Advanced System Protector kan niet verwijderd worden.

luwina · 12 december 2012

Hallo, ik kan A S P niet verwijderen. Kan het programma niet vinden in Configuratiescherm.Elke keer met opstarten komt dat programma te voor schijn, erg vervelend.Wie kan mij helpen?Groet Luwina.

kape · 12 december 2012

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

luwina · 12 december 2012

Hoi, kan ook niet meer berichten lezen in hotmail.com. Bovenin staat "Kan op dit mement geen verbing maken met hotmail. Probeer het later opnieuw".Logfile of Trend Micro HijackThis v2.0.4Scan saved at 14:18:08, on 12-12-2012Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v9.00 (9.00.8112.16455)Boot mode: NormalRunning processes:C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exeC:\Windows\PLFSetI.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Users\Winie\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exeC:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\PC Veilig\Common\FSM32.EXEC:\Program Files (x86)\Launch Manager\LMworker.exeC:\Users\Winie\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Winie\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Winie\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Users\Winie\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Winie\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmF2 - REG:system.ini: UserInit=userinit.exe,O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\PC Veilig\NRS\iescript\baselitmus.dllO4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -kO4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -aO4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoActionO4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NTO4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYO4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\PC Veilig\Common\FSM32.EXE" /splashO4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\PC Veilig\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSWO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDO4 - HKCU\..\Run: [Google Update] "C:\Users\Winie\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C391B160A9461A1047C28399CD4694DC] "C:\Users\Winie\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-windowO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - Startup: Facebook Messenger.lnk = Winie\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: ASO3DiskOptimizer - Unknown owner - C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe (file missing)O23 - Service: AVG WatchDog (avgwd) - Unknown owner - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (file missing)O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exeO23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\PC Veilig\Anti-Virus\fsgk32st.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\FWES\Program\fsdfwd.exeO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\Common\FSMA32.EXEO23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\PC Veilig\ORSP Client\fsorsp.exeO23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exeO23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 12532 bytes

13 december 2012 aangepast door kape
dubbelpost verwijderd

luwina · 12 december 2012

Hoi, Ik heb in het logje van hijackthis bovenin een berichtje gezet maar is misschien onduidelijk, vandaar nu even in een apart bericht. Ik kan ook ineens niet meer mijn berichten lezen op hotmail. Het geeft de vermelding : " Kan op dit moment geen verbindeing maken met hotmail. Probeer later opnieuw".Het ligt niet aan de verbinding want met de computer van mijn man kan ik wél berichten lezen.Dit bericht van p.c-helpforum heb ik dus gelezen op de computer van mijn man en later ingelogd op mijn eigen p.c ( laptop)

13 december 2012 aangepast door kape
dubbelpost verwijderd

luwina · 12 december 2012

Hallo,Heb ineens veel gespuis op mn laptop ( windows 7).Ben bezig geweest om Advanced System Protector weg te halen maar lukte niet met configuratiescherm. Toen allerlei andere dingen gedaan met systeemherstel en werkt ook niet meer. ( Melding : "De volume shadow copy-service werkt niet meer, foutmelding 0x81000202").Kan geen mail meer openen met hotmail, ..omdat ze bezig zijn om dat veranderen naar Outlook heb ik Outlook ingesteld ( dacht dat ik dan weer in mn mail kon komen maar ook niet) Melding : " Kan op dit moment geen verbinding maken met Outlook. Controleer of er verbinding is met internet en probeer opnieuw".Ik heb wél verbinding met internet want kan wel gewoon naar websites en google.Ik zal de reactie lezen op de p.c van mijn man, op zijn p.c kan ik wél mn mails openen.Vr gr Luwina.

