Flikkerend balkje in explorer.

[chrisssy]

Sinds gister had ik Master Boot record virus in me computer zitten dit is nu opgelost door recovery console. Maar nu heb ik een balkje onderaan dat blauw explorer ding zitten die om de 4 seconden knippert echt heel irritant wat kan dit zijn en hoe kan ik het oplossen? Groeten Christine.

[Jion]

Dag Christine,

Welkom op PCH!

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

---

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

---

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

[chrisssy]

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:07:50, on 15-7-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\UnsignedThemesSvc.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Vista Drive Icon\DrvIcon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\BlueStacks\HD-LogRotatorService.exe

C:\WINDOWS\system32\StacSV.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Download Manager\MSDownloadManager.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ViGlance] C:\Program Files\ViGlance\ViGlance.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342376324375

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe

O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe

O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\WINDOWS\UnsignedThemesSvc.exe

--

End of file - 6664 bytes

[Jion]

De malware experts zijn verwittigd en helpen je verder zodra zij online zijn.

[kape]

Logje HijackThis is zonder problemen. Voer even het volgende uit :

Download AdwCleaner by Xplode naar je Bureaublad.

• Sluit alle openstaande vensters
  
• Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren...
  
• Klik vervolgens op Delete
  
• Klik bij AdwCleaner – Information op OK
  
• Klik bij AdwCleaner – Restart Required op OK
  

Alle icoontjes verdwijnen van het Bureaublad, Dit is normaal

Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt ) post de inhoud hier in een volgende bericht.

[chrisssy]

# AdwCleaner v1.702 - Logfile created 07/15/2012 at 23:48:39

# Updated 13/07/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Administrator - PC

# Running from : C:\Documents and Settings\Administrator\Bureaublad\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\PriceGong

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\QuickStoresToolbar

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Program Files\Conduit

File Deleted : C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickStores.url

File Deleted : C:\Documents and Settings\Administrator\Menu Start\QuickStores.url

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\Smartbar

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v20.0.1132.57

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted : "homepage": "hxxp://search.babylon.com/?affID=113480&tt=010712_4&babsrc=HP_ss&mntrId=c0598e370[...]

Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=113480&tt=010712_4&babsrc[...]

Deleted : "scriptable_host": [ "hxxp://*/*", "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdC[...]

Deleted : "default_title": "uTorrentBar_NL Community Toolbar",

Deleted : "matches": [ "hxxp://cap1.conduit-apps.com/Apps/jdownloader/jdController.html*", "[...]

Deleted : "name": "uTorrentBar_NL",

Deleted : "path": "plugins/ConduitChromeApiPlugin.dll",

Deleted : "update_url": "hxxp://autoupdate.chromewebtb.conduit-services.com/?productId=CT286531[...]

Deleted : "homepage": "hxxp://search.babylon.com/?affID=113480&tt=010712_4&babsrc=HP_ss&mntrId=c0598e370000[...]

Deleted : "urls_to_restore_on_startup": [ "hxxp://search.babylon.com/?affID=113480&tt=010712_4&babsrc=HP[...]

*************************

AdwCleaner[s1].txt - [349 octets] - [15/07/2012 23:47:35]

AdwCleaner[s2].txt - [3620 octets] - [15/07/2012 23:48:39]

########## EOF - C:\AdwCleaner[s2].txt - [3748 octets] ##########

[kape]

En hoe staat het nu met het balkje ?

[chrisssy]

hij doet het nog steeds heel raar

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[chrisssy]

ComboFix 12-07-14.01 - Administrator 16-07-2012 12:12:51.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2038.1099 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\sqlite3.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_xcpip

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-16 to 2012-07-16 ))))))))))))))))))))))))))))))

.

.

2012-07-15 21:49 . 2012-07-16 10:12 -------- d-sh--w- c:\documents and settings\Administrator\Onlangs geopend

2012-07-15 21:17 . 2011-06-11 13:37 42672 ----a-w- c:\windows\system32\wbsys.dll

2012-07-15 21:17 . 2012-07-15 21:17 -------- d-----w- c:\program files\Stardock

2012-07-15 21:11 . 2012-07-15 21:11 -------- d-----w- c:\program files\184917

2012-07-15 21:09 . 2012-07-15 21:10 -------- d-----w- c:\program files\184924

2012-07-15 20:57 . 2012-07-15 21:04 -------- d-----w- c:\program files\iColorFolder

