Rooieborrels

ComboFix 14-05-07.03 - Wijna 09-05-2014 0:31.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7861.5758 [GMT 2:00] Gestart vanuit: c:\users\Wijna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJC1GQ3A\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2014-04-08 to 2014-05-08 )))))))))))))))))))))))))))))) . . 2014-05-08 22:40 . 2014-05-08 22:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-05-08 22:40 . 2014-05-08 22:40 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-05-06 10:17 . 2014-05-06 10:30 -------- d-----w- C:\zoek_backup 2014-05-05 11:04 . 2014-05-05 11:04 -------- d-----w- c:\programdata\Sophos 2014-05-05 11:04 . 2014-05-05 11:04 73728 ----a-r- c:\users\Wijna\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2014-05-05 11:04 . 2014-05-05 11:04 73728 ----a-r- c:\users\Wijna\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2014-05-05 11:04 . 2014-05-05 11:04 73728 ----a-r- c:\users\Wijna\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2014-05-05 11:04 . 2014-05-05 11:04 -------- d-----w- c:\program files (x86)\Sophos 2014-05-05 08:30 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-05-04 15:44 . 2014-05-04 15:44 -------- d-----w- c:\program files\Enigma Software Group 2014-05-04 15:42 . 2014-05-04 15:42 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2014-05-04 12:06 . 2014-05-04 12:06 -------- d-----w- c:\windows\Migration 2014-05-04 11:12 . 2014-05-04 11:12 -------- d-----w- c:\programdata\F-Secure 2014-05-04 10:59 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll 2014-05-04 10:59 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2014-05-04 10:59 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2014-05-04 10:59 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2014-05-04 10:59 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll 2014-05-04 10:59 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-05-04 10:58 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-05-04 10:58 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-05-04 10:58 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2014-05-04 10:54 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll 2014-05-04 10:54 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll 2014-05-04 10:54 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2014-05-04 10:54 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2014-05-04 10:54 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll 2014-05-04 10:54 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2014-05-04 10:54 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2014-05-04 10:54 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2014-05-04 10:54 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2014-05-04 10:54 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe 2014-05-04 10:53 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-05-04 10:53 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-05-04 10:40 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-05-04 10:28 . 2014-05-04 10:28 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-05-04 10:28 . 2014-05-04 10:28 43152 ----a-w- c:\windows\avastSS.scr 2014-04-16 14:03 . 2014-04-16 14:08 -------- d-----w- c:\program files\Tracker Software 2014-04-16 13:58 . 2014-04-16 13:58 -------- d-----w- c:\users\Wijna\.pdfsam 2014-04-16 13:53 . 2014-04-16 13:53 -------- d-----w- c:\users\Wijna\AppData\Roaming\Soda PDF 6 2014-04-16 13:43 . 2014-04-16 13:43 312744 ----a-w- c:\windows\system32\javaws.exe 2014-04-16 13:43 . 2014-04-16 13:43 189352 ----a-w- c:\windows\system32\javaw.exe 2014-04-16 13:43 . 2014-04-16 13:43 189352 ----a-w- c:\windows\system32\java.exe 2014-04-16 13:43 . 2014-04-16 13:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-04-16 13:43 . 2014-04-16 13:43 -------- d-----w- c:\program files\Java 2014-04-16 13:42 . 2014-04-16 13:42 -------- d-----w- c:\programdata\Soda PDF 6 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-04 10:28 . 2013-12-19 21:01 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-05-04 10:28 . 2013-06-04 07:18 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-05-04 10:28 . 2013-06-04 07:18 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-05-04 10:28 . 2013-06-04 07:18 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-05-04 10:28 . 2013-06-04 07:18 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-05-04 10:28 . 2013-06-04 07:18 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-05-04 10:28 . 2013-06-04 07:18 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-05-04 10:28 . 2013-06-04 07:18 334648 ----a-w- c:\windows\system32\aswBoot.exe 2014-04-28 21:32 . 2013-12-06 19:11 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-28 21:32 . 2012-03-20 15:22 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-31 01:51 . 2013-01-22 18:35 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-04 09:17 . 2014-05-04 10:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-10-27 177448] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-04 3873704] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . Inhoud van de 'Gedeelde Taken' map . 2014-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-20 21:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-05-04 10:28 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024] "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.44.54 212.54.40.25 DPF: {FB54FA27-96CF-4C62-80DC-DA7616EBD326} - hxxp://downloads.bullguard.com/VirusScan/bgvax.cab FF - ProfilePath - c:\users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\mxqxnbm7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) AddRemove-Chandler - c:\program files (x86)\Chandler1.0.3\uninst.exe AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2014-05-09 00:43:17 ComboFix-quarantined-files.txt 2014-05-08 22:43 ComboFix2.txt 2014-05-05 21:12 . Pre-Run: 256.929.943.552 bytes beschikbaar Post-Run: 256.740.311.040 bytes beschikbaar . - - End Of File - - BDBAFB43A7FB545F1B98E06066B8D125

Hallo Kape, Ik bleef grote problemen houden. Vooral met Explorer. De browser liep steeds vast en startte constant opnieuw op. Ik heb opnieuw een scan uitgevoerd met Avast en opnieuw werd er een rootkit gevonden waarvan de bedreiging hoog zou zijn. De rootkit is gevonden in C: Windows/winsxs......aepic.dll Ik kon het bestand niet in de kluis plaatsen. Het enige dat ik kon doen is opnieuw opstarten met een opstartscan waarbij ik alleen de keuze "herstellen" (actie uitgesteld totdat systeem opnieuw wordt gestart) had. Dit heb ik vervolgens gedaan. Ook de opstartscan vond opnieuw 3 bedreigingen. Deze zijn verwijderd. Wat er met de rootkit is gebeurd en of deze hersteld is kan ik nergens terugvinden. Explorer reageert nog altijd heel erg wisselvallig en traag. Bijv. bij het scrollen van de scrollbalk loopt het niet soepel en lijkt het wel alsof de pc telkens moet nadenken waardoor de scrollbalk steeds even stilstaat. De scrollbalk gaat telkens stukje voor stukje verder. Ook vallen bijv. stukken tekst van webpagina's vaak weg. Allemaal dat soort problemen. Groet, Dennis

8*//# AdwCleaner v3.207 - Rapport aangemaakt 06/05/2014 op 15:20:15 # Laatste Update 05/05/2014 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruikersnaam : Wijna - Wijna-PC # Gestart vanuit : C:\Users\Wijna\Desktop\adwcleaner.exe # Optie : Verwijderen ***** [ Services ] ***** ***** [ Bestanden / Mappen ] ***** ***** [ Snelkoppelingen ] ***** ***** [ Register ] ***** Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} Waarde Verwijderd : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}] Sleutel Verwijderd : HKCU\Software\OCS Sleutel Verwijderd : HKCU\Software\Softonic Sleutel Verwijderd : HKCU\Software\systweak Sleutel Verwijderd : HKLM\Software\systweak Sleutel Verwijderd : HKLM\Software\Vittalia ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16866 -\\ Mozilla Firefox v26.0 (nl) [ Bestand : C:\Users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\mxqxnbm7.default\prefs.js ] ************************* AdwCleaner[R0].txt - [2319 octets] - [06/05/2014 15:18:15] AdwCleaner[s0].txt - [2133 octets] - [06/05/2014 15:20:15] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2193 octets] ##########

Zoek.exe v5.0.0.0 Updated 14-April-2014 Tool run by Wijna on di 06-05-2014 at 12:18:30,03. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Wijna\Desktop\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 6-5-2014 12:20:23 Zoek.exe System Restore Point Created Succesfully. ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3171778365-3289252850-328694927-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\ESET deleted C:\PROGRA~3\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2} deleted C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted C:\Users\Wijna\AppData\Local\genienext deleted C:\Users\Wijna\daemonprocess.txt deleted C:\Users\Wijna\.android deleted C:\PROGRA~2\MyFree Codec deleted C:\Users\Wijna\AppData\Roaming\Systweak deleted C:\Users\Wijna\update-FM2013.bat deleted C:\Users\Wijna\AppData\Local\Software deleted C:\Users\Wijna\AppData\Local\Mobogenie deleted C:\Users\Wijna\AppData\Local\cache deleted C:\Windows\SysNative\roboot64.exe deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted C:\Windows\wininit.ini deleted C:\Users\Wijna\Documents\Mobogenie deleted C:\Users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\mxqxnbm7.default\searchplugins\conduit-search.xml deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.dll" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini" deleted "C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [04-05-2014 12:28] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\mxqxnbm7.default - avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="https://www.google.nl" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wijna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Wijna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Wijna\AppData\Local\Mozilla\Firefox\Profiles\mxqxnbm7.default\Cache emptied successfully ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== Flash Cache is not empty, a reboot is needed ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=230 folders=52 191802552 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfully C:\Users\Default User\AppData\Local\temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\UpdatusUser\AppData\Local\temp emptied successfully C:\Users\Wijna\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Wijna\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Wijna\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9K5EPC5J\www.rtl.nl" not found ==== EOF on di 06-05-2014 at 12:45:15,03 ======================