kape · 13 december 2012

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

luwina · 14 december 2012

ComboFix 12-12-13.02 - Winie 14-12-2012 9:15.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2807.1558 [GMT 1:00]Gestart vanuit: c:\users\Winie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZZX3BXVT\ComboFix.exeAV: PC Veilig 9.12 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}FW: PC Veilig 9.12 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}SP: PC Veilig 9.12 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..C:\prefs.jsc:\windows\SysWow64\DEBUG.logc:\windows\SysWow64\FF05DA0D.dll..(((((((((((((((((((( Bestanden Gemaakt van 2012-11-14 to 2012-12-14 ))))))))))))))))))))))))))))))..2012-12-14 08:27 . 2012-12-14 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp2012-12-14 08:02 . 2012-12-14 08:02 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5320E4-7038-4711-B0C4-B872D6D1B42C}\offreg.dll2012-12-14 07:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5320E4-7038-4711-B0C4-B872D6D1B42C}\mpengine.dll2012-12-13 20:30 . 2012-12-13 20:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\program files\Microsoft Silverlight2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\program files (x86)\SweetIM2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\programdata\SweetIM2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\program files (x86)\Yontoo2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\programdata\Tarma Installer2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\users\Winie\AppData\Local\Wajam2012-12-13 19:16 . 2012-12-13 19:16 -------- d-----w- c:\programdata\Ad-Aware Antivirus2012-12-13 19:16 . 2012-12-13 19:16 -------- d-----w- c:\users\Winie\AppData\Roaming\LavasoftStatistics2012-12-13 19:14 . 2012-12-13 19:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus2012-12-13 19:14 . 2012-12-13 19:14 -------- d-----w- c:\programdata\Lavasoft2012-12-13 19:14 . 2012-12-13 19:14 -------- d-----w- c:\users\Winie\AppData\Local\Downloaded Installations2012-12-13 19:13 . 2012-12-13 19:13 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys2012-12-13 19:13 . 2012-12-13 19:18 -------- d-----w- c:\programdata\Search Protection2012-12-13 19:13 . 2012-12-13 19:13 -------- d-----w- c:\users\Winie\AppData\Local\adawarebp2012-12-13 19:13 . 2012-12-13 19:13 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection2012-12-13 19:12 . 2012-12-13 19:18 -------- d-----w- c:\users\Winie\AppData\Roaming\Ad-Aware Antivirus2012-12-12 14:26 . 2012-12-12 14:26 -------- d-----w- c:\users\Winie\AppData\Local\Mozilla2012-12-12 12:39 . 2012-12-12 12:39 0 ----a-w- c:\windows\SysWow64\sho674F.tmp2012-12-12 08:16 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll2012-12-10 16:35 . 2012-12-10 16:35 -------- d-----w- c:\program files (x86)\Softonic2012-12-10 16:34 . 2012-12-10 16:34 -------- d-----w- c:\program files (x86)\VS Revo Group2012-12-08 19:28 . 2012-12-12 07:58 -------- d-----w- c:\windows\system32\SPReview2012-12-08 19:25 . 2012-12-08 19:25 -------- d-----w- c:\windows\system32\EventProviders2012-12-08 19:25 . 2012-12-12 07:59 -------- d-----w- C:\32d0d171ca2c7c551161012012-12-08 14:32 . 2012-12-08 14:32 -------- d-----w- c:\programdata\IBUpdaterService2012-11-28 20:53 . 2012-11-28 20:53 -------- d-----w- c:\users\Winie\AppData\Local\CRE2012-11-27 12:48 . 