny\AppData\Local\{EE71B61A-EED0-41A6-B23E-E7CA55F71489}

c:\users\danny\AppData\Local\{F441E191-5AB9-4663-8275-4F452B4D7FC6}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))

.

.

2011-06-27 18:14 . 2011-06-27 18:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-27 17:39 . 2011-06-27 17:39 -------- d-----w- c:\users\danny\AppData\Local\{BEB2AEA9-EB12-47FB-853B-AD1E7BF66CFF}

2011-06-26 08:08 . 2011-06-26 08:08 -------- d-----w- c:\users\danny\AppData\Roaming\Malwarebytes

2011-06-26 08:07 . 2011-06-26 08:07 -------- d-----w- c:\programdata\Malwarebytes

2011-06-26 08:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-26 08:07 . 2011-06-26 08:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-26 08:07 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 13:56 . 2011-06-25 13:56 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle

2011-06-25 13:55 . 2011-06-25 13:55 -------- d-----w- c:\programdata\Studio 15

2011-06-25 13:55 . 2011-06-25 13:55 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging

2011-06-25 13:02 . 2011-06-25 13:02 388096 ----a-r- c:\users\danny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-25 13:02 . 2011-06-25 13:02 -------- d-----w- c:\program files (x86)\Trend Micro

2011-06-25 06:21 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23639D27-DAA6-4DF6-B214-0486F992B1D9}\mpengine.dll

2011-06-22 18:15 . 2011-06-22 18:17 -------- d-----w- c:\users\danny\AppData\Roaming\Download Manager

2011-06-22 14:48 . 2011-06-27 16:33 -------- d-----w- c:\users\Greta

2011-06-22 14:10 . 2011-06-22 14:10 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-22 14:10 . 2011-06-22 14:10 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-21 15:01 . 2011-06-21 15:01 -------- d-----w- c:\windows\Sun

2011-06-20 15:20 . 2011-06-20 15:20 -------- d-----w- c:\program files (x86)\Photodex Presenter

2011-06-20 15:20 . 2011-06-20 15:20 -------- d-----w- c:\users\danny\AppData\Roaming\Netscape

2011-06-20 15:19 . 2011-06-20 15:19 -------- d-----w- c:\program files (x86)\Photodex

2011-06-20 15:17 . 2011-06-20 15:20 -------- d-----w- c:\programdata\Photodex

2011-06-20 15:17 . 2011-06-20 15:17 -------- d-----w- c:\users\danny\AppData\Roaming\Photodex

2011-06-19 08:10 . 2011-06-19 08:10 -------- d-----w- c:\programdata\Wondershare

2011-06-19 08:09 . 2011-06-21 15:02 -------- d-----w- c:\program files (x86)\Wondershare

2011-06-19 07:58 . 2011-06-19 07:58 -------- d-----w- c:\users\danny\AppData\Roaming\Softplicity

2011-06-19 07:58 . 2011-06-19 07:58 -------- d-----w- c:\program files (x86)\PhotoMusic

2011-06-17 09:18 . 2011-06-17 09:18 -------- d-----w- c:\users\danny\AppData\Roaming\VanDale

2011-06-17 09:17 . 2011-06-17 09:17 -------- d-----w- c:\program files (x86)\Woordenboeken

2011-06-17 06:33 . 2011-06-17 06:33 -------- d-----w- c:\users\danny\AppData\Roaming\7 Taskbar Tweaker

2011-06-16 16:09 . 2011-06-16 16:09 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-16 08:48 . 2011-06-16 08:48 -------- d-----w- c:\program files (x86)\FilerFrog

2011-06-08 16:46 . 2011-06-08 16:46 -------- d-----w- c:\program files (x86)\Image Resizer

2011-06-08 16:05 . 2011-06-08 16:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-06-08 16:05 . 2011-06-08 16:05 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-07 16:56 . 2011-06-07 16:56 -------- d-----w- c:\program files\SiSoftware

2011-06-06 12:11 . 2009-08-28 11:23 1521893 ----a-w- c:\program files (x86)\winrar-x64-390.exe