Beste Kape, Ik denk dat het op een misverstand berust want uiteraard begrijp ik heel erg goed dat het soms wat langer duurt voordat je antwoord krijgt, juist omdat het allemaal op vrijwillge basis wordt uitgevoerd. De zin "Helaas heeft tot op heden nog niemand gereageerd" is dan ook absoluut niet zo bedoeld zoals geinterpreteerd en ik had het misschien ook anders moeten formuleren. Ik bedoelde hier eigenlijk mee te zeggen dat dit mij juist aan heeft gezet om alvast een volgende stap te zetten met het plaatsen van een log van combofix. In ieder geval mijn excuses dat mijn eerdere mail verkeerd is overgekomen. Ik vind juist dat jullie uitstekend werk verrichten en dat dit niet altijd a la minuut kan is natuurlijk heel erg begrijpelijk. Hierbij de Log: Logfile of random's system information tool 1.09 (written by random/random) Run by Wijna at 2014-05-06 08:59:09 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 232 GB (58%) free of 400 GB Total RAM: 7861 MB (75% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:59:19, on 6-5-2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16866) Boot mode: Normal Running processes: C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\Wijna.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-21-3171778365-3289252850-328694927-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3171778365-3289252850-328694927-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {FB54FA27-96CF-4C62-80DC-DA7616EBD326} (BullGuard Virus Scan Control) - http://downloads.bullguard.com/VirusScan/bgvax.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11146 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Launch Manager\dsiwmis.exe" "C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe" "C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window "C:\Program Files (x86)\Acer\Registration\GREGsvc.exe" "C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE" "C:\Program Files\Acer\Acer Updater\UpdaterService.exe" C:\Windows\system32\msiexec.exe /V "C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe" C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE taskeng.exe {94878B93-F478-4C61-BE8B-0FE4ADE8653E} "C:\Windows\System32\igfxtray.exe" "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\servicing\TrustedInstaller.exe "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" C:\Windows\system32\igfxsrvc.exe -Embedding "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" C:\Windows\system32\igfxext.exe -Embedding "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 C:\Windows\system32\wbem\unsecapp.exe -Embedding "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Launch Manager\LManager.exe" "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe" "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe" "C:\Program Files (x86)\Launch Manager\LMworker.exe" C:\Windows\splwow64.exe 8192 C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files (x86)\Windows Live\Mail\wlmail.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 5104 "C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" "C:\Program Files\Internet Explorer\iexplore.exe" Windows 7 Rootkits "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5780 CREDAT:267521 /prefetch:2 C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe -Embedding C:\Windows\system32\sppsvc.exe "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5780 CREDAT:3872038 /prefetch:2 "C:\Users\Wijna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EPFYKS1B\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job =========Mozilla firefox========= ProfilePath - C:\Users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\mxqxnbm7.default prefs.js - "browser.startup.homepage" - "https://www.google.nl/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ABNAMRO/BECON,version=1.00] "Description"=ABN AMRO e.dentifier2 Plug-in 1.0 for Mozilla "Path"=C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/EPPEX] "Description"=Canon Easy-PhotoPrint EX "Path"=C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.55.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0] "Description"=WildTangent Games App V2 Presence Detector Plugin "Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled C:\Users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\mxqxnbm7.default\searchplugins\ conduit-search.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-04-16 553384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-05-04 581824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-04-16 210856] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-04-14 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-05-04 436600] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-04-14 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-15 167704] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-15 392472] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-15 416024] "IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-28 2723624] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072] "Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2012-02-08 1829768] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-07-19 2780776] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-05-15 5622512] "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-09-20 341360] "BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2012-01-05 296984] "LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440] "ArcadeMovieService"=C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-10-27 177448] "CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1637496] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-05-04 3873704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\Windows\System32\nvinitx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-08-09 390144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 3 months====== 2014-05-05 23:12:12 ----SHD---- C:\$RECYCLE.BIN 2014-05-05 23:12:05 ----A---- C:\ComboFix.txt 2014-05-05 13:04:36 ----D---- C:\ProgramData\Sophos 2014-05-05 13:04:20 ----D---- C:\Program Files (x86)\Sophos 2014-05-05 10:31:01 ----A---- C:\Windows\SYSWOW64\javaws.exe 2014-05-05 10:30:57 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2014-05-05 10:30:57 ----A---- C:\Windows\SYSWOW64\javaw.exe 2014-05-05 10:30:57 ----A---- C:\Windows\SYSWOW64\java.exe 2014-05-04 17:44:51 ----A---- C:\autoexec.bat 2014-05-04 17:44:06 ----D---- C:\Program Files\Enigma Software Group 2014-05-04 17:42:55 ----D---- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-04 14:11:28 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2014-05-04 14:06:27 ----D---- C:\Windows\Migration 2014-05-04 13:36:09 ----A---- C:\Windows\system32\vbscript.dll 2014-05-04 13:36:05 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2014-05-04 13:12:00 ----D---- C:\ProgramData\F-Secure 2014-05-04 12:59:24 ----A---- C:\Windows\SYSWOW64\msrating.dll 2014-05-04 12:59:24 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2014-05-04 12:59:24 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2014-05-04 12:59:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2014-05-04 12:59:23 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2014-05-04 12:59:23 ----A---- C:\Windows\SYSWOW64\ieui.dll 2014-05-04 12:59:23 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2014-05-04 12:59:23 ----A---- C:\Windows\system32\msrating.dll 2014-05-04 12:59:23 ----A---- C:\Windows\system32\msfeeds.dll 2014-05-04 12:59:22 ----A---- C:\Windows\system32\urlmon.dll 2014-05-04 12:59:21 ----A---- C:\Windows\SYSWOW64\wininet.dll 2014-05-04 12:59:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2014-05-04 12:59:21 ----A---- C:\Windows\system32\jsproxy.dll 2014-05-04 12:59:20 ----A---- C:\Windows\system32\wininet.dll 2014-05-04 12:59:20 ----A---- C:\Windows\system32\iesetup.dll 2014-05-04 12:59:19 ----A---- C:\Windows\system32\ieui.dll 2014-05-04 12:59:19 ----A---- C:\Windows\system32\ieframe.dll 2014-05-04 12:59:17 ----A---- C:\Windows\system32\iertutil.dll 2014-05-04 12:59:16 ----A---- C:\Windows\system32\mshtml.dll 2014-05-04 12:59:15 ----A---- C:\Windows\system32\jscript.dll 2014-05-04 12:59:14 ----A---- C:\Windows\SYSWOW64\jscript.dll 2014-05-04 12:59:13 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2014-05-04 12:59:13 ----A---- C:\Windows\system32\jscript9.dll 2014-05-04 12:59:12 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2014-05-04 12:59:11 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2014-05-04 12:59:11 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2014-05-04 12:59:11 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2014-05-04 12:59:11 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2014-05-04 12:59:11 ----A---- C:\Windows\system32\iesysprep.dll 2014-05-04 12:59:11 ----A---- C:\Windows\system32\iernonce.dll 2014-05-04 12:59:11 ----A---- C:\Windows\system32\ie4uinit.exe 2014-05-04 12:59:08 ----A---- C:\Windows\system32\wwansvc.dll 2014-05-04 12:59:07 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll 2014-05-04 12:59:07 ----A---- C:\Windows\SYSWOW64\d2d1.dll 2014-05-04 12:59:07 ----A---- C:\Windows\system32\d3d10warp.dll 2014-05-04 12:59:07 ----A---- C:\Windows\system32\d2d1.dll 2014-05-04 12:59:05 ----A---- C:\Windows\system32\win32k.sys 2014-05-04 12:58:37 ----A---- C:\Windows\SYSWOW64\qedit.dll 2014-05-04 12:58:37 ----A---- C:\Windows\system32\qedit.dll 2014-05-04 12:58:36 ----A---- C:\Windows\system32\drivers\netio.sys 2014-05-04 12:54:45 ----A---- C:\Windows\SYSWOW64\setup16.exe 2014-05-04 12:54:45 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll 2014-05-04 12:54:45 ----A---- C:\Windows\SYSWOW64\kernel32.dll 2014-05-04 12:54:45 ----A---- C:\Windows\system32\wow64win.dll 2014-05-04 12:54:45 ----A---- C:\Windows\system32\wow64cpu.dll 2014-05-04 12:54:45 ----A---- C:\Windows\system32\wow64.dll 2014-05-04 12:54:45 ----A---- C:\Windows\system32\ntvdm64.dll 2014-05-04 12:54:45 ----A---- C:\Windows\system32\kernel32.dll 2014-05-04 12:54:44 ----A---- C:\Windows\SYSWOW64\wow32.dll 2014-05-04 12:54:44 ----A---- C:\Windows\SYSWOW64\user.exe 2014-05-04 12:54:44 ----A---- C:\Windows\SYSWOW64\instnm.exe 2014-05-04 12:53:21 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll 2014-05-04 12:53:21 ----A---- C:\Windows\system32\WindowsCodecs.dll 2014-05-04 12:43:42 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp_isv.exe 2014-05-04 12:43:42 ----A---- C:\Windows\SYSWOW64\RMActivate_isv.exe 2014-05-04 12:43:42 ----A---- C:\Windows\SYSWOW64\RMActivate.exe 2014-05-04 12:43:42 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe 2014-05-04 12:43:42 ----A---- C:\Windows\system32\RMActivate_ssp.exe 2014-05-04 12:43:42 ----A---- C:\Windows\system32\RMActivate_isv.exe 2014-05-04 12:43:42 ----A---- C:\Windows\system32\RMActivate.exe 2014-05-04 12:43:41 ----A---- C:\Windows\SYSWOW64\secproc_ssp_isv.dll 2014-05-04 12:43:41 ----A---- C:\Windows\SYSWOW64\secproc_ssp.dll 2014-05-04 12:43:41 ----A---- C:\Windows\SYSWOW64\secproc_isv.dll 2014-05-04 12:43:41 ----A---- C:\Windows\SYSWOW64\secproc.dll 2014-05-04 12:43:41 ----A---- C:\Windows\SYSWOW64\RMActivate_ssp.exe 2014-05-04 12:43:41 ----A---- C:\Windows\SYSWOW64\msdrm.dll 2014-05-04 12:43:41 ----A---- C:\Windows\system32\secproc_ssp_isv.dll 2014-05-04 12:43:41 ----A---- C:\Windows\system32\secproc_ssp.dll 2014-05-04 12:43:41 ----A---- C:\Windows\system32\secproc_isv.dll 2014-05-04 12:43:41 ----A---- C:\Windows\system32\secproc.dll 2014-05-04 12:43:41 ----A---- C:\Windows\system32\msdrm.dll 2014-05-04 12:43:39 ----A---- C:\Windows\system32\msxml3.dll 2014-05-04 12:43:38 ----A---- C:\Windows\SYSWOW64\msxml3r.dll 2014-05-04 12:43:38 ----A---- C:\Windows\SYSWOW64\msxml3.dll 2014-05-04 12:43:38 ----A---- C:\Windows\system32\msxml3r.dll 2014-05-04 12:43:37 ----A---- C:\Windows\SYSWOW64\wer.dll 2014-05-04 12:43:37 ----A---- C:\Windows\system32\wer.dll 2014-05-04 12:43:30 ----A---- C:\Windows\SYSWOW64\iologmsg.dll 2014-05-04 12:43:30 ----A---- C:\Windows\system32\iologmsg.dll 2014-05-04 12:43:30 ----A---- C:\Windows\system32\drivers\storport.sys 2014-05-04 12:43:30 ----A---- C:\Windows\system32\drivers\msiscsi.sys 2014-05-04 12:43:30 ----A---- C:\Windows\system32\drivers\Diskdump.sys 2014-05-04 12:43:28 ----A---- C:\Windows\system32\drivers\usbuhci.sys 2014-05-04 12:43:28 ----A---- C:\Windows\system32\drivers\usbport.sys 2014-05-04 12:43:28 ----A---- C:\Windows\system32\drivers\usbohci.sys 2014-05-04 12:43:28 ----A---- C:\Windows\system32\drivers\usbhub.sys 2014-05-04 12:43:28 ----A---- C:\Windows\system32\drivers\usbehci.sys 2014-05-04 12:43:28 ----A---- C:\Windows\system32\drivers\usbd.sys 2014-05-04 12:43:28 ----A---- C:\Windows\system32\drivers\usbccgp.sys 2014-05-04 12:40:45 ----A---- C:\Windows\system32\drivers\ntfs.sys 2014-05-04 12:28:44 ----A---- C:\Windows\system32\drivers\aswHwid.sys 2014-05-04 12:28:23 ----A---- C:\Windows\avastSS.scr 2014-04-16 16:03:01 ----D---- C:\Program Files\Tracker Software 2014-04-16 15:53:37 ----D---- C:\Users\Wijna\AppData\Roaming\Soda PDF 6 2014-04-16 15:43:40 ----A---- C:\Windows\system32\javaws.exe 2014-04-16 15:43:36 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-16 15:43:36 ----A---- C:\Windows\system32\javaw.exe 2014-04-16 15:43:36 ----A---- C:\Windows\system32\java.exe 2014-04-16 15:43:32 ----D---- C:\Program Files\Java 2014-04-16 15:42:41 ----D---- C:\ProgramData\Soda PDF 6 2014-03-25 15:30:56 ----D---- C:\Program Files (x86)\MarkAny 2014-03-25 15:30:13 ----D---- C:\Users\Wijna\AppData\Roaming\Samsung 2014-03-25 15:28:30 ----D---- C:\Program Files (x86)\MyFree Codec 2014-03-25 15:27:05 ----A---- C:\Windows\SYSWOW64\Redemption.dll 2014-03-25 15:26:33 ----D---- C:\ProgramData\Samsung 2014-03-25 15:26:33 ----D---- C:\Program Files (x86)\Samsung 2014-02-20 17:33:50 ----D---- C:\Users\Wijna\AppData\Roaming\Nitro 2014-02-20 17:33:50 ----D---- C:\Users\Wijna\AppData\Roaming\FileOpen 2014-02-20 17:33:50 ----D---- C:\ProgramData\FileOpen 2014-02-20 17:31:51 ----D---- C:\ProgramData\Nitro 2014-02-20 17:31:08 ----D---- C:\Users\Wijna\AppData\Roaming\Downloaded Installations 2014-02-08 23:26:07 ----D---- C:\Program Files (x86)\ESET ======List of files/folders modified in the last 3 months====== 2014-05-06 08:59:18 ----D---- C:\Program Files\trend micro 2014-05-06 08:59:12 ----D---- C:\Windows\Temp 2014-05-06 08:52:47 ----A---- C:\Windows\SYSWOW64\log.txt 2014-05-06 08:51:05 ----D---- C:\ProgramData\clear.fi 2014-05-06 08:50:52 ----D---- C:\Windows\system32\config 2014-05-05 23:12:07 ----D---- C:\Qoobox 2014-05-05 23:09:59 ----D---- C:\Windows 2014-05-05 23:09:59 ----A---- C:\Windows\system.ini 2014-05-05 23:09:53 ----D---- C:\Windows\system32\drivers\etc 2014-05-05 23:06:12 ----D---- C:\Windows\SYSWOW64\drivers 2014-05-05 23:06:12 ----D---- C:\Windows\SysWOW64 2014-05-05 23:06:12 ----D---- C:\Windows\AppPatch 2014-05-05 23:06:11 ----D---- C:\Program Files (x86)\Common Files 2014-05-05 23:00:23 ----D---- C:\Windows\system32\drivers 2014-05-05 13:04:36 ----D---- C:\ProgramData 2014-05-05 13:04:30 ----SHD---- C:\Windows\Installer 2014-05-05 13:04:29 ----SD---- C:\Users\Wijna\AppData\Roaming\Microsoft 2014-05-05 13:04:20 ----RD---- C:\Program Files (x86) 2014-05-05 13:04:08 ----SHD---- C:\System Volume Information 2014-05-05 10:46:51 ----D---- C:\Windows\Microsoft.NET 2014-05-05 10:46:01 ----RSD---- C:\Windows\assembly 2014-05-05 10:31:16 ----D---- C:\ProgramData\Oracle 2014-05-05 10:30:53 ----D---- C:\Program Files (x86)\Java 2014-05-04 22:16:45 ----D---- C:\Windows\winsxs 2014-05-04 20:51:06 ----D---- C:\Windows\System32 2014-05-04 20:51:01 ----D---- C:\Program Files (x86)\Internet Explorer 2014-05-04 20:50:58 ----D---- C:\Program Files\Internet Explorer 2014-05-04 20:50:55 ----D---- C:\Windows\SYSWOW64\nl-NL 2014-05-04 20:50:54 ----D---- C:\Windows\system32\nl-NL 2014-05-04 20:50:40 ----D---- C:\Windows\system32\DriverStore 2014-05-04 19:10:17 ----RD---- C:\Program Files 2014-05-04 19:04:00 ----D---- C:\Windows\inf 2014-05-04 19:04:00 ----A---- C:\Windows\system32\PerfStringBackup.INI 2014-05-04 19:01:26 ----D---- C:\Windows\system32\Tasks 2014-05-04 14:08:08 ----D---- C:\Windows\SYSWOW64\en-US 2014-05-04 14:08:08 ----D---- C:\Windows\system32\en-US 2014-05-04 14:06:27 ----SD---- C:\ProgramData\Microsoft 2014-05-04 13:58:28 ----D---- C:\ProgramData\Skype 2014-05-04 13:58:20 ----RD---- C:\Program Files (x86)\Skype 2014-05-04 13:39:43 ----D---- C:\Windows\system32\catroot 2014-05-04 13:19:42 ----D---- C:\Windows\Prefetch 2014-05-04 13:17:31 ----D---- C:\Windows\system32\catroot2 2014-05-04 13:13:10 ----D---- C:\Windows\system32\MRT 2014-05-04 12:28:23 ----A---- C:\Windows\system32\aswBoot.exe 2014-05-04 12:12:02 ----D---- C:\ProgramData\CanonIJPLM 2014-04-28 23:32:15 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2014-04-27 23:23:56 ----D---- C:\Users\Wijna\AppData\Roaming\calibre 2014-04-12 18:02:57 ----D---- C:\Users\Wijna\AppData\Roaming\BitTorrent 2014-04-07 09:11:21 ----D---- C:\Windows\Downloaded Program Files 2014-03-31 09:35:08 ----N---- C:\Windows\system32\MpSigStub.exe 2014-03-31 03:51:02 ----A---- C:\Windows\system32\MRT.exe 2014-03-27 19:00:04 ----HD---- C:\Program Files (x86)\InstallShield Installation Information 2014-02-20 17:57:50 ----D---- C:\Program Files\Common Files 2014-02-08 23:15:35 ----D---- C:\Windows\Tasks ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-05-04 65776] R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-05-04 208416] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808] R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-11-27 28992] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-05-04 93568] R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-05-04 1039096] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-05-04 423240] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-12-19 64288] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-07-21 283064] R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2012-03-20 22648] R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2012-03-20 20520] R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-03-20 62776] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-05-04 29208] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-05-04 79184] R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-30 16120] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-02 2750464] R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-08-09 12289472] R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-28 1417776] R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2012-02-07 17408] S1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [] S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-05-04 85328] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672] S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-06-22 116992] S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792] S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176] S3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2012-02-07 18432] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-05-04 50344] R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360] R2 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 871296] R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2012-02-29 28264] R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2011-09-06 140456] R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-09-16 325656] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-11-27 1640768] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-27 2253120] R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-09-16 2538520] R3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192] S2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28 257712] S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-07-12 655624] S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-05 119408] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-22 1255736] S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] -----------------EOF----------------- Bedankt! Groet, Dennis