2012-11-27 12:48 -------- d-----w- c:\programdata\343232012-11-16 02:04 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui2012-11-16 02:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-11-16 02:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-11-16 02:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-11-16 01:55 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-11-16 01:55 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-11-16 01:55 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2012-11-16 01:55 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-11-16 01:55 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2012-11-16 01:55 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2012-11-16 01:55 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-11-16 00:12 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys2012-11-16 00:12 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll2012-11-16 00:12 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-14 07:35 . 2010-06-24 09:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-11-16 01:56 . 2011-12-08 15:53 66395536 ----a-w- c:\windows\system32\MRT.exe2012-11-01 16:31 . 2005-10-10 08:28 181824 ----a-w- c:\program files\MSSP3NL.DLL2012-10-22 23:18 . 2012-10-22 19:36 50384 ----a-w- c:\windows\system32\drivers\fses.sys2012-10-22 19:43 . 2012-10-22 19:43 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys2012-10-22 19:18 . 2012-10-22 19:18 33408 ----a-w- c:\windows\SysWow64\drivers\fsbts.sys2012-10-21 14:04 . 2012-10-21 14:04 388096 ----a-r- c:\users\Winie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2012-10-16 21:20 . 2012-11-28 14:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2012-10-16 21:20 . 2012-11-28 14:28 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2012-10-16 20:34 . 2012-11-28 14:28 559104 ----a-w- c:\windows\apppatch\AcLayers.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]2012-07-04 14:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040].[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}][HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}][HKEY_CLASSES_ROOT\SWEETIE.IEToolbar].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-08 880528]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120]"GoogleChromeAutoLaunch_C391B160A9461A1047C28399CD4694DC"="c:\users\Winie\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-11-28 1242728].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-05-25 263936]"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-26 1545568]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"F-Secure Manager"="c:\program files (x86)\PC Veilig\Common\FSM32.EXE" [2009-11-18 201128]"F-Secure TNB"="c:\program files (x86)\PC Veilig\FSGUI\TNBUtil.exe" [2012-10-22 1655464]"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032].c:\users\Winie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Winie\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [N/A].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-10-22 50384]R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [x]R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]R3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\PC Veilig\ORSP Client\fsorsp.exe [2012-10-22 61088]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]R4 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [x]R4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]R4 F-Secure Filter;F-Secure File System Filter;c:\program files (x86)\PC Veilig\Anti-Virus\Win2K\FSfilter.sys [2009-11-18 41640]R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files (x86)\PC Veilig\Anti-Virus\Win2K\FSrec.sys [2009-11-18 27048]S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-10-22 56016]S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-13 14456]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-13 31080]S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\PC Veilig\HIPS\drivers\fshs.sys [2009-11-18 59784]S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2009-11-18 94024]S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\PC