2011-06-06 11:57 . 2009-08-28 11:23 1521893 ----a-w- c:\program files (x86)\Mozilla Firefox\winrar-x64-390.exe

2011-06-06 11:56 . 2009-08-28 11:23 1521893 ----a-w- c:\program files\winrar-x64-390.exe

2011-06-06 11:29 . 2011-06-07 14:44 -------- d-----w- c:\users\danny\AppData\Roaming\7plus

2011-06-05 08:00 . 2011-06-05 07:58 8192 ----a-w- c:\windows\SysWow64\srvany.exe

2011-06-05 07:55 . 2011-06-05 08:08 -------- d-----w- c:\program files (x86)\Genuine Advantage

2011-06-05 07:55 . 2011-06-05 07:55 -------- d-----w- c:\windows\Genuine Advantage

2011-06-05 06:22 . 2011-06-05 06:22 -------- d-----w- c:\users\danny\AppData\Local\Ilivid Player

2011-06-05 06:21 . 2011-06-05 06:21 -------- d-----w- c:\users\danny\AppData\Local\PackageAware

2011-06-04 16:27 . 2011-06-04 16:27 -------- d-----w- c:\users\danny\AppData\Roaming\Serif

2011-06-04 06:51 . 2011-06-04 06:51 -------- d-----w- c:\programdata\FilerFrog

2011-05-31 16:50 . 2011-06-16 11:05 -------- d-----w- c:\users\danny\AppData\Local\Ashampoo Photo Optimizer 4

2011-05-31 16:35 . 2011-05-31 16:51 -------- d-----w- c:\users\danny\AppData\Local\photoOptimizeHistoryDataBase

2011-05-31 16:35 . 2011-05-31 16:49 -------- d-----w- c:\users\danny\AppData\Local\Ashampoo Photo Optimizer 3

2011-05-31 15:22 . 2011-05-31 15:24 -------- d-----w- c:\program files (x86)\Picasa2

2011-05-31 15:16 . 2011-05-31 15:16 -------- d-----w- c:\users\danny\AppData\Roaming\Ashampoo Photo Commander 5

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-23 12:07 . 2011-03-29 12:02 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys

2011-06-16 07:02 . 2011-05-14 07:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-24 17:14 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-18 16:16 . 2011-05-18 16:16 137544 ----a-w- c:\windows\SysWow64\atl100.dll

2011-04-23 08:08 . 2011-02-25 12:07 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2011-04-23 08:08 . 2011-02-25 12:07 49096 ----a-w- c:\windows\system32\drivers\HookCentre.sys

2011-04-23 08:08 . 2011-02-25 12:07 85960 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2011-04-22 22:15 . 2011-05-25 06:04 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-21 19:24 . 2011-04-21 19:24 53248 ----a-r- c:\users\danny\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-04-21 19:24 . 2011-04-21 19:24 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr

2011-04-09 07:02 . 2011-05-11 05:23 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-19 05:49 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 05:23 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 05:23 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-19 05:49 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-27_16.32.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2011-06-27 16:47 43532 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-06-27 16:16 46102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-06-27 18:00 46102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-04-21 19:18 . 2011-06-27 16:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-21 19:18 . 2011-06-27 17:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-08 16:04 . 2011-06-26 16:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-06-08 16:04 . 2011-06-27 16:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-06-08 16:04 . 2011-06-27 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

- 2011-06-08 16:04 . 2011-06-26 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2011-06-08 16:04 . 2011-06-27 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2011-06-08 16:04 . 2011-06-26 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

+ 2011-04-21 19:18 . 2011-06-27 17:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-04-21 19:18 . 2011-06-27 16:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-04-21 19:18 . 2011-06-27 16:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-21 19:18 . 2011-06-27 17:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-21 19:18 . 2011-06-27 16:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-21 19:18 . 2011-06-27 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-04-21 19:18 . 2011-06-27 16:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-21 19:18 . 2011-06-27 18:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-21 19:18 . 2011-06-27 18:00 5488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-30360702-2838772066-1010712987-1001_UserData.bin

+ 2011-06-27 18:14 . 2011-06-27 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-27 18:14 . 2011-06-27 18:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-06-27 16:31 . 2011-06-27 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-02-21 11:09 . 2011-06-27 16:19 701326 c:\windows\system32\perfh013.dat