Hallo, Helaas heeft tot op heden nog niemand gereageerd. Daarom heb ik alvast maar een log van Combofix toegevoegd. ComboFix 14-05-05.01 - Wijna 05-05-2014 23:01:23.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7861.4443 [GMT 2:00] Gestart vanuit: c:\users\Wijna\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Wijna\Ik vind het heel erg om te moeten concluderen dat ik de laatste tijd niets of nauwelijks heb gedaan om mijn sociale contacten en vooral het contact met familie en vrienden die veel voor mij betekenen .lnk . . (((((((((((((((((((( Bestanden Gemaakt van 2014-04-05 to 2014-05-05 )))))))))))))))))))))))))))))) . . 2014-05-05 21:09 . 2014-05-05 21:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2014-05-05 21:09 . 2014-05-05 21:09 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-05-05 21:09 . 2014-05-05 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-05-05 11:10 . 2014-05-05 11:10 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70D6016E-A7EC-4288-B121-3D4A6B481BA5}\offreg.dll 2014-05-05 11:04 . 2014-05-05 11:04 -------- d-----w- c:\programdata\Sophos 2014-05-05 11:04 . 2014-05-05 11:04 73728 ----a-r- c:\users\Wijna\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2014-05-05 11:04 . 2014-05-05 11:04 73728 ----a-r- c:\users\Wijna\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2014-05-05 11:04 . 2014-05-05 11:04 73728 ----a-r- c:\users\Wijna\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2014-05-05 11:04 . 2014-05-05 11:04 -------- d-----w- c:\program files (x86)\Sophos 2014-05-05 08:30 . 2014-04-14 18:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2014-05-04 15:44 . 2014-05-04 15:44 -------- d-----w- c:\program files\Enigma Software Group 2014-05-04 15:42 . 2014-05-04 17:01 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-05-04 15:42 . 2014-05-04 15:42 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2014-05-04 12:20 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70D6016E-A7EC-4288-B121-3D4A6B481BA5}\mpengine.dll 2014-05-04 12:06 . 2014-05-04 12:06 -------- d-----w- c:\windows\Migration 2014-05-04 11:36 . 2013-12-21 09:39 600064 ----a-w- c:\windows\system32\vbscript.dll 2014-05-04 11:36 . 2013-12-21 07:56 523776 ----a-w- c:\windows\SysWow64\vbscript.dll 2014-05-04 11:12 . 2014-05-04 11:12 -------- d-----w- c:\programdata\F-Secure 2014-05-04 10:58 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-05-04 10:58 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2014-05-04 10:58 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2014-05-04 10:54 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll 2014-05-04 10:54 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll 2014-05-04 10:54 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2014-05-04 10:54 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2014-05-04 10:54 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll 2014-05-04 10:54 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2014-05-04 10:54 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2014-05-04 10:54 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2014-05-04 10:54 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2014-05-04 10:54 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe 2014-05-04 10:53 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-05-04 10:53 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-05-04 10:40 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys 2014-05-04 10:28 . 2014-05-04 10:28 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2014-05-04 10:28 . 2014-05-04 10:28 43152 ----a-w- c:\windows\avastSS.scr 2014-04-16 14:03 . 2014-04-16 14:08 -------- d-----w- c:\program files\Tracker Software 2014-04-16 13:58 . 2014-04-16 13:58 -------- d-----w- c:\users\Wijna\.pdfsam 2014-04-16 13:53 . 2014-04-16 13:53 -------- d-----w- c:\users\Wijna\AppData\Roaming\Soda PDF 6 2014-04-16 13:43 . 2014-04-16 13:43 312744 ----a-w- c:\windows\system32\javaws.exe 2014-04-16 13:43 . 2014-04-16 13:43 189352 ----a-w- c:\windows\system32\javaw.exe 2014-04-16 13:43 . 2014-04-16 13:43 189352 ----a-w- c:\windows\system32\java.exe 2014-04-16 13:43 . 2014-04-16 13:43 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2014-04-16 13:43 . 2014-04-16 13:43 -------- d-----w- c:\program files\Java 2014-04-16 13:42 . 2014-04-16 13:42 -------- d-----w- c:\programdata\Soda PDF 6 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-05-04 10:28 . 2013-12-19 21:01 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys 2014-05-04 10:28 . 2013-06-04 07:18 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2014-05-04 10:28 . 2013-06-04 07:18 423240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2014-05-04 10:28 . 2013-06-04 07:18 1039096 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-05-04 10:28 . 2013-06-04 07:18 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-05-04 10:28 . 2013-06-04 07:18 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2014-05-04 10:28 . 2013-06-04 07:18 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-05-04 10:28 . 2013-06-04 07:18 334648 ----a-w- c:\windows\system32\aswBoot.exe 2014-04-28 21:32 . 2013-12-06 19:11 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-04-28 21:32 . 2012-03-20 15:22 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-03-31 01:51 . 2013-01-22 18:35 90655440 ----a-w- c:\windows\system32\MRT.exe 2014-03-04 09:17 . 2014-05-04 10:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-10-27 177448] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-04 3873704] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . 3;2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - UWLOQPOD *Deregistered* - uwloqpod [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [bU] . Inhoud van de 'Gedeelde Taken' map . 2014-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-20 21:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-05-04 10:28 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024] "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.44.54 212.54.40.25 DPF: {FB54FA27-96CF-4C62-80DC-DA7616EBD326} - hxxp://downloads.bullguard.com/VirusScan/bgvax.cab FF - ProfilePath - c:\users\Wijna\AppData\Roaming\Mozilla\Firefox\Profiles\mxqxnbm7.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/ . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe Toolbar-Locked - (no file) AddRemove-Chandler - c:\program files (x86)\Chandler1.0.3\uninst.exe AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.13" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2014-05-05 23:12:05 ComboFix-quarantined-files.txt 2014-05-05 21:12 . Pre-Run: 241.200.558.080 bytes beschikbaar Post-Run: 242.702.086.144 bytes beschikbaar . - - End Of File - - E63D3561F530A666EBFA6CA67266E2C0 Alvast bedankt! Groet, Dennis