2012-07-15 19:06 . 2012-07-15 19:06 388096 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-15 19:06 . 2012-07-15 19:06 -------- d-----w- c:\program files\Trend Micro

2012-07-15 18:41 . 2012-07-15 18:41 -------- d-----w- c:\program files\Microsoft Download Manager

2012-07-15 17:57 . 2012-07-15 18:00 -------- d-----w- c:\windows\I386

2012-07-15 14:41 . 2012-07-15 17:17 -------- d-----w- c:\documents and settings\Christine

2012-07-15 10:33 . 2012-07-15 10:33 -------- d-----w- c:\program files\Mad Scientist Productions

2012-07-15 10:15 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-15 10:15 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-15 10:15 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-15 10:15 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-15 10:15 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-15 10:15 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-07-15 10:15 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-07-15 10:15 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-07-15 10:14 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-15 10:14 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-15 10:14 . 2012-07-15 10:14 -------- d-----w- c:\program files\AVAST Software

2012-07-15 10:14 . 2012-07-15 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-07-15 00:23 . 2009-12-30 09:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-07-15 00:10 . 2012-07-15 00:10 -------- d-----w- c:\windows\system32\wbem\Repository

2012-07-15 00:08 . 2012-07-15 00:08 -------- d-----w- c:\program files\SystemRequirementsLab

2012-07-15 00:07 . 2012-07-15 00:07 -------- d-----w- c:\program files\PowerISO

2012-07-15 00:06 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks

2012-07-15 00:05 . 2012-07-15 00:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\BlueStacks

2012-07-14 23:59 . 2012-07-14 23:59 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2012-07-14 23:59 . 2012-07-15 00:24 -------- d-----w- c:\program files\NirSoft

2012-07-14 23:58 . 2012-07-14 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\EA Core

2012-07-14 23:58 . 2012-07-14 23:58 -------- d-----w- c:\windows\Performance

2012-07-14 23:57 . 2012-07-14 23:57 -------- d-----w- c:\program files\Origin Games

2012-07-14 23:55 . 2012-07-14 23:55 -------- d-----w- c:\windows\SxsCaPendDel

2012-07-14 23:55 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunderbird

2012-07-14 23:55 . 2012-07-14 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2012-07-14 23:55 . 2012-07-14 23:55 -------- d-----w- C:\ProgramData

2012-07-14 23:55 . 2012-07-15 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\PowerISO

2012-07-14 23:54 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\uTorrentBar_NL

2012-07-14 23:54 . 2012-07-14 23:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp

2012-07-14 23:54 . 2012-07-15 16:39 -------- d-----w- c:\program files\uTorrent

2012-07-14 19:48 . 2012-07-14 19:50 -------- d-----w- c:\windows\system32\NtmsData

2012-07-14 18:54 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Facebook

2012-07-14 17:33 . 2012-07-15 00:06 -------- d-s---w- c:\documents and settings\Test

2012-07-14 17:05 . 2012-07-14 17:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\iPadian

2012-07-14 15:54 . 2012-07-15 00:06 -------- d-----w- c:\program files\RegClean Pro

2012-07-14 15:54 . 2012-07-14 15:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\systweak

2012-07-14 15:53 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\ViGlance

2012-07-13 23:20 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype

2012-07-13 23:20 . 2012-07-15 00:06 -------- d-----w- c:\program files\Skype

2012-07-13 23:20 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-07-13 15:05 . 2012-07-13 15:05 -------- d-----w- c:\program files\Common Files\Java

2012-07-13 14:57 . 2012-07-13 14:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer

2012-07-13 13:58 . 2012-07-13 13:58 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sun

2012-07-13 13:56 . 2012-07-13 13:56 -------- d-----w- c:\program files\Java

2012-07-12 11:16 . 2012-07-12 11:16 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\fontconfig

2012-07-12 11:15 . 2012-07-15 00:06 -------- d-----w- c:\documents and settings\Administrator\.gimp-2.8

2012-07-12 11:15 . 2012-07-12 11:15 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\gegl-0.2

2012-07-12 11:02 . 2012-07-15 00:06 -------- d-----w- c:\program files\GIMP 2

2012-07-12 10:30 . 2012-07-12 10:35 -------- d-----w- c:\documents and settings\Administrator\(2).VirtualBox