+ 2011-02-21 11:09 . 2011-06-27 18:05 701326 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2011-06-27 16:19 615810 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2011-06-27 18:05 615810 c:\windows\system32\perfh009.dat

- 2011-02-21 11:09 . 2011-06-27 16:19 133358 c:\windows\system32\perfc013.dat

+ 2011-02-21 11:09 . 2011-06-27 18:05 133358 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2011-06-27 18:05 106190 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2011-06-27 16:19 106190 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-06-27 16:31 429700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-06-27 18:14 429700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-04-21 19:48 . 2011-06-27 16:31 20447360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-30360702-2838772066-1010712987-1001-8192.dat

+ 2011-04-21 19:48 . 2011-06-27 18:14 20447360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-30360702-2838772066-1010712987-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WashAndGo - Cleanup of old Backupfiles"="c:\program files (x86)\WashAndgo\checker.exe" [2003-04-07 71680]

"StartMenu7"="c:\program files (x86)\Start Menu 7\StartMenu7.exe" [2011-04-29 2752920]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2010-09-10 997960]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]

"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"ST Recovery Launcher"="c:\windows\SMINST\VistaLauncher.exe" [2008-09-11 46416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 136176]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]

S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]

S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]

S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]

S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/05 18:40];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-09-02 1098312]

S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [2010-05-04 410696]

S2 AVKWCtl;G Data Filesystem Monitor;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2010-08-25 1865344]

S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]

S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]

S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]

S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]

S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]

S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-08-25 340552]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 15:54]

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 15:54]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

"EPSON Stylus C62 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_S0BIC1.EXE" [2002-04-10 74240]

"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-04-25 1901888]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.searchqu.com/406

mStart Page = hxxp://www.bigseekpro.com/freedesktopclock/{E067DA3B-56FD-4C18-A8B8-06967DB40E2D}

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.1 195.130.131.1

FF - ProfilePath - c:\users\danny\AppData\Roaming\Mozilla\Firefox\Profiles\hjbvoqxa.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.deredactie.be/cm/vrtnieuws|http://www.krantenkoppen.be/|http://www.netvibes.com/privatepage/1#Mijn_overzicht

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\hasplms.exe

c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-27 20:16:23 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-27 18:16

ComboFix2.txt 2011-06-27 16:33

.

Pre-Run: 40.284.614.656 bytes beschikbaar

Post-Run: 39.968.788.480 bytes beschikbaar

.

- - End Of File - - A3155998738791CF63B4070D9AB579BC

----------------Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20 20:39, on 27 juni 2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\System32\spool\drivers\x64\3\E_S0BIC1.EXE

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files (x86)\Start Menu 7\StartMenu7.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\VistaLauncher.exe

O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Program Files (x86)\WashAndgo\checker.exe /check

O4 - HKCU\..\Run: [startMenu7] "C:\Program Files (x86)\Start Menu 7\StartMenu7.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe

O23 - Service: G Data Filesystem Monitor (AVKWCtl) - Unknown owner - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe

O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11270 bytes

----------------------------------------------------------------

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\hasplms.exe

Folder::

c:\users\danny\AppData\Local\{BEB2AEA9-EB12-47FB-853B-AD1E7BF66CFF}

Driver::

hasplms

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[ldubbelo]

ComboFix 11-06-27.01 - danny 7 jun 2011 21 29 03.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8174.5905 [GMT 2:00]

Gestart vanuit: c:\users\danny\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\danny\Desktop\CFScript.txt

AV: G Data AntiVirus 2011 *Disabled/Updated* {54ACC2FC-837E-E665-7A92-5352D560D5EF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\hasplms.exe"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\danny\AppData\Local\{BEB2AEA9-EB12-47FB-853B-AD1E7BF66CFF}

c:\windows\system32\hasplms.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_hasplms

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))

.

.