Hallo, Om mijn laptop te beschermen gebruik ik Avast, Super Anti Spyware en Malwarebytes. Af en toe vinden deze programma's wel een probleem en is het zo weer opgelost. De laatste weken vond ik mijn laptop eigenlijk niet zo werken zoals het hoort. Vooral Explorer vertoonde regelmatig kuren of stopte er ineens mee door een fout. Heb dus een paar keer een check uitgevoerd maar er werden eigenlijk geen spannende problemen gevonden. Gisteren heb ik een programma-update van Avast uitgevoerd en direct een scan laten uitvoeren en ineens schijnen er 287 geinfecteerde bestanden te zijn gevonden. Allemaal Rootkits. Ik weet verder niets van Rootkits dus heb even opgezocht en het probleem lijkt vrij ernstig. Via Avast kon ik de bestanden niet verplaatsen naar een kluis. Ik kon alleen kiezen voor een nieuwe opstart en herstellen van de bestanden. Dit heb ik dan ook gedaan. Daarna opnieuw een scan met Avast uitgevoerd en de geinfecteerde bestanden zijn niet meer te vinden. Ik heb geen idee wat er mee gebeurt is maar mijn laptop reageert nu ineens helemaal raar, traag en onvoorspelbaar. Explorer valt steeds uit door een probleem en start dan ineens opnieuw op. Avast, Super Anti Spyware en Malwarebytes vinden verder geen verdachte bestanden meer. Ik vond op internet het programma GMER en deze vind ook weer een hele lijst met problemen. Kan iemand mij helpen met deze problemen? Ik hoop niet dat dit zo dreigend is dat ik een nieuwe installatie moet uitvoeren van Windows? Alvast bedankt voor de reactie. Groet, Dennis

Hoe simpel kan het zijn! Ik heb een andere muis geprobeerd en inderdaad geen problemen meer. Wat stom dat ik daar niet zelf aan heb gedacht en dit eerder geprobeerd heb. Het is dus opgelost en ik wil je heel erg bedanken voor je inzet, tijd en de uiteindelijke oplossing!

ComboFix 13-11-19.01 - Wijna 20-11-2013 9:39.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.7861.5137 [GMT 1:00] Gestart vanuit: c:\users\Wijna\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\FlashPlayerApp.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-10-20 to 2013-11-20 )))))))))))))))))))))))))))))) . . 2013-11-20 08:46 . 2013-11-20 08:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-11-20 08:46 . 2013-11-20 08:46 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-20 08:38 . 2013-11-20 08:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9B9CA33-ED2A-4C50-A8B2-E4D517050046}\offreg.dll 2013-11-20 07:57 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9B9CA33-ED2A-4C50-A8B2-E4D517050046}\mpengine.dll 2013-11-20 07:15 . 2013-11-20 07:16 -------- dc----w- c:\users\Wijna\AppData\Local\MigWiz 2013-11-19 22:42 . 2013-11-20 07:32 -------- d-----w- c:\program files\trend micro 2013-11-19 22:42 . 2013-11-19 22:42 -------- d-----w- C:\rsit 2013-11-19 21:09 . 2013-11-19 21:09 -------- d-----w- c:\users\Wijna\AppData\Roaming\AVAST Software 2013-11-04 22:09 . 2012-11-05 17:38 83 ----a-w- c:\users\Wijna\update-FM2013.bat 2013-11-04 22:07 . 2013-11-04 22:16 -------- d-----w- c:\users\Wijna\Football Manager 2013 2013-11-04 21:55 . 2013-11-04 21:55 -------- d-----w- c:\users\Wijna\AppData\Local\VS Revo Group 2013-11-04 21:54 . 2013-11-04 21:54 -------- d-----w- c:\programdata\VS Revo Group 2013-11-04 21:54 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2013-11-04 21:54 . 2013-11-04 21:54 -------- d-----w- c:\program files\VS Revo Group 2013-11-03 23:51 . 2013-11-03 23:51 -------- d-----w- c:\users\Wijna\AppData\Local\Chromium 2013-11-03 23:49 . 2013-11-03 23:49 -------- d-----w- c:\users\Wijna\AppData\Local\SKIDROW 2013-11-03 23:48 . 2013-11-04 12:13 -------- d-----w- c:\users\Wijna\AppData\Local\Sports Interactive 2013-11-03 23:48 . 2013-11-03 23:48 -------- d-----w- c:\users\Wijna\AppData\Roaming\Sports Interactive 2013-11-03 23:27 . 2008-10-10 03:52 519000 ----a-w- c:\windows\system32\d3dx10_40.dll 2013-11-03 23:25 . 2013-11-03 23:26 -------- d--h--w- c:\windows\msdownld.tmp 2013-10-30 19:24 . 2013-10-30 19:24 -------- d-----w- c:\users\Wijna\AppData\Local\Evernote . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-11 12:32 . 2013-01-22 18:35 80541720 ----a-w- c:\windows\system32\MRT.exe 2013-10-08 05:50 . 2013-10-21 07:26 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-22 23:28 . 2013-10-11 12:39 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-09-22 23:27 . 2013-10-11 12:39 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-09-22 23:27 . 2013-10-11 12:39 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-09-22 23:27 . 2013-10-11 12:39 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-09-22 22:55 . 2013-10-11 12:39 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-09-22 22:55 . 2013-10-11 12:39 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-09-22 22:55 . 2013-10-11 12:39 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-09-22 22:54 . 2013-10-11 12:39 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-09-22 22:54 . 2013-10-11 12:38 19252224 ----a-w- c:\windows\system32\mshtml.dll 2013-09-22 22:54 . 2013-10-11 12:39 855552 ----a-w- c:\windows\system32\jscript.dll 2013-09-22 22:54 . 2013-10-11 12:39 3959296 ----a-w- c:\windows\system32\jscript9.dll 2013-09-22 22:54 . 2013-10-11 12:39 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-09-22 22:54 . 2013-10-11 12:39 526336 ----a-w- c:\windows\system32\ieui.dll 2013-09-22 22:54 . 2013-10-11 12:39 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-09-22 22:54 . 2013-10-11 12:39 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-09-22 22:54 . 2013-10-11 12:39 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-09-22 22:54 . 2013-10-11 12:39 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-09-22 22:54 . 2013-10-11 12:39 15404544 ----a-w- c:\windows\system32\ieframe.dll 2013-09-21 03:38 . 2013-10-11 12:39 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-09-21 03:30 . 2013-10-11 12:39 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-09-21 02:48 . 2013-10-11 12:39 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-09-21 02:39 . 2013-10-11 12:39 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10 . 2013-10-10 10:22 497152 ----a-w- c:\windows\system32\drivers\afd.sys 2013-09-08 02:30 . 2013-10-10 10:22 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-09-08 02:27 . 2013-10-10 10:22 327168 ----a-w- c:\windows\system32\mswsock.dll 2013-09-08 02:03 . 2013-10-10 10:22 231424 ----a-w- c:\windows\SysWow64\mswsock.dll 2013-09-03 12:35 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-08-29 02:17 . 2013-10-10 10:22 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-29 02:16 . 2013-10-10 10:22 1732032 ----a-w- c:\windows\system32\ntdll.dll 2013-08-29 02:16 . 2013-10-10 10:22 243712 ----a-w- c:\windows\system32\wow64.dll 2013-08-29 02:16 . 2013-10-10 10:22 859648 ----a-w- c:\windows\system32\tdh.dll 2013-08-29 02:13 . 2013-10-10 10:22 878080 ----a-w- c:\windows\system32\advapi32.dll 2013-08-29 01:51 . 2013-10-10 10:22 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51 . 2013-10-10 10:22 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50 . 2013-10-10 10:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-08-29 01:50 . 2013-10-10 10:22 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll 2013-08-29 01:50 . 2013-10-10 10:22 619520 ----a-w- c:\windows\SysWow64\tdh.dll 2013-08-29 01:48 . 2013-10-10 10:22 640512 ----a-w- c:\windows\SysWow64\advapi32.dll 2013-08-29 01:48 . 2013-10-10 10:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-08-29 00:49 . 2013-10-10 10:22 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-08-29 00:49 . 2013-10-10 10:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-08-29 00:49 . 2013-10-10 10:22 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-08-29 00:49 . 2013-10-10 10:22 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-08-28 01:21 . 2013-10-10 10:22 3155968 ----a-w- c:\windows\system32\win32k.sys 2013-08-28 01:12 . 2013-10-10 10:21 461312 ----a-w- c:\windows\system32\scavengeui.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-07-03 3673184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2012-01-05 296984] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-10-27 177448] "CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [x] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys;c:\windows\SYSNATIVE\DRIVERS\aabed2.sys [x] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2013-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-20 15:22] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-15 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-15 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-15 416024] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 1829768] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2780776] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 DPF: {FB54FA27-96CF-4C62-80DC-DA7616EBD326} - hxxp://downloads.bullguard.com/VirusScan/bgvax.cab . - - - - ORPHANS VERWIJDERD - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Chandler - c:\program files (x86)\Chandler1.0.3\uninst.exe AddRemove-JNLP - c:\windows\system32\javaws.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-11-20 09:56:17 ComboFix-quarantined-files.txt 2013-11-20 08:56 . Pre-Run: 235.070.042.112 bytes beschikbaar Post-Run: 235.792.642.048 bytes beschikbaar . - - End Of File - - A22E059C04870797DBB3D221945F039E

Er stonden inderdaad nog AVG resten op de pc. Deze heb ik inmiddels verwijderd. De problemen blijven echter bestaan. Ik kan bijv. niet eens het geluid instellen omdat de scrollbar direct weer naar beneden zakt en het geluid dus ook automatisch wordt uitgeschakeld.