2012-07-12 10:28 . 2012-07-13 13:57 -------- d-----w- c:\program files\Oracle

2012-07-11 11:12 . 2012-07-11 11:12 -------- d-----w- c:\program files\MSXML 4.0

2012-07-08 21:33 . 2012-07-08 21:33 -------- d-----w- c:\documents and settings\Administrator\youwave

2012-07-08 21:33 . 2012-07-08 21:33 -------- d-----w- c:\documents and settings\Administrator\.Virtualbox

2012-07-07 22:10 . 2012-07-07 22:10 -------- d-----w- C:\temp

2012-07-07 22:10 . 2012-07-07 22:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SupportSoft

2012-07-06 14:57 . 2012-07-15 00:07 -------- d-----w- c:\program files\NCH Software

2012-07-04 17:15 . 2012-07-04 17:15 1527 ----a-w- C:\user.js

2012-06-29 16:57 . 2012-07-15 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2012-06-29 16:51 . 2012-06-29 16:51 -------- d-----w- C:\MSOCache

2012-06-28 14:44 . 2012-06-28 14:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\{90140011-0062-0413-0000-0000000FF1CE}

2012-06-28 14:44 . 2012-06-28 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Virtualized Applications

2012-06-28 13:21 . 2012-07-15 00:09 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SoftGrid Client

2012-06-28 13:21 . 2012-07-14 16:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SoftGrid Client

2012-06-28 13:18 . 2012-07-15 00:09 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2012-06-28 13:18 . 2012-06-28 13:18 -------- d-----w- c:\documents and settings\All Users\Microsoft

2012-06-26 20:16 . 2012-06-26 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HD-bord Software

2012-06-25 19:20 . 2012-06-25 19:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group

2012-06-25 19:20 . 2012-06-25 19:20 -------- d-----w- c:\program files\VS Revo Group

2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

2012-06-23 21:46 . 2008-04-13 21:14 2560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\USMT\iconlib.dll

2012-06-23 20:52 . 2012-07-15 00:04 -------- d-----w- c:\program files\ViGlance

2012-06-23 15:38 . 2012-06-23 15:38 -------- d-----w- c:\windows\system32\LogFiles

2012-06-23 15:33 . 2012-07-15 00:05 -------- d-----w- c:\program files\BlueStacks

2012-06-23 12:28 . 2012-07-15 00:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc

2012-06-23 12:02 . 2012-06-23 12:02 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities

2012-06-23 10:54 . 2012-07-14 23:58 -------- d-----w- c:\program files\Unlocker

2012-06-23 10:11 . 2012-06-23 10:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft Corporation

2012-06-23 09:04 . 2012-06-23 09:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Origin

2012-06-23 09:04 . 2012-06-23 09:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\Origin

2012-06-23 09:03 . 2012-07-14 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Origin

2012-06-23 09:02 . 2012-07-14 23:58 -------- d-----w- c:\program files\Origin

2012-06-22 22:09 . 2011-08-12 11:51 26488 ----a-w- c:\windows\system32\spupdsvc.exe

2012-06-22 21:58 . 2012-06-22 21:58 -------- d-----w- c:\windows\ie8updates

2012-06-22 21:44 . 2012-06-23 22:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe

2012-06-22 21:42 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird

2012-06-22 21:36 . 2008-04-14 21:32 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

2012-06-22 21:11 . 2012-06-22 21:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\XnView

2012-06-22 21:11 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\AIMP

2012-06-22 21:10 . 2012-06-22 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink

2012-06-22 21:07 . 2012-07-14 23:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\PhotoScape

2012-06-22 20:54 . 2012-07-15 01:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-22 20:54 . 2012-07-15 01:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-22 20:48 . 2008-04-13 20:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2012-06-22 20:48 . 2008-04-13 20:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2012-06-22 20:20 . 2008-09-05 00:22 447752 ----a-r- c:\windows\system32\vp6vfw.dll

2012-06-22 20:20 . 2012-06-22 20:20 -------- d-----w- c:\program files\Microsoft WSE

2012-06-22 20:14 . 2012-07-15 00:28 -------- d-----w- c:\program files\Electronic Arts

2012-06-22 20:08 . 2011-07-15 13:29 457856 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2012-06-22 19:23 . 2001-09-06 15:04 12288 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2012-06-22 19:23 . 2001-09-06 15:04 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2012-06-22 19:23 . 2008-04-13 20:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2012-06-22 19:23 . 2008-04-13 20:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