2011-06-27 19:35 . 2011-06-27 19:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-26 08:08 . 2011-06-26 08:08 -------- d-----w- c:\users\danny\AppData\Roaming\Malwarebytes

2011-06-26 08:07 . 2011-06-26 08:07 -------- d-----w- c:\programdata\Malwarebytes

2011-06-26 08:07 . 2011-05-29 07:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-26 08:07 . 2011-06-26 08:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-26 08:07 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 13:56 . 2011-06-25 13:56 -------- d-----w- c:\program files (x86)\Common Files\Pinnacle

2011-06-25 13:55 . 2011-06-25 13:55 -------- d-----w- c:\programdata\Studio 15

2011-06-25 13:55 . 2011-06-25 13:55 -------- d-----w- c:\program files (x86)\Common Files\Pegasus Imaging

2011-06-25 13:02 . 2011-06-25 13:02 388096 ----a-r- c:\users\danny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-25 13:02 . 2011-06-25 13:02 -------- d-----w- c:\program files (x86)\Trend Micro

2011-06-25 06:21 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{23639D27-DAA6-4DF6-B214-0486F992B1D9}\mpengine.dll

2011-06-22 18:15 . 2011-06-22 18:17 -------- d-----w- c:\users\danny\AppData\Roaming\Download Manager

2011-06-22 14:48 . 2011-06-27 16:33 -------- d-----w- c:\users\Greta

2011-06-22 14:10 . 2011-06-22 14:10 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2011-06-22 14:10 . 2011-06-22 14:10 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2011-06-21 15:01 . 2011-06-21 15:01 -------- d-----w- c:\windows\Sun

2011-06-20 15:20 . 2011-06-20 15:20 -------- d-----w- c:\program files (x86)\Photodex Presenter

2011-06-20 15:20 . 2011-06-20 15:20 -------- d-----w- c:\users\danny\AppData\Roaming\Netscape

2011-06-20 15:19 . 2011-06-20 15:19 -------- d-----w- c:\program files (x86)\Photodex

2011-06-20 15:17 . 2011-06-20 15:20 -------- d-----w- c:\programdata\Photodex

2011-06-20 15:17 . 2011-06-20 15:17 -------- d-----w- c:\users\danny\AppData\Roaming\Photodex

2011-06-19 08:10 . 2011-06-19 08:10 -------- d-----w- c:\programdata\Wondershare

2011-06-19 08:09 . 2011-06-21 15:02 -------- d-----w- c:\program files (x86)\Wondershare

2011-06-19 07:58 . 2011-06-19 07:58 -------- d-----w- c:\users\danny\AppData\Roaming\Softplicity

2011-06-19 07:58 . 2011-06-19 07:58 -------- d-----w- c:\program files (x86)\PhotoMusic

2011-06-17 09:18 . 2011-06-17 09:18 -------- d-----w- c:\users\danny\AppData\Roaming\VanDale

2011-06-17 09:17 . 2011-06-17 09:17 -------- d-----w- c:\program files (x86)\Woordenboeken

2011-06-17 06:33 . 2011-06-17 06:33 -------- d-----w- c:\users\danny\AppData\Roaming\7 Taskbar Tweaker

2011-06-16 16:09 . 2011-06-16 16:09 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-16 08:48 . 2011-06-16 08:48 -------- d-----w- c:\program files (x86)\FilerFrog

2011-06-08 16:46 . 2011-06-08 16:46 -------- d-----w- c:\program files (x86)\Image Resizer

2011-06-08 16:05 . 2011-06-08 16:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-06-08 16:05 . 2011-06-08 16:05 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-06-07 16:56 . 2011-06-07 16:56 -------- d-----w- c:\program files\SiSoftware

2011-06-06 12:11 . 2009-08-28 11:23 1521893 ----a-w- c:\program files (x86)\winrar-x64-390.exe

2011-06-06 11:57 . 2009-08-28 11:23 1521893 ----a-w- c:\program files (x86)\Mozilla Firefox\winrar-x64-390.exe

2011-06-06 11:56 . 2009-08-28 11:23 1521893 ----a-w- c:\program files\winrar-x64-390.exe

2011-06-06 11:29 . 2011-06-07 14:44 -------- d-----w- c:\users\danny\AppData\Roaming\7plus