Logfile of random's system information tool 1.09 (written by random/random) Run by Wijna at 2013-11-19 23:44:11 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 224 GB (56%) free of 400 GB Total RAM: 7861 MB (72% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:44:13, on 19-11-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16736) Boot mode: Normal Running processes: C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files\trend micro\Wijna.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3171778365-3289252850-328694927-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3171778365-3289252850-328694927-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (Bitdefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {FB54FA27-96CF-4C62-80DC-DA7616EBD326} (BullGuard Virus Scan Control) - http://downloads.bullguard.com/VirusScan/bgvax.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12317 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" "C:\Program Files (x86)\Launch Manager\dsiwmis.exe" "C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window "C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe" "C:\Program Files (x86)\Acer\Registration\GREGsvc.exe" "C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE" "C:\Program Files\Acer\Acer Updater\UpdaterService.exe" "C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe" C:\Windows\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe" "taskhost.exe" "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE "C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties" \??\C:\Windows\system32\conhost.exe "-1596434592-393673720-2132272306715757965-1078862844-1626903109-544440872424387777 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding taskeng.exe {7DC0B868-A4F2-497F-A48F-4A1CC559C220} "C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe" "C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe" "C:\Windows\System32\igfxtray.exe" "C:\Windows\System32\hkcmd.exe" "C:\Windows\System32\igfxpers.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s "C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe" "C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\igfxext.exe -Embedding C:\Windows\system32\igfxsrvc.exe -Embedding C:\Windows\system32\wbem\unsecapp.exe -Embedding C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k "C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe" "C:\Program Files (x86)\Launch Manager\LManager.exe" "C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe" "C:\Program Files (x86)\Launch Manager\LMworker.exe" "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\splwow64.exe 8192 C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} "C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe" "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" "C:\Program Files\EgisTec IPS\PMMUpdate.exe" "C:\Program Files\EgisTec IPS\EgisUpdate.exe" "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 4868 "C:\Program Files (x86)\Microsoft Office\Office10\EXCEL.EXE" /e "C:\Program Files (x86)\Windows Live\Mail\wlmail.exe" "C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding "C:\Program Files\Internet Explorer\iexplore.exe" Windows 7 Scrollbars doen raar "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6124 CREDAT:267521 /prefetch:2 C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_222_ActiveX.exe -Embedding C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe33_ Global\UsGthrCtrlFltPipeMssGthrPipe33 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 "C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6124 CREDAT:4003116 /prefetch:2 C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} "C:\Users\Wijna\Desktop\RSITx64.exe" C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-19 1567016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-19 606544] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll [2013-11-11 3353624] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-11-19 1567016] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll [2013-11-11 3353624] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-19 606544] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-15 167704] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-15 392472] "Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-15 416024] "IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-28 2723624] "RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072] "Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2012-02-08 1829768] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2011-07-19 2780776] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-05-15 5622512] "DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-07-03 3673184] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"=C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [2011-09-20 341360] "BackupManagerTray"=C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2012-01-05 296984] "LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440] "ArcadeMovieService"=C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [2011-10-27 177448] "vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2013-11-11 2420248] "CanonSolutionMenuEx"=C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2011-08-04 1637496] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-11-19 3568312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\Windows\system32\nvinitx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2011-08-09 390144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=0 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "MSVideo8"=VfWWDM32.dll "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 month====== 2013-11-19 23:42:24 ----D---- C:\rsit 2013-11-19 23:42:24 ----D---- C:\Program Files\trend micro 2013-11-19 22:09:50 ----D---- C:\Users\Wijna\AppData\Roaming\AVAST Software 2013-11-15 08:13:12 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-11-15 08:13:12 ----A---- C:\Windows\system32\ieui.dll 2013-11-15 08:13:10 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-11-15 08:13:10 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-11-15 08:13:10 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-11-15 08:13:10 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-11-15 08:13:10 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-11-15 08:13:10 ----A---- C:\Windows\system32\iesysprep.dll 2013-11-15 08:13:10 ----A---- C:\Windows\system32\iesetup.dll 2013-11-15 08:13:10 ----A---- C:\Windows\system32\iernonce.dll 2013-11-15 08:13:10 ----A---- C:\Windows\system32\ie4uinit.exe 2013-11-15 08:13:09 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-11-15 08:13:09 ----A---- C:\Windows\system32\iertutil.dll 2013-11-15 08:13:07 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-11-15 08:13:07 ----A---- C:\Windows\system32\msfeeds.dll 2013-11-15 08:13:06 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-11-15 08:13:06 ----A---- C:\Windows\system32\jscript.dll 2013-11-15 08:13:05 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-11-15 08:13:05 ----A---- C:\Windows\system32\jscript9.dll 2013-11-15 08:13:04 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-11-15 08:13:03 ----A---- C:\Windows\system32\urlmon.dll 2013-11-15 08:13:02 ----A---- C:\Windows\system32\jsproxy.dll 2013-11-15 08:13:01 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-11-15 08:13:01 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-11-15 08:13:00 ----A---- C:\Windows\system32\wininet.dll 2013-11-15 08:12:59 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-11-15 08:12:57 ----A---- C:\Windows\system32\ieframe.dll 2013-11-15 08:12:56 ----A---- C:\Windows\system32\mshtml.dll 2013-11-15 08:12:53 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-11-14 08:14:57 ----A---- C:\Windows\SYSWOW64\crypt32.dll 2013-11-14 08:14:57 ----A---- C:\Windows\system32\crypt32.dll 2013-11-14 08:14:54 ----A---- C:\Windows\system32\drivers\afd.sys 2013-11-14 08:14:52 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll 2013-11-14 08:14:52 ----A---- C:\Windows\SYSWOW64\credui.dll 2013-11-14 08:14:52 ----A---- C:\Windows\SYSWOW64\authui.dll 2013-11-14 08:14:52 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll 2013-11-14 08:14:52 ----A---- C:\Windows\system32\credui.dll 2013-11-14 08:14:52 ----A---- C:\Windows\system32\authui.dll 2013-11-14 08:14:44 ----A---- C:\Windows\SYSWOW64\schannel.dll 2013-11-14 08:14:44 ----A---- C:\Windows\system32\schannel.dll 2013-11-14 08:14:44 ----A---- C:\Windows\system32\drivers\ksecpkg.sys 2013-11-14 08:14:44 ----A---- C:\Windows\system32\drivers\ksecdd.sys 2013-11-14 08:14:44 ----A---- C:\Windows\system32\drivers\cng.sys 2013-11-14 08:14:43 ----A---- C:\Windows\SYSWOW64\sspicli.dll 2013-11-14 08:14:43 ----A---- C:\Windows\SYSWOW64\secur32.dll 2013-11-14 08:14:43 ----A---- C:\Windows\SYSWOW64\ncrypt.dll 2013-11-14 08:14:43 ----A---- C:\Windows\system32\sspicli.dll 2013-11-14 08:14:43 ----A---- C:\Windows\system32\ncrypt.dll 2013-11-14 08:14:43 ----A---- C:\Windows\system32\lsass.exe 2013-11-14 08:14:43 ----A---- C:\Windows\system32\lsasrv.dll 2013-11-14 08:14:42 ----A---- C:\Windows\system32\sspisrv.dll 2013-11-14 08:14:42 ----A---- C:\Windows\system32\secur32.dll 2013-11-14 08:14:41 ----A---- C:\Windows\system32\gdi32.dll 2013-11-14 08:14:40 ----A---- C:\Windows\SYSWOW64\gdi32.dll 2013-11-14 08:14:39 ----A---- C:\Windows\SYSWOW64\nshwfp.dll 2013-11-14 08:14:39 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL 2013-11-14 08:14:39 ----A---- C:\Windows\system32\nshwfp.dll 2013-11-14 08:14:39 ----A---- C:\Windows\system32\IKEEXT.DLL 2013-11-14 08:14:39 ----A---- C:\Windows\system32\FWPUCLNT.DLL 2013-11-04 22:54:58 ----D---- C:\ProgramData\VS Revo Group 2013-11-04 22:54:58 ----A---- C:\Windows\system32\drivers\revoflt.sys 2013-11-04 22:54:56 ----D---- C:\Program Files\VS Revo Group 2013-11-04 02:26:16 ----D---- C:\Users\Wijna\AppData\Roaming\WinRAR 2013-11-04 02:26:12 ----D---- C:\Program Files (x86)\WinRAR 2013-11-04 00:48:59 ----D---- C:\Users\Wijna\AppData\Roaming\Sports Interactive 2013-11-04 00:28:23 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll 2013-11-04 00:28:23 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll 2013-11-04 00:28:23 ----A---- C:\Windows\SYSWOW64\xactengine3_7.dll 2013-11-04 00:28:23 ----A---- C:\Windows\system32\XAudio2_7.dll 2013-11-04 00:28:23 ----A---- C:\Windows\system32\XAPOFX1_5.dll 2013-11-04 00:28:23 ----A---- C:\Windows\system32\xactengine3_7.dll 2013-11-04 00:28:22 ----A---- C:\Windows\SYSWOW64\d3dcsx_43.dll 2013-11-04 00:28:22 ----A---- C:\Windows\SYSWOW64\D3DCompiler_43.dll 2013-11-04 00:28:22 ----A---- C:\Windows\system32\d3dcsx_43.dll 2013-11-04 00:28:22 ----A---- C:\Windows\system32\D3DCompiler_43.dll 2013-11-04 00:28:21 ----A---- C:\Windows\SYSWOW64\d3dx11_43.dll 2013-11-04 00:28:21 ----A---- C:\Windows\system32\d3dx11_43.dll 2013-11-04 00:28:20 ----A---- C:\Windows\SYSWOW64\d3dx10_43.dll 2013-11-04 00:28:20 ----A---- C:\Windows\system32\d3dx10_43.dll 2013-11-04 00:28:08 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll 2013-11-04 00:28:08 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll 2013-11-04 00:28:08 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll 2013-11-04 00:28:08 ----A---- C:\Windows\system32\XAudio2_6.dll 2013-11-04 00:28:08 ----A---- C:\Windows\system32\XAPOFX1_4.dll 2013-11-04 00:28:08 ----A---- C:\Windows\system32\D3DX9_43.dll 2013-11-04 00:28:07 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll 2013-11-04 00:28:07 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll 2013-11-04 00:28:07 ----A---- C:\Windows\system32\xactengine3_6.dll 2013-11-04 00:28:07 ----A---- C:\Windows\system32\X3DAudio1_7.dll 2013-11-04 00:28:06 ----A---- C:\Windows\SYSWOW64\xactengine3_5.dll 2013-11-04 00:28:06 ----A---- C:\Windows\system32\XAudio2_5.dll 2013-11-04 00:28:06 ----A---- C:\Windows\system32\xactengine3_5.dll 2013-11-04 00:28:05 ----A---- C:\Windows\SYSWOW64\d3dcsx_42.dll 2013-11-04 00:28:05 ----A---- C:\Windows\SYSWOW64\D3DCompiler_42.dll 2013-11-04 00:28:05 ----A---- C:\Windows\system32\d3dcsx_42.dll 2013-11-04 00:28:05 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2013-11-04 00:28:04 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll 2013-11-04 00:28:04 ----A---- C:\Windows\SYSWOW64\d3dx11_42.dll 2013-11-04 00:28:04 ----A---- C:\Windows\system32\D3DX9_42.dll 2013-11-04 00:28:04 ----A---- C:\Windows\system32\d3dx11_42.dll 2013-11-04 00:28:03 ----A---- C:\Windows\system32\d3dx10_41.dll 2013-11-04 00:28:03 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2013-11-04 00:28:02 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll 2013-11-04 00:28:02 ----A---- C:\Windows\system32\D3DX9_41.dll 2013-11-04 00:28:01 ----A---- C:\Windows\SYSWOW64\XAudio2_4.dll 2013-11-04 00:28:01 ----A---- C:\Windows\system32\XAudio2_4.dll 2013-11-04 00:28:01 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2013-11-04 00:28:00 ----A---- C:\Windows\SYSWOW64\xactengine3_4.dll 2013-11-04 00:28:00 ----A---- C:\Windows\SYSWOW64\X3DAudio1_6.dll 2013-11-04 00:28:00 ----A---- C:\Windows\system32\xactengine3_4.dll 2013-11-04 00:28:00 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2013-11-04 00:27:59 ----A---- C:\Windows\SYSWOW64\d3dx10_40.dll 2013-11-04 00:27:59 ----A---- C:\Windows\SYSWOW64\D3DCompiler_40.dll 2013-11-04 00:27:59 ----A---- C:\Windows\system32\d3dx10_40.dll 2013-11-04 00:27:59 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2013-11-04 00:27:58 ----A---- C:\Windows\SYSWOW64\D3DX9_40.dll 2013-11-04 00:27:58 ----A---- C:\Windows\system32\D3DX9_40.dll 2013-11-04 00:27:57 ----A---- C:\Windows\SYSWOW64\XAudio2_3.dll 