Veilig\Anti-Virus\minifilter\fsvista.sys [2009-11-18 16768]S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-05-25 255744]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-13 722528]S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\PC Veilig\Anti-Virus\minifilter\fsgk.sys [2012-11-01 199736]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Inhoud van de 'Gedeelde Taken' map.2012-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3447960757-339270444-3093424101-1001Core.job- c:\users\Winie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-20 13:48].2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3447960757-339270444-3093424101-1001UA.job- c:\users\Winie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-20 13:48].2012-12-14 c:\windows\Tasks\Scheduled scanning task.job- c:\progra~2\PCVEIL~1\ANTI-V~1\fsav.exe [2012-10-22 16:06]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560].------- Bijkomende Scan -------.uLocal Page = c:\windows\system32\blank.htmmDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tk85&r=273612111235l0494z115f47m2h36smStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={38591412-188E-11E2-89FC-88AE1D829457}mLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sLSP: c:\program files (x86)\PC Veilig\FSPS\program\FSLSP.DLLTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Winie\AppData\Roaming\Mozilla\Firefox\Profiles\0qzcv7zr.default\FF - ExtSQL: 2012-11-20 19:03; litmus-ff@f-secure.com; c:\program files (x86)\PC Veilig\NRS\litmus-ff@f-secure.comFF - ExtSQL: !HIDDEN! 2011-12-09 23:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.- - - - ORPHANS VERWIJDERD - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)Wow6432Node-HKLM-Run-HF_G_Jul - c:\program files (x86)\AVG Secure Search\HF_G_Jul.exeWow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exeWow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exeWow6432Node-HKLM-Run-AVG_UI - c:\program files (x86)\AVG\AVG2013\avgui.exeWow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exeWow6432Node-HKLM-Run-SearchProtection - c:\programdata\Search Protection\_run.batToolbar-Locked - (no file)Toolbar-10 - (no file)Toolbar-!{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14, 9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,38,12,59,76,2b, 2c,cb,ad,b9,0b,f9,1a,52,a6,9f,aa,ec,b4"{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}"=hex:51,66,7a,6c,4c,1d,38,12,99,4c,c5, c6,8a,44,0d,07,f6,df,a9,7b,0a,d1,41,18"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,c7,8d,a2, 03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27"{87775FDB-6972-41F9-AE51-8326E38CB206}"=hex:51,66,7a,6c,4c,1d,38,12,b5,5c,64, 83,40,27,97,04,d1,47,c0,66,e6,d2,f6,12"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b"{00A6FAF1-072E-44CF-8957-5838F569A31D}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f9,b5, 04,1c,49,a1,01,f6,41,1b,78,f0,37,e7,09"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75"{07B18EA1-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,cf,8d,a2, 03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4"{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}"=hex:51,66,7a,6c,4c,1d,38,12,9a,83,ec, 87,46,c2,ee,0e,ca,ac,8b,9d,d1,6a,a1,d0"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:f6,9f,ac,e0,3e,26,cd,01.[HKEY_USERS\S-1-5-21-3447960757-339270444-3093424101-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-3447960757-339270444-3093424101-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Voltooingstijd: 2012-12-14 09:44:07ComboFix-quarantined-files.txt 2012-12-14 08:44.Pre-Run: 249.654.431.744 bytes beschikbaarPost-Run: 249.588.289.536 bytes beschikbaar.- - End Of File - - 155DD8B8BDC97E759F73F7986A97BBDA