2012-06-22 19:13 . 2012-07-14 22:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google

2012-06-22 19:13 . 2012-06-22 19:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\CRE

2012-06-22 19:13 . 2012-05-11 14:43 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2012-06-22 19:13 . 2012-05-11 14:43 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2012-06-22 19:13 . 2012-05-11 14:43 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2012-06-22 19:13 . 2012-05-11 14:43 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2012-06-22 19:13 . 2012-05-11 14:43 11112960 -c----w- c:\windows\system32\dllcache\ieframe.dll

2012-06-22 19:13 . 2012-05-11 14:43 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-22 19:13 . 2012-05-11 14:43 2001408 -c----w- c:\windows\system32\dllcache\iertutil.dll

2012-06-22 19:13 . 2012-05-11 14:43 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-13 13:55 . 2010-10-19 10:49 1875200 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:48 . 2010-10-19 10:48 1447936 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:48 . 2010-10-19 10:48 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 15:35 . 2010-10-19 10:50 222448 ----a-w- c:\windows\system32\muweb.dll

2012-06-04 04:31 . 2010-10-19 10:49 153088 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2010-10-19 10:50 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2012-05-29 22:57 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2012-05-29 22:57 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2012-05-29 22:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2012-05-29 22:57 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2012-05-29 22:57 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2010-10-19 10:50 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2010-10-19 10:50 45080 ----a-w- c:\windows\system32\wups2(2).dll

2012-06-02 13:19 . 2010-10-19 10:48 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2010-10-19 10:50 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2012-05-29 22:57 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2010-10-19 10:50 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2012-05-29 22:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2010-10-19 10:50 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2010-10-19 10:50 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2010-10-19 10:50 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-05-31 13:19 . 2010-10-19 10:48 603136 ----a-w- c:\windows\system32\crypt32.dll

2012-05-31 04:10 . 2012-05-31 04:10 113104 ----a-w- c:\windows\system32\drivers\scdemu.sys

2012-05-16 15:08 . 2010-10-19 10:52 920064 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:43 . 2012-05-29 22:57 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-11 14:43 . 2010-10-19 10:52 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 12:13 . 2010-10-19 10:52 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 03:14 . 2010-10-19 10:48 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2010-04-28 05:20 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:45 . 2012-05-29 22:54 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-10-19 . FF50B2ABDDAD3C0E43B01E31D4D51026 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2012-07-15 895376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-28 141336]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-28 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-28 142360]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-05-31 336992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

"DrvIcon"="c:\program files\Vista Drive Icon\DrvIcon.exe" [2008-04-13 49152]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2010-10-19 128512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]

2011-09-26 13:10 210224 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders schannel.dll, digest.dll

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [15-7-2012 12:15 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [15-7-2012 12:15 353688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15-7-2012 12:15 21256]

R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [10-7-2012 14:17 66952]

R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [10-7-2012 14:18 385416]

R2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [13-7-2009 1:07 21096]

R2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [13-7-2009 1:07 25448]

R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [30-5-2012 2:46 6607744]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22-6-2012 22:54 250056]

S3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe [10-7-2012 14:17 397704]

S3 m0sdg7.sys;m0sdg7.sys;\??\c:\windows\system32\drivers\m0sdg7.sys --> c:\windows\system32\drivers\m0sdg7.sys [?]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [15-7-2012 2:23 27064]

S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 01:00]

.

2012-07-16 c:\windows\Tasks\avast! Emergency Update.job

- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-15 16:21]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-842925246-1417001333-500Core.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-23 21:53]

.

2012-07-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-842925246-1417001333-500UA.job

- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-23 21:53]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe

HKCU-Run-ViGlance - c:\program files\ViGlance\ViGlance.exe

HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-16 12:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-448539723-842925246-1417001333-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,d4,80,44,74,f6,e9,47,b9,5b,4f,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,d4,80,44,74,f6,e9,47,b9,5b,4f,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b2,d4,80,44,74,f6,e9,47,b9,5b,4f,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1004)

c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

.

- - - - - - - > 'explorer.exe'(1516)

c:\windows\system32\msi.dll

c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\StacSV.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-16 12:23:01 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-16 10:22

.

Pre-Run: 44.230.516.736 bytes beschikbaar

Post-Run: 44.529.577.984 bytes beschikbaar

.

- - End Of File - - FFC008FD414511ADD06FB642E0ABAFF7