2013-11-04 00:27:57 ----A---- C:\Windows\SYSWOW64\XAPOFX1_2.dll 2013-11-04 00:27:57 ----A---- C:\Windows\SYSWOW64\xactengine3_3.dll 2013-11-04 00:27:57 ----A---- C:\Windows\system32\XAudio2_3.dll 2013-11-04 00:27:57 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2013-11-04 00:27:57 ----A---- C:\Windows\system32\xactengine3_3.dll 2013-11-04 00:27:56 ----A---- C:\Windows\SYSWOW64\XAudio2_2.dll 2013-11-04 00:27:56 ----A---- C:\Windows\SYSWOW64\XAPOFX1_1.dll 2013-11-04 00:27:56 ----A---- C:\Windows\SYSWOW64\X3DAudio1_5.dll 2013-11-04 00:27:56 ----A---- C:\Windows\system32\XAudio2_2.dll 2013-11-04 00:27:56 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2013-11-04 00:27:56 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2013-11-04 00:27:55 ----A---- C:\Windows\SYSWOW64\xactengine3_2.dll 2013-11-04 00:27:55 ----A---- C:\Windows\system32\xactengine3_2.dll 2013-11-04 00:27:54 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll 2013-11-04 00:27:54 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll 2013-11-04 00:27:54 ----A---- C:\Windows\system32\d3dx10_39.dll 2013-11-04 00:27:54 ----A---- C:\Windows\system32\D3DCompiler_39.dll 2013-11-04 00:27:53 ----A---- C:\Windows\SYSWOW64\XAPOFX1_0.dll 2013-11-04 00:27:53 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll 2013-11-04 00:27:53 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2013-11-04 00:27:53 ----A---- C:\Windows\system32\D3DX9_39.dll 2013-11-04 00:27:52 ----A---- C:\Windows\SYSWOW64\XAudio2_1.dll 2013-11-04 00:27:52 ----A---- C:\Windows\SYSWOW64\xactengine3_1.dll 2013-11-04 00:27:52 ----A---- C:\Windows\SYSWOW64\X3DAudio1_4.dll 2013-11-04 00:27:52 ----A---- C:\Windows\system32\XAudio2_1.dll 2013-11-04 00:27:52 ----A---- C:\Windows\system32\xactengine3_1.dll 2013-11-04 00:27:52 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2013-11-04 00:27:51 ----A---- C:\Windows\SYSWOW64\d3dx10_38.dll 2013-11-04 00:27:51 ----A---- C:\Windows\SYSWOW64\D3DCompiler_38.dll 2013-11-04 00:27:51 ----A---- C:\Windows\system32\d3dx10_38.dll 2013-11-04 00:27:51 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2013-11-04 00:27:50 ----A---- C:\Windows\SYSWOW64\D3DX9_38.dll 2013-11-04 00:27:50 ----A---- C:\Windows\system32\D3DX9_38.dll 2013-11-04 00:27:49 ----A---- C:\Windows\SYSWOW64\XAudio2_0.dll 2013-11-04 00:27:49 ----A---- C:\Windows\system32\XAudio2_0.dll 2013-11-04 00:27:48 ----A---- C:\Windows\SYSWOW64\xactengine3_0.dll 2013-11-04 00:27:48 ----A---- C:\Windows\system32\xactengine3_0.dll 2013-11-04 00:27:47 ----A---- C:\Windows\SYSWOW64\X3DAudio1_3.dll 2013-11-04 00:27:47 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2013-11-04 00:27:46 ----A---- C:\Windows\SYSWOW64\D3DX9_37.dll 2013-11-04 00:27:46 ----A---- C:\Windows\SYSWOW64\d3dx10_37.dll 2013-11-04 00:27:46 ----A---- C:\Windows\SYSWOW64\D3DCompiler_37.dll 2013-11-04 00:27:46 ----A---- C:\Windows\system32\D3DX9_37.dll 2013-11-04 00:27:46 ----A---- C:\Windows\system32\d3dx10_37.dll 2013-11-04 00:27:46 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2013-11-04 00:27:45 ----A---- C:\Windows\SYSWOW64\xactengine2_10.dll 2013-11-04 00:27:45 ----A---- C:\Windows\system32\xactengine2_10.dll 2013-11-04 00:27:43 ----A---- C:\Windows\SYSWOW64\d3dx10_36.dll 2013-11-04 00:27:43 ----A---- C:\Windows\SYSWOW64\D3DCompiler_36.dll 2013-11-04 00:27:43 ----A---- C:\Windows\system32\d3dx10_36.dll 2013-11-04 00:27:43 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2013-11-04 00:27:42 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll 2013-11-04 00:27:42 ----A---- C:\Windows\system32\d3dx9_36.dll 2013-11-04 00:27:39 ----A---- C:\Windows\SYSWOW64\xactengine2_9.dll 2013-11-04 00:27:39 ----A---- C:\Windows\SYSWOW64\d3dx10_35.dll 2013-11-04 00:27:39 ----A---- C:\Windows\SYSWOW64\D3DCompiler_35.dll 2013-11-04 00:27:39 ----A---- C:\Windows\system32\xactengine2_9.dll 2013-11-04 00:27:39 ----A---- C:\Windows\system32\d3dx10_35.dll 2013-11-04 00:27:39 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2013-11-04 00:27:38 ----A---- C:\Windows\SYSWOW64\d3dx9_35.dll 2013-11-04 00:27:38 ----A---- C:\Windows\system32\d3dx9_35.dll 2013-11-04 00:27:37 ----A---- C:\Windows\SYSWOW64\xactengine2_8.dll 2013-11-04 00:27:37 ----A---- C:\Windows\SYSWOW64\X3DAudio1_2.dll 2013-11-04 00:27:37 ----A---- C:\Windows\system32\xactengine2_8.dll 2013-11-04 00:27:37 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2013-11-04 00:27:36 ----A---- C:\Windows\SYSWOW64\d3dx10_34.dll 2013-11-04 00:27:36 ----A---- C:\Windows\SYSWOW64\D3DCompiler_34.dll 2013-11-04 00:27:36 ----A---- C:\Windows\system32\d3dx10_34.dll 2013-11-04 00:27:36 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2013-11-04 00:27:35 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll 2013-11-04 00:27:35 ----A---- C:\Windows\SYSWOW64\d3dx9_34.dll 2013-11-04 00:27:35 ----A---- C:\Windows\system32\xinput1_3.dll 2013-11-04 00:27:35 ----A---- C:\Windows\system32\d3dx9_34.dll 2013-11-04 00:27:34 ----A---- C:\Windows\SYSWOW64\xactengine2_7.dll 2013-11-04 00:27:34 ----A---- C:\Windows\system32\xactengine2_7.dll 2013-11-04 00:27:33 ----A---- C:\Windows\SYSWOW64\d3dx10_33.dll 2013-11-04 00:27:33 ----A---- C:\Windows\SYSWOW64\D3DCompiler_33.dll 2013-11-04 00:27:33 ----A---- C:\Windows\system32\d3dx10_33.dll 2013-11-04 00:27:33 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2013-11-04 00:27:32 ----A---- C:\Windows\SYSWOW64\xactengine2_6.dll 2013-11-04 00:27:32 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll 2013-11-04 00:27:32 ----A---- C:\Windows\system32\xactengine2_6.dll 2013-11-04 00:27:32 ----A---- C:\Windows\system32\d3dx9_33.dll 2013-11-04 00:27:31 ----A---- C:\Windows\SYSWOW64\xactengine2_5.dll 2013-11-04 00:27:31 ----A---- C:\Windows\system32\xactengine2_5.dll 2013-11-04 00:27:30 ----A---- C:\Windows\SYSWOW64\xactengine2_4.dll 2013-11-04 00:27:30 ----A---- C:\Windows\SYSWOW64\x3daudio1_1.dll 2013-11-04 00:27:30 ----A---- C:\Windows\SYSWOW64\d3dx10.dll 2013-11-04 00:27:30 ----A---- C:\Windows\system32\xactengine2_4.dll 2013-11-04 00:27:30 ----A---- C:\Windows\system32\x3daudio1_1.dll 2013-11-04 00:27:30 ----A---- C:\Windows\system32\d3dx10.dll 2013-11-04 00:27:29 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll 2013-11-04 00:27:29 ----A---- C:\Windows\system32\d3dx9_31.dll 2013-11-04 00:27:28 ----A---- C:\Windows\SYSWOW64\xinput1_2.dll 2013-11-04 00:27:28 ----A---- C:\Windows\SYSWOW64\xactengine2_3.dll 2013-11-04 00:27:28 ----A---- C:\Windows\system32\xinput1_2.dll 2013-11-04 00:27:28 ----A---- C:\Windows\system32\xactengine2_3.dll 2013-11-04 00:27:27 ----A---- C:\Windows\SYSWOW64\xinput1_1.dll 2013-11-04 00:27:27 ----A---- C:\Windows\SYSWOW64\xactengine2_2.dll 2013-11-04 00:27:27 ----A---- C:\Windows\system32\xinput1_1.dll 2013-11-04 00:27:27 ----A---- C:\Windows\system32\xactengine2_2.dll 2013-11-04 00:27:25 ----A---- C:\Windows\SYSWOW64\xactengine2_1.dll 2013-11-04 00:27:25 ----A---- C:\Windows\system32\xactengine2_1.dll 2013-11-04 00:27:20 ----A---- C:\Windows\SYSWOW64\d3dx9_30.dll 2013-11-04 00:27:20 ----A---- C:\Windows\system32\d3dx9_30.dll 2013-11-04 00:27:18 ----A---- C:\Windows\SYSWOW64\xactengine2_0.dll 2013-11-04 00:27:18 ----A---- C:\Windows\SYSWOW64\x3daudio1_0.dll 2013-11-04 00:27:18 ----A---- C:\Windows\system32\xactengine2_0.dll 2013-11-04 00:27:18 ----A---- C:\Windows\system32\x3daudio1_0.dll 2013-11-04 00:27:17 ----A---- C:\Windows\SYSWOW64\d3dx9_29.dll 2013-11-04 00:27:17 ----A---- C:\Windows\system32\d3dx9_29.dll 2013-11-04 00:27:16 ----A---- C:\Windows\SYSWOW64\d3dx9_28.dll 2013-11-04 00:27:16 ----A---- C:\Windows\system32\d3dx9_28.dll 2013-11-04 00:27:15 ----A---- C:\Windows\SYSWOW64\d3dx9_27.dll 2013-11-04 00:27:15 ----A---- C:\Windows\system32\d3dx9_27.dll 2013-11-04 00:27:14 ----A---- C:\Windows\SYSWOW64\d3dx9_26.dll 2013-11-04 00:27:14 ----A---- C:\Windows\system32\d3dx9_26.dll 2013-11-04 00:27:13 ----A---- C:\Windows\SYSWOW64\d3dx9_25.dll 2013-11-04 00:27:13 ----A---- C:\Windows\system32\d3dx9_25.dll 2013-11-04 00:27:12 ----A---- C:\Windows\SYSWOW64\d3dx9_24.dll 2013-11-04 00:27:12 ----A---- C:\Windows\system32\d3dx9_24.dll 2013-11-04 00:25:26 ----HD---- C:\Windows\msdownld.tmp 2013-11-04 00:25:11 ----D---- C:\Windows\SYSWOW64\directx 2013-10-21 08:26:48 ----D---- C:\ProgramData\Oracle 2013-10-21 08:26:40 ----A---- C:\Windows\SYSWOW64\javaws.exe 2013-10-21 08:26:34 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll 2013-10-21 08:26:34 ----A---- C:\Windows\SYSWOW64\javaw.exe 2013-10-21 08:26:34 ----A---- C:\Windows\SYSWOW64\java.exe ======List of files/folders modified in the last 1 month====== 2013-11-19 23:44:12 ----D---- C:\Windows\Temp 2013-11-19 23:43:58 ----D---- C:\Windows\Prefetch 2013-11-19 23:42:24 ----RD---- C:\Program Files 2013-11-19 23:31:48 ----SHD---- C:\System Volume Information 2013-11-19 22:56:03 ----SHD---- C:\Windows\Installer 2013-11-19 22:55:59 ----RD---- C:\Program Files (x86) 2013-11-19 22:23:55 ----D---- C:\Windows\system32\config 2013-11-19 22:14:45 ----D---- C:\Windows\System32 2013-11-19 22:14:45 ----D---- C:\Windows\inf 2013-11-19 22:14:45 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-11-19 22:10:43 ----A---- C:\Windows\SYSWOW64\log.txt 2013-11-19 22:09:16 ----D---- C:\ProgramData\clear.fi 2013-11-19 22:08:29 ----D---- C:\Windows\system32\drivers 2013-11-19 19:27:08 ----D---- C:\Windows\system32\Tasks 2013-11-19 19:26:49 ----D---- C:\Windows\winsxs 2013-11-19 19:26:47 ----D---- C:\Windows 2013-11-19 19:26:43 ----A---- C:\Windows\system32\aswBoot.exe 2013-11-19 19:25:33 ----D---- C:\ProgramData\AVAST Software 2013-11-18 15:00:00 ----D---- C:\Windows\rescache 2013-11-15 12:30:07 ----D---- C:\Windows\SysWOW64 2013-11-15 12:30:07 ----D---- C:\Program Files (x86)\Internet Explorer 2013-11-15 12:30:03 ----D---- C:\Program Files\Internet Explorer 2013-11-15 12:30:02 ----D---- C:\Windows\SYSWOW64\nl-NL 2013-11-15 12:30:01 ----D---- C:\Windows\system32\nl-NL 2013-11-15 08:13:34 ----D---- C:\Windows\system32\catroot 2013-11-15 08:13:33 ----D---- C:\Windows\system32\catroot2 2013-11-15 08:12:10 ----D---- C:\Windows\system32\MRT 2013-11-15 08:09:33 ----A---- C:\Windows\system32\MRT.exe 2013-11-11 11:10:34 ----D---- C:\Program Files (x86)\AVG Secure Search 2013-11-04 22:54:58 ----HD---- C:\ProgramData 2013-11-04 13:06:57 ----D---- C:\Users\Wijna\AppData\Roaming\BitTorrent 2013-11-04 00:27:25 ----RSD---- C:\Windows\assembly 2013-11-04 00:27:07 ----D---- C:\Windows\Microsoft.NET 2013-11-04 00:18:32 ----D---- C:\ProgramData\CanonIJPLM 2013-10-30 20:37:35 ----D---- C:\Users\Wijna\AppData\Roaming\Task Coach 2013-10-22 15:05:11 ----D---- C:\Foto's 2013-10-21 08:26:46 ----D---- C:\Program Files (x86)\Common Files 2013-10-21 08:26:34 ----D---- C:\Program Files (x86)\Java ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-11-19 65776] R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-11-19 205320] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808] R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-11-26 28992] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888] R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-11-19 92544] R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-11-19 1032416] R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-11-19 409832] R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-11-19 65264] R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-11-11 46368] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-07-21 283064] R1 mwlPSDFilter;mwlPSDFilter; C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [2012-03-20 22648] R1 mwlPSDNServ;mwlPSDNServ; C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [2012-03-20 20520] R1 mwlPSDVDisk;mwlPSDVDisk; C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-03-20 62776] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-11-19 38984] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-11-19 84328] R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-02 2750464] R3 HECIx64;Intel® Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-08-09 12289472] R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176] R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936] R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2012-02-07 18432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-28 1417776] R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2012-02-07 17408] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2; C:\Windows\system32\DRIVERS\aabed2.sys [2008-03-20 28672] S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-06-22 116992] S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-06-22 113792] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-19 50344] R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360] R2 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 871296] R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2012-02-29 28264] R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2011-09-06 140456] R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376] R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-09-16 325656] R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-11-26 1640768] R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-26 2253120] R2 UNS;Intel® Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-09-16 2538520] R2 vToolbarUpdater17.1.2;vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [2013-11-11 1734680] R3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-20 253600] S3 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-07-12 655624] S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-01-22 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] -----------------EOF-----------------