luwina · 14 december 2012

Hallo Kape, ik denk dat er ook iets aan de hand is met Windows Update, want dat kan ik ook niet openen. Groet Luwina.

kape · 14 december 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\sho674F.tmp

Folder::

c:\program files (x86)\SweetIM

c:\programdata\SweetIM

c:\program files (x86)\Yontoo

c:\programdata\Tarma Installer

c:\users\Winie\AppData\Local\Wajam

c:\programdata\Search Protection

c:\program files (x86)\Softonic

C:\32d0d171ca2c7c551161012012

c:\programdata\IBUpdaterService

Registry::

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SweetIM"=-

DDS::

mStart Page =

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

En wil je de volgende logjes eens op een normale manier posten. Nu is de tekst doorlopend en bijna onwerkbaar. Bedoeling is dat alle lijntje beginnen aan de linkerkant van je pagina of bericht.

luwina · 14 december 2012

ComboFix 12-12-13.02 - Winie 14-12-2012 13:44:25.2.2 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2807.1573 [GMT 1:00]Gestart vanuit: c:\users\Winie\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt..(((((((((((((((((((( Bestanden Gemaakt van 2012-11-14 to 2012-12-14 ))))))))))))))))))))))))))))))..2012-12-14 12:52 . 2012-12-14 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp2012-12-14 08:02 . 2012-12-14 08:02 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5320E4-7038-4711-B0C4-B872D6D1B42C}\offreg.dll2012-12-14 07:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5320E4-7038-4711-B0C4-B872D6D1B42C}\mpengine.dll2012-12-13 20:30 . 2012-12-13 20:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\program files\Microsoft Silverlight2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\program files (x86)\SweetIM2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\programdata\SweetIM2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\program files (x86)\Yontoo2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\programdata\Tarma Installer2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\users\Winie\AppData\Local\Wajam2012-12-13 19:16 . 2012-12-13 19:16 -------- d-----w- c:\programdata\Ad-Aware Antivirus2012-12-13 19:16 . 2012-12-13 19:16 -------- d-----w- c:\users\Winie\AppData\Roaming\LavasoftStatistics2012-12-13 19:14 . 2012-12-13 19:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus2012-12-13 19:14 . 2012-12-13 19:14 -------- d-----w- c:\programdata\Lavasoft2012-12-13 19:14 . 2012-12-13 19:14 -------- d-----w- c:\users\Winie\AppData\Local\Downloaded Installations2012-12-13 19:13 . 2012-12-13 19:13 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys2012-12-13 19:13 . 2012-12-13 19:18 -------- d-----w- c:\programdata\Search Protection2012-12-13 19:13 . 2012-12-13 19:13 -------- d-----w- c:\users\Winie\AppData\Local\adawarebp2012-12-13 19:13 . 2012-12-13 19:13 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection2012-12-13 19:12 . 2012-12-13 19:18 -------- d-----w- c:\users\Winie\AppData\Roaming\Ad-Aware Antivirus2012-12-12 14:26 . 2012-12-12 14:26 -------- d-----w- c:\users\Winie\AppData\Local\Mozilla2012-12-12 12:39 . 2012-12-12 12:39 0 ----a-w- c:\windows\SysWow64\sho674F.tmp2012-12-12 08:16 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll2012-12-10 16:35 . 2012-12-10 16:35 -------- d-----w- c:\program files (x86)\Softonic2012-12-10 16:34 . 2012-12-10 16:34 -------- d-----w- c:\program files (x86)\VS Revo Group2012-12-08 19:28 . 2012-12-12 07:58 -------- d-----w- c:\windows\system32\SPReview2012-12-08 19:25 . 2012-12-08 19:25 -------- d-----w- c:\windows\system32\EventProviders2012-12-08 19:25 . 2012-12-12 07:59 -------- d-----w- C:\32d0d171ca2c7c551161012012-12-08 14:32 . 2012-12-08 14:32 -------- d-----w- c:\programdata\IBUpdaterService2012-11-28 20:53 . 2012-11-28 20:53 -------- d-----w- c:\users\Winie\AppData\Local\CRE2012-11-27 12:48 . 2012-11-27 12:48 -------- d-----w- c:\programdata\343232012-11-16 02:04 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui2012-11-16 02:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-11-16 02:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-11-16 02:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-11-16 01:55 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-11-16 01:55 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-11-16 01:55 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2012-11-16 01:55 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-11-16 01:55 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2012-11-16 01:55 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2012-11-16 01:55 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-11-16 00:12 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys2012-11-16 00:12 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll2012-11-16 00:12 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-14 12:40 . 