2011-06-05 08:00 . 2011-06-05 07:58 8192 ----a-w- c:\windows\SysWow64\srvany.exe

2011-06-05 07:55 . 2011-06-05 08:08 -------- d-----w- c:\program files (x86)\Genuine Advantage

2011-06-05 07:55 . 2011-06-05 07:55 -------- d-----w- c:\windows\Genuine Advantage

2011-06-05 06:22 . 2011-06-05 06:22 -------- d-----w- c:\users\danny\AppData\Local\Ilivid Player

2011-06-05 06:21 . 2011-06-05 06:21 -------- d-----w- c:\users\danny\AppData\Local\PackageAware

2011-06-04 16:27 . 2011-06-04 16:27 -------- d-----w- c:\users\danny\AppData\Roaming\Serif

2011-06-04 06:51 . 2011-06-04 06:51 -------- d-----w- c:\programdata\FilerFrog

2011-05-31 16:50 . 2011-06-16 11:05 -------- d-----w- c:\users\danny\AppData\Local\Ashampoo Photo Optimizer 4

2011-05-31 16:35 . 2011-05-31 16:51 -------- d-----w- c:\users\danny\AppData\Local\photoOptimizeHistoryDataBase

2011-05-31 16:35 . 2011-05-31 16:49 -------- d-----w- c:\users\danny\AppData\Local\Ashampoo Photo Optimizer 3

2011-05-31 15:22 . 2011-05-31 15:24 -------- d-----w- c:\program files (x86)\Picasa2

2011-05-31 15:16 . 2011-05-31 15:16 -------- d-----w- c:\users\danny\AppData\Roaming\Ashampoo Photo Commander 5

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-23 12:07 . 2011-03-29 12:02 106224 ----a-w- c:\windows\SysWow64\drivers\GRD.sys

2011-06-16 07:02 . 2011-05-14 07:09 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-24 17:14 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-05-18 16:16 . 2011-05-18 16:16 137544 ----a-w- c:\windows\SysWow64\atl100.dll

2011-04-23 08:08 . 2011-02-25 12:07 40392 ----a-w- c:\windows\system32\drivers\GDBehave.sys

2011-04-23 08:08 . 2011-02-25 12:07 49096 ----a-w- c:\windows\system32\drivers\HookCentre.sys

2011-04-23 08:08 . 2011-02-25 12:07 85960 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys

2011-04-22 22:15 . 2011-05-25 06:04 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2011-04-21 19:24 . 2011-04-21 19:24 53248 ----a-r- c:\users\danny\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2011-04-21 19:24 . 2011-04-21 19:24 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr

2011-04-09 07:02 . 2011-05-11 05:23 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-19 05:49 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 05:23 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 05:23 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-19 05:49 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-06-27_16.32.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2011-06-27 18:19 43968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-06-27 16:16 46102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-06-27 18:19 46102 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-04-21 19:18 . 2011-06-27 16:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-21 19:18 . 2011-06-27 18:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-08 16:04 . 2011-06-26 16:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-06-08 16:04 . 2011-06-27 16:50 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-06-08 16:04 . 2011-06-27 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

- 2011-06-08 16:04 . 2011-06-26 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2011-06-08 16:04 . 2011-06-27 16:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

- 2011-06-08 16:04 . 2011-06-26 16:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

+ 2011-04-21 19:18 . 2011-06-27 18:18 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-04-21 19:18 . 2011-06-27 16:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-04-21 19:18 . 2011-06-27 18:18 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-21 19:18 . 2011-06-27 16:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-04-21 19:18 . 2011-06-27 16:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-04-21 19:18 . 2011-06-27 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-04-21 19:18 . 2011-06-27 16:18 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-21 19:18 . 2011-06-27 19:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-04-21 19:18 . 2011-06-27 18:19 5488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-30360702-2838772066-1010712987-1001_UserData.bin

- 2011-06-27 16:31 . 2011-06-27 16:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-06-27 19:36 . 2011-06-27 19:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-02-21 11:09 . 2011-06-27 16:19 701326 c:\windows\system32\perfh013.dat