Hallo, Vandaag heb ik een virus op mijn pc gevonden en met een scanner verwijderd. Maar sindsdien doen alle scrollbars ineens raar. Ik kan niet meer normaal scrollen als ik op een scrollbar klik. Soms gaan ze zelfs een eigen leven leiden als ik er met de cursor overheen ga en gaat de betreffende scrollbar vanzelf naar boven of beneden terwijl je er zelfs niets aan kunt doen. Gek genoeg kan ik wel normaal scrollen met de scrollknop op mijn muis. Kan iemand mij helpen om dit probleem op te lossen? Alvast bedankt! Groet, Dennis

Hoi, Heb AdwCleaner laten draaien en de volgende log voor de zekerheid even gekopieerd: # AdwCleaner v2.115 - Verslag gemaakt op 26/03/2013 om 08:50:59 # Geactualiseerd op 17/03/2013 door Xplode # Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits) # Gebruiker : Dennis - PC_VAN_DENNIS # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Dennis\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml Map Verwijdert : C:\Program Files\Common Files\Speedbit Map Verwijdert : C:\ProgramData\Speedbit Map Verwijdert : C:\Users\Dennis\AppData\LocalLow\Speedbit ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\1ClickDownload Sleutel Verwijdert : HKCU\Software\APN Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\AskToolbar Sleutel Verwijdert : HKCU\Software\Ask.com Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKCU\Software\SpeedBit Sleutel Verwijdert : HKLM\Software\APN Sleutel Verwijdert : HKLM\Software\AskToolbar Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd Sleutel Verwijdert : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1 Sleutel Verwijdert : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF Sleutel Verwijdert : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E Sleutel Verwijdert : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v11.0 (nl) File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\kz9baqee.default\prefs.js [OK] De file bevat geen enkele ongeoorloofde invoer. -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [6916 octets] - [26/03/2013 08:50:59] ########## EOF - C:\AdwCleaner[s1].txt - [6976 octets] ########## Helaas houd ik nog altijd dezelfde problemen. Toen de computer opnieuw is opgestart door AdwCleaner en ik explorer opende kreeg ik een melding die ik ook nog niet eerder had gezien. Namelijk of ik de browser "Bing" als standaard in wilde stellen. Ik hoop dat mijn pc geen hulpeloos geval is . Groetjes, Dennis

Zoek.exe Version 4.0.0.2 Updated 23-03-2013 Tool run by Dennis on zo 24-03-2013 at 22:30:00,86. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Folders Found ====================== ==== Files Found ====================== ==== Registry Search Results for "Cute PDF Editor toolbar" ====================== No instances of string "Cute PDF Editor toolbar" found.

Hoi Mako, Tot zover alvast heel erg bedankt voor je hulp! Ik heb zojuist opnieuw opgestart maar ik houd helaas dezelfde problemen. Heb ook geprobeerd om "Cute PDF Editor toolbar" van Ask.com te verwijderen maar dan krijg ik de volgende melding: "De functie die u wilt gebruiken, bevindt zich op een netwerkbron die niet beschikbaar is. Klik op ok om het opnieuw te proberen of typ in het onderstaande vak een ander pad naar een map met het installatiepakket Ask Toolbar.msi. Gebruik bron: C:\Users\Dennis\AppData\Local\Temp\{083AE258-21C5-4D90-A595-ACF6CC4587B8}\ Groet, Dennis

Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Databaseversie: v2013.03.23.07 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Dennis :: PC_VAN_DENNIS [administrator] 23-3-2013 15:26:04 mbam-log-2013-03-23 (15-26-04).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 191862 Verstreken tijd: 8 minuut/minuten, 17 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