2010-06-24 09:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-11-16 01:56 . 2011-12-08 15:53 66395536 ----a-w- c:\windows\system32\MRT.exe2012-11-01 16:31 . 2005-10-10 08:28 181824 ----a-w- c:\program files\MSSP3NL.DLL2012-10-21 14:04 . 2012-10-21 14:04 388096 ----a-r- c:\users\Winie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2012-10-16 21:20 . 2012-11-28 14:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2012-10-16 21:20 . 2012-11-28 14:28 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2012-10-16 20:34 . 2012-11-28 14:28 559104 ----a-w- c:\windows\apppatch\AcLayers.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]2012-07-04 14:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040].[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}][HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}][HKEY_CLASSES_ROOT\SWEETIE.IEToolbar].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-08 880528]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120]"GoogleChromeAutoLaunch_C391B160A9461A1047C28399CD4694DC"="c:\users\Winie\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-11-28 1242728].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-05-25 263936]"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-26 1545568]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032].c:\users\Winie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Winie\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [N/A].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [x]R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]R4 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [x]R4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-13 14456]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-13 31080]S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-05-25 255744]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-13 722528]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]..--- Andere Services/Drivers In Geheugen ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Inhoud van de 'Gedeelde Taken' map.2012-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3447960757-339270444-3093424101-1001Core.job- c:\users\Winie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-20 13:48].2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3447960757-339270444-3093424101-1001UA.job- c:\users\Winie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-20 13:48]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560].------- Bijkomende Scan -------.uLocal Page = c:\windows\system32\blank.htmmDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tk85&r=273612111235l0494z115f47m2h36smStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={38591412-188E-11E2-89FC-88AE1D829457}mLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Winie\AppData\Roaming\Mozilla\Firefox\Profiles\0qzcv7zr.default\FF - ExtSQL: 2012-11-20 19:03; litmus-ff@f-secure.com; c:\program files (x86)\PC Veilig\NRS\litmus-ff@f-secure.comFF - ExtSQL: !HIDDEN! 2011-12-09 23:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.- - - - ORPHANS VERWIJDERD - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)Toolbar-!{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)...--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14, 9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,38,12,59,76,2b, 2c,cb,ad,b9,0b,f9,1a,52,a6,9f,aa,ec,b4"{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}"=hex:51,66,7a,6c,4c,1d,38,12,99,4c,c5, c6,8a,44,0d,07,f6,df,a9,7b,0a,d1,41,18"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,c7,8d,a2, 03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27"{87775FDB-6972-41F9-AE51-8326E38CB206}"=hex:51,66,7a,6c,4c,1d,38,12,b5,5c,64, 83,40,27,97,04,d1,47,c0,66,e6,d2,f6,12"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b"{00A6FAF1-072E-44CF-8957-5838F569A31D}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f9,b5, 04,1c,49,a1,01,f6,41,1b,78,f0,37,e7,09"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75"{07B18EA1-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,cf,8d,a2, 03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4"{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}"=hex:51,66,7a,6c,4c,1d,38,12,9a,83,ec, 87,46,c2,ee,0e,ca,ac,8b,9d,d1,6a,a1,d0"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:f6,9f,ac,e0,3e,26,cd,01.[HKEY_USERS\S-1-5-21-3447960757-339270444-3093424101-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-3447960757-339270444-3093424101-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Voltooingstijd: 2012-12-14 13:55:18ComboFix-quarantined-files.txt 2012-12-14 12:55ComboFix2.txt 2012-12-14 08:44.Pre-Run: 250.351.611.904 bytes beschikbaarPost-Run: 250.085.937.152 bytes beschikbaar.- - End Of File - - D8DAFFD680896B2EB22D5A697DC8E031