+ 2011-02-21 11:09 . 2011-06-27 18:22 701326 c:\windows\system32\perfh013.dat

+ 2009-07-14 02:36 . 2011-06-27 18:22 615810 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-06-27 16:19 615810 c:\windows\system32\perfh009.dat

- 2011-02-21 11:09 . 2011-06-27 16:19 133358 c:\windows\system32\perfc013.dat

+ 2011-02-21 11:09 . 2011-06-27 18:22 133358 c:\windows\system32\perfc013.dat

- 2009-07-14 02:36 . 2011-06-27 16:19 106190 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-06-27 18:22 106190 c:\windows\system32\perfc009.dat

- 2009-07-14 05:01 . 2011-06-27 16:31 429700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-06-27 19:35 429700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-04-21 19:48 . 2011-06-27 16:31 20447360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-30360702-2838772066-1010712987-1001-8192.dat

+ 2011-04-21 19:48 . 2011-06-27 19:35 20447360 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-30360702-2838772066-1010712987-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WashAndGo - Cleanup of old Backupfiles"="c:\program files (x86)\WashAndgo\checker.exe" [2003-04-07 71680]

"StartMenu7"="c:\program files (x86)\Start Menu 7\StartMenu7.exe" [2011-04-29 2752920]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe" [2010-09-10 997960]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]

"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-04-20 234792]

"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"ST Recovery Launcher"="c:\windows\SMINST\VistaLauncher.exe" [2008-09-11 46416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [2009-08-17 93848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x]

S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x]

S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x]

S1 gdwfpcd;G DATA WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x]

S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x]

S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/05/05 18:40];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-04-12 09:16 148976]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]

S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2010-09-02 1098312]

S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\AntiVirus\AVK\AVKService.exe [2010-05-04 410696]

S2 AVKWCtl;G Data Filesystem Monitor;c:\program files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe [2010-08-25 1865344]

S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-04-20 83240]

S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-03-31 70952]

S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [2011-03-31 312616]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]

S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-04-20 75248]

S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2010-08-25 340552]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 15:54]

.

2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-23 15:54]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF32067.cfxxe" [X]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

"EPSON Stylus C62 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_S0BIC1.EXE" [2002-04-10 74240]

"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-04-25 1901888]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.searchqu.com/406

mStart Page = hxxp://www.bigseekpro.com/freedesktopclock/{E067DA3B-56FD-4C18-A8B8-06967DB40E2D}

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.130.1 195.130.131.1

FF - ProfilePath - c:\users\danny\AppData\Roaming\Mozilla\Firefox\Profiles\hjbvoqxa.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.deredactie.be/cm/vrtnieuws|http://www.krantenkoppen.be/|http://www.netvibes.com/privatepage/1#Mijn_overzicht

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Photodex\ProShowGold\ScsiAccess.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-27 21:40:54 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-27 19:40

ComboFix2.txt 2011-06-27 18:16

ComboFix3.txt 2011-06-27 16:33

.

Pre-Run: 40.152.969.216 bytes beschikbaar

Post-Run: 39.615.680.512 bytes beschikbaar

.

- - End Of File - - B9596CEA9D7919B8E653E00C83124CFA

------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21 47:46, on 27 juni 2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Windows\System32\spool\drivers\x64\3\E_S0BIC1.EXE

C:\Program Files\My Lockbox\mylbx.exe

C:\Program Files (x86)\Start Menu 7\StartMenu7.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe

C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe

C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\AntiVirus\WebFilter\AvkWebIE.dll

O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\AntiVirus\AVKTray\AVKTray.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup

O4 - HKLM\..\Run: [RemoteControl11] "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"

O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [sT Recovery Launcher] %WINDIR%\SMINST\VistaLauncher.exe

O4 - HKCU\..\Run: [WashAndGo - Cleanup of old Backupfiles] C:\Program Files (x86)\WashAndgo\checker.exe /check

O4 - HKCU\..\Run: [startMenu7] "C:\Program Files (x86)\Start Menu 7\StartMenu7.exe"

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKService.exe

O23 - Service: G Data Filesystem Monitor (AVKWCtl) - Unknown owner - C:\Program Files (x86)\G Data\AntiVirus\AVK\AVKWCtlX64.exe

O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11158 bytes