Zoek.exe Version 4.0.0.2 Updated 20-03-2013 Tool run by Dennis on za 23-03-2013 at 11:35:34,26. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86 Running in: Normal Mode Internet Access Detected ==== System Restore Info ====================== 23-3-2013 11:37:26 Zoek.exe System Restore Point Created Succesfully. ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\AGRSMMSG.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Mail\WinMail.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe C:\Users\Dennis\Desktop\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Users\Dennis\Desktop\zoek.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\svchost.exe -k swprv ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1629421708-88473554-1036716756-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1629421708-88473554-1036716756-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully HKEY_USERS\S-1-5-21-1629421708-88473554-1036716756-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} deleted successfully HKEY_USERS\S-1-5-21-1629421708-88473554-1036716756-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} deleted successfully HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1629421708-88473554-1036716756-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully ==== Installed Programs ====================== Able2Extract Professional 8.0 ABN AMRO e.dentifier2 software ADBplus Special Kassa Small Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.4) - Nederlands Agere Systems HDA Modem Ask Toolbar Avira Free Antivirus BitComet 1.32 Canon Easy-PhotoPrint EX Canon Hulpprogramma Snelkiezen Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MP Navigator EX 5.1 Canon MX430 series MP Drivers Canon MX430 series On-screen Manual Canon My Printer Canon Solution Menu EX CCleaner Collage Maker Compatibility Pack for the 2007 Office system CutePDF Editor Toolbar Updater CutePDF Writer 3.0 D3DX10 DivX Setup FastStone Image Viewer 4.6 Free CD to MP3 Converter Gebruikersregistratie voor Canon MX430 series GPL Ghostscript 8.63 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Java 7 Update 17 Java Auto Updater MailNavigator Malwarebytes Anti-Malware versie 1.70.0.1100 Microsoft .NET Framework 3.5 Language Pack SP1 - nld Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft Application Error Reporting Microsoft Office XP Professional Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 11.0 (x86 nl) MSVCRT NVIDIA Drivers Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) Segoe UI SUPERAntiSpyware Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VC80CRTRedist - 8.0.50727.6195 VLC media player 2.0.3 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR archiver ==== FireFox Fix ====================== ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\kz9baqee.default user.js not found ---- Lines ask.com removed from prefs.js ---- ---- Lines ask.com modified from prefs.js ---- user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1332864930438},\"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\":{\"descriptor\":\"C:\\\\Program Files\\\\DivX\\\\DivX Plus Web Player\\\\firefox\\\\DivXHTML5\",\"mtime\":1342889014477}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1334560240371}}},{\"name\":\"app-profile\",\"addons\":{\"jid1-yZwVFzbsyfMrqQ@jetpack\":{\"descriptor\":\"C:\\\\Users\\\\Dennis\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kz9baqee.default\\\\extensions\\\\jid1-yZwVFzbsyfMrqQ@jetpack\",\"mtime\":1349381735179},\"toolbar@ask.com\":{\"descriptor\":\"C:\\\\Users\\\\Dennis\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kz9baqee.default\\\\extensions\\\\toolbar@ask.com\",\"mtime\":1340625379647},\"{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\":{\"descriptor\":\"C:\\\\Users\\\\Dennis\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\kz9baqee.default\\\\extensions\\\\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\",\"mtime\":1342813379513}}}]"); ---- Lines speedbit removed from prefs.js ---- user_pref("browser.search.defaultenginename", "SpeedBit Search"); user_pref("browser.search.defaulturl", "Search by Speedbit.com="); user_pref("browser.search.order.1", "SpeedBit Search"); user_pref("browser.search.selectedEngine", "SpeedBit Search"); user_pref("browser.startup.homepage", "Search by Speedbit.com"); user_pref("browser.startup.homepage_override_url", "Search by Speedbit.com"); user_pref("keyword.URL", "Search by Speedbit.com="); ---- Lines speedbit modified from prefs.js ---- ---- FireFox user.js and prefs.js backups ---- prefs_23-03-2013_1140_.backup ==== Deleting Files \ Folders ====================== "C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\kz9baqee.default\searchplugins\speedbit.xml" deleted "C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml" deleted "C:\Program Files\Ask.com" deleted "C:\Users\Dennis\AppData\Local\PackageAware" deleted "C:\Users\Dennis\AppData\LocalLow\AskToolbar" deleted "C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}" deleted "C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\kz9baqee.default\extensions\toolbar@ask.com" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2013-03-12 14:34:55 39E55F0BE3F93DBCB307FA4101C54615 34 ----a-w- C:\Windows\cdplayer.ini 2013-03-12 14:22:15 64F2C6A79391E01F7531B81AC9FB3E86 880912 ----a-w- C:\Windows\WM8EUTIL.exe ====== C:\Users\Dennis\AppData\Local\Temp ==== 2013-03-19 22:53:56 832C686183E29661949BB9AB483F525B 933256 ----a-w- C:\Users\Dennis\AppData\Local\Temp\DivXSetup.exe 2013-03-19 07:44:53 E18FA9B4C03FB75CDF23665B1F30C085 2482944 ----a-w- C:\Users\Dennis\AppData\Local\Temp\iMesh_setup.exe 2013-03-14 10:37:32 791EFB314FBDBF24D92135863D86FAD7 6791464 ----a-w- C:\Users\Dennis\AppData\Local\Temp\SetupDataMngr_iMesh.exe ====== C:\Windows\system32 ===== ====== C:\Windows\system32\drivers ===== ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-03-17 20:50:50 -------- d-----w- C:\Program Files\Investintech.com Inc 2013-03-12 14:22:14 -------- d-----w- C:\Program Files\CD to MP3 Freeware ======= C: ===== ====== C:\Users\Dennis\AppData\Roaming ====== 2013-03-17 20:53:33 -------- d-----w- C:\users\Dennis\AppData\Local\Investintech.com Inc 2013-03-17 20:53:28 -------- d-----w- C:\users\Dennis\AppData\Roaming\Nuance 2013-03-12 14:22:20 A1FA869A208F695E97BE330A463AD9F9 40 ----a-w- C:\users\Dennis\AppData\Roaming\cdr.ini 2013-03-12 14:22:20 -------- d-----w- C:\users\Dennis\AppData\Roaming\Eusing 2013-03-04 22:56:07 -------- d-----w- C:\users\Dennis\AppData\Locallow\Sun ====== C:\Users\Dennis ====== 2013-03-04 22:59:52 -------- d-----w- C:\ProgramData\Sun ====== C: exe-files == 2013-03-19 22:57:15 D5D08A81C7B2CDBECA928ACD840825DC 66441 ----a-w- C:\ProgramData\DivX\WebPlayer\Uninstaller.exe 2013-03-19 22:57:08 EFEB6EF738D13E7B913ED717A49CE94A 65915 ----a-w- C:\ProgramData\DivX\Player\Uninstaller.exe 2013-03-19 22:57:08 04A2028653B55E2A1E5B954B48E18807 61792 ----a-w- C:\ProgramData\DivX\Update\Uninstaller.exe 2013-03-19 22:56:04 D35F2C391C753D8767B1DAF1D8AA34D1 65056 ----a-w- C:\ProgramData\DivX\TransferWizard\Uninstaller.exe 2013-03-19 22:56:02 8C969F897C07BE0CE32D1E2E47383591 64568 ----a-w- C:\ProgramData\DivX\DivXMediaServer\Uninstaller.exe 2013-03-19 22:55:57 14876FF0FEA0E2ED3F14F474F3EEF2A2 65229 ----a-w- C:\ProgramData\DivX\DSDesktopComponents\Uninstaller.exe 2013-03-19 22:55:49 9C5D3BA5F54A5A7BBAA201A83FDB1069 62857 ----a-w- C:\ProgramData\DivX\DFXPlugin\Uninstaller.exe 2013-03-19 22:55:46 E547F28BFD8656E10BBE2F26B0EDDB2B 62834 ----a-w- C:\ProgramData\DivX\Converter\Uninstaller.exe 2013-03-19 22:55:43 E1E7B2F109BEA9303C21A3D7F24BB442 62887 ----a-w- C:\ProgramData\DivX\TranscodeEngine\Uninstaller.exe 2013-03-19 22:55:32 7446C43414F81F948FCF7D35989B0C22 65783 ----a-w- C:\ProgramData\DivX\ControlPanel\Uninstaller.exe 2013-03-19 22:53:56 832C686183E29661949BB9AB483F525B 933256 ----a-w- C:\Users\Dennis\AppData\Local\Temp\DivXSetup.exe 2013-03-19 07:44:53 E18FA9B4C03FB75CDF23665B1F30C085 2482944 ----a-w- C:\Users\Dennis\AppData\Local\Temp\iMesh_setup.exe 2013-03-17 20:51:08 92C72B8B1258B5F162912AF24CC4BBDD 1471792 ----a-w- C:\Program Files\Investintech.com Inc\Able2Extract Professional 8.0\xocr32b.exe 2013-03-17 20:51:02 4770742E607307001F318950E8D0CFE3 18327472 ----a-w- C:\Program Files\Investintech.com Inc\Able2Extract Professional 8.0\Able2ExtractPro.exe 2013-03-17 20:50:50 55CDBF85F91B5AD7B0C82CD6B3F00E4E 1560801 ----a-w- C:\Program Files\Investintech.com Inc\Able2Extract Professional 8.0\unins000.exe === C: other files == 2013-03-19 07:50:52 BC14BFAA5DD581F8C6390CF4818FB93D 78 ----a-w- C:\Users\Dennis\AppData\Local\Temp\thanks.bat ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem" [HKEY_USERS\S-1-5-21-1629421708-88473554-1036716756-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "NvCplDaemon"="RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup" "NvMediaCenter"="RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" "DivXMediaServer"="C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe" "DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW" "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background" "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" ==== Startup Folders ====================== 2012-03-22 12:04:10 1880 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ==== Firefox Extensions ====================== ProfilePath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\kz9baqee.default - Lavasoft Search Plugin - %ProfilePath%\extensions\jid1-yZwVFzbsyfMrqQ@jetpack - BitComet - %ProfilePath%\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\kz9baqee.default 0A7B01235B1CBFA387B04A91E2F2B7D0 - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat AEA69AF0E4F27AABA1A4DF66B43179A3 - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin C517E5EA7CEE783F3681F62D2A362E5B - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery 0383A25D0433516CA14918D3779ACFD8 - C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll - BitCometAgent 7F776D29CE1EC62F9D30BD877A40D419 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player 9C06DBC403F91D518ED117E460F03F85 - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility for IJ AF98ECFCA95399CB7402C34E5E2967B6 - C:\Program Files\ABN AMRO e.dentifier2\Mozilla\npBECON.dll - ABN AMRO e.dentifier2 Plug-in B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation 0A7B01235B1CBFA387B04A91E2F2B7D0 - C:\Program Files\Adobe\Reader 10.0\Reader\browser\nppdf32.dll - Adobe Acrobat 84CBD6F6AA7EE399FBDC265B8EA64474 - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll - Adobe Acrobat ==== Deleting Files \ Folders ====================== "C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\kz9baqee.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack" deleted ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[07-02-2013 06:47] YouTube - Dennis - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo DAP Link Checker - Dennis - Default\Extensions\bodfdknjhecmadheclfjkhhiofeagdbh Google Search - Dennis - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf DivX Plus Web Player HTML5 \u003Cvideo\u003E - Dennis - Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm Gmail - Dennis - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="Google" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{95B7759C-8C7F-4BF1-B163-73684A933233}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="{searchTerms} - Bing" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}" {95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="https://isearch.avg.com/search?cid={8FE97805-2F25-4D6E-B4F5-F27C3C961BBD}&mid=d590fa5f3e9e47d0a145d15f95b408c7-7cf467209ae78cfa106010aec6e6b9cf285e9e9f〈=nl&ds=gm011&pr=sa&d=2012-09-27" ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Dennis\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dennis\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== C:\users\Dennis\AppData\Local\Mozilla\Firefox\Profiles\kz9baqee.default\Cache emptied successfully ==== Empty Chrome Cache ====================== C:\users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Dennis\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Dennis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:37:49, on 22-3-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16464) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\AGRSMMSG.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\Macromed\Flash\FlashUtil11g_ActiveX.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\EXCEL.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Mail\WinMail.exe C:\Users\Dennis\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: CutePDF Editor Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &D&ownload &met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload alles met BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing) O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 6731 bytes

Beste mensen van PC Helpforum, Ik ervaar het volgende probleem. Ik heb Imesh geinstalleerd op mijn pc en nu zijn explorer en