- - - Updated - - -

ComboFix 12-12-13.02 - Winie 14-12-2012 13:44:25.2.2 - x64Microsoft Windows 7 Home Premium 6.1.7600.0.1252.31.1043.18.2807.1573 [GMT 1:00]Gestart vanuit: c:\users\Winie\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt..(((((((((((((((((((( Bestanden Gemaakt van 2012-11-14 to 2012-12-14 ))))))))))))))))))))))))))))))..2012-12-14 12:52 . 2012-12-14 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp2012-12-14 08:02 . 2012-12-14 08:02 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5320E4-7038-4711-B0C4-B872D6D1B42C}\offreg.dll2012-12-14 07:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A5320E4-7038-4711-B0C4-B872D6D1B42C}\mpengine.dll2012-12-13 20:30 . 2012-12-13 20:30 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\program files\Microsoft Silverlight2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\program files (x86)\SweetIM2012-12-13 20:18 . 2012-12-13 20:18 -------- d-----w- c:\programdata\SweetIM2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\program files (x86)\Yontoo2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\programdata\Tarma Installer2012-12-13 20:17 . 2012-12-13 20:17 -------- d-----w- c:\users\Winie\AppData\Local\Wajam2012-12-13 19:16 . 2012-12-13 19:16 -------- d-----w- c:\programdata\Ad-Aware Antivirus2012-12-13 19:16 . 2012-12-13 19:16 -------- d-----w- c:\users\Winie\AppData\Roaming\LavasoftStatistics2012-12-13 19:14 . 2012-12-13 19:18 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus2012-12-13 19:14 . 2012-12-13 19:14 -------- d-----w- c:\programdata\Lavasoft2012-12-13 19:14 . 2012-12-13 19:14 -------- d-----w- c:\users\Winie\AppData\Local\Downloaded Installations2012-12-13 19:13 . 2012-12-13 19:13 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys2012-12-13 19:13 . 2012-12-13 19:18 -------- d-----w- c:\programdata\Search Protection2012-12-13 19:13 . 2012-12-13 19:13 -------- d-----w- c:\users\Winie\AppData\Local\adawarebp2012-12-13 19:13 . 2012-12-13 19:13 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection2012-12-13 19:12 . 2012-12-13 19:18 -------- d-----w- c:\users\Winie\AppData\Roaming\Ad-Aware Antivirus2012-12-12 14:26 . 2012-12-12 14:26 -------- d-----w- c:\users\Winie\AppData\Local\Mozilla2012-12-12 12:39 . 2012-12-12 12:39 0 ----a-w- c:\windows\SysWow64\sho674F.tmp2012-12-12 08:16 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll2012-12-10 16:35 . 2012-12-10 16:35 -------- d-----w- c:\program files (x86)\Softonic2012-12-10 16:34 . 2012-12-10 16:34 -------- d-----w- c:\program files (x86)\VS Revo Group2012-12-08 19:28 . 2012-12-12 07:58 -------- d-----w- c:\windows\system32\SPReview2012-12-08 19:25 . 2012-12-08 19:25 -------- d-----w- c:\windows\system32\EventProviders2012-12-08 19:25 . 2012-12-12 07:59 -------- d-----w- C:\32d0d171ca2c7c551161012012-12-08 14:32 . 2012-12-08 14:32 -------- d-----w- c:\programdata\IBUpdaterService2012-11-28 20:53 . 2012-11-28 20:53 -------- d-----w- c:\users\Winie\AppData\Local\CRE2012-11-27 12:48 . 2012-11-27 12:48 -------- d-----w- c:\programdata\343232012-11-16 02:04 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui2012-11-16 02:04 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2012-11-16 02:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2012-11-16 02:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2012-11-16 01:55 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2012-11-16 01:55 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2012-11-16 01:55 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2012-11-16 01:55 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2012-11-16 01:55 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2012-11-16 01:55 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2012-11-16 01:55 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2012-11-16 00:12 . 2012-10-18 18:18 3147264 ----a-w- c:\windows\system32\win32k.sys2012-11-16 00:12 . 2012-09-25 22:39 95744 ----a-w- c:\windows\system32\synceng.dll2012-11-16 00:12 . 2012-09-25 21:55 78336 ----a-w- c:\windows\SysWow64\synceng.dll...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-12-14 12:40 . 2010-06-24 09:33 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2012-11-16 01:56 . 2011-12-08 15:53 66395536 ----a-w- c:\windows\system32\MRT.exe2012-11-01 16:31 . 2005-10-10 08:28 181824 ----a-w- c:\program files\MSSP3NL.DLL2012-10-21 14:04 . 2012-10-21 14:04 388096 ----a-r- c:\users\Winie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2012-10-16 21:20 . 2012-11-28 14:28 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2012-10-16 21:20 . 2012-11-28 14:28 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2012-10-16 20:34 . 2012-11-28 14:28 559104 ----a-w- c:\windows\apppatch\AcLayers.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]2012-07-04 14:03 1310040 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]2012-10-24 00:36 194928 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-07-04 1310040].[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}][HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}][HKEY_CLASSES_ROOT\SWEETIE.IEToolbar].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-11-01 15:25 220632 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-06-08 880528]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-10-19 17875120]"GoogleChromeAutoLaunch_C391B160A9461A1047C28399CD4694DC"="c:\users\Winie\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-11-28 1242728].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-05-25 263936]"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-05-26 1545568]"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-11-16 542104]"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-10-04 115032].c:\users\Winie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk - c:\users\Winie\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [N/A].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [x]R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-08 1255736]R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]R4 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [x]R4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2012-12-13 14456]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-13 31080]S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-05-25 255744]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-13 722528]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]..--- Andere Services/Drivers In Geheugen ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Inhoud van de 'Gedeelde Taken' map.2012-12-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3447960757-339270444-3093424101-1001Core.job- c:\users\Winie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-20 13:48].2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3447960757-339270444-3093424101-1001UA.job- c:\users\Winie\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-20 13:48]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2012-11-01 15:25 244696 ----a-w- c:\users\Winie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552]"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-13 162584]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-13 386840]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-13 417560].------- Bijkomende Scan -------.uLocal Page = c:\windows\system32\blank.htmmDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&m=easynote_tk85&r=273612111235l0494z115f47m2h36smStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10025&barid={38591412-188E-11E2-89FC-88AE1D829457}mLocal Page = c:\windows\SysWOW64\blank.htmuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%sTCP: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Winie\AppData\Roaming\Mozilla\Firefox\Profiles\0qzcv7zr.default\FF - ExtSQL: 2012-11-20 19:03; litmus-ff@f-secure.com; c:\program files (x86)\PC Veilig\NRS\litmus-ff@f-secure.comFF - ExtSQL: !HIDDEN! 2011-12-09 23:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.- - - - ORPHANS VERWIJDERD - - - -.Toolbar-Locked - (no file)Toolbar-10 - (no file)Toolbar-!{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)...--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14, 9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3"{28387537-E3F9-4ED7-860C-11E69AF4A8A0}"=hex:51,66,7a,6c,4c,1d,38,12,59,76,2b, 2c,cb,ad,b9,0b,f9,1a,52,a6,9f,aa,ec,b4"{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}"=hex:51,66,7a,6c,4c,1d,38,12,99,4c,c5, c6,8a,44,0d,07,f6,df,a9,7b,0a,d1,41,18"{07B18EA9-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,c7,8d,a2, 03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4, 91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27"{87775FDB-6972-41F9-AE51-8326E38CB206}"=hex:51,66,7a,6c,4c,1d,38,12,b5,5c,64, 83,40,27,97,04,d1,47,c0,66,e6,d2,f6,12"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8, 89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b"{00A6FAF1-072E-44CF-8957-5838F569A31D}"=hex:51,66,7a,6c,4c,1d,38,12,9f,f9,b5, 04,1c,49,a1,01,f6,41,1b,78,f0,37,e7,09"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54, 07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75"{07B18EA1-A523-4961-B6BB-170DE4475CCA}"=hex:51,66,7a,6c,4c,1d,38,12,cf,8d,a2, 03,11,eb,0f,0c,c9,ad,54,4d,e1,19,18,de"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4"{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}"=hex:51,66,7a,6c,4c,1d,38,12,9a,83,ec, 87,46,c2,ee,0e,ca,ac,8b,9d,d1,6a,a1,d0"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec, fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e, 51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:f6,9f,ac,e0,3e,26,cd,01.[HKEY_USERS\S-1-5-21-3447960757-339270444-3093424101-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-3447960757-339270444-3093424101-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Voltooingstijd: 2012-12-14 13:55:18ComboFix-quarantined-files.txt 2012-12-14 12:55ComboFix2.txt 2012-12-14 08:44.Pre-Run: 250.351.611.904 bytes beschikbaarPost-Run: 250.085.937.152 bytes beschikbaar.- - End Of File - - D8DAFFD680896B2EB22D5A697DC8E031

- - - Updated - - -

Sorry Kape, met kopieeren en plakken komt het op deze manier in dit veld. Op het kladblok staat het netjes onder elkaar maar met posten krijg je dit. Ik ben een leek met computers en weet niet beter te doen. Groet Luwina.

Inloggen

Advanced System Protector kan niet verwijderd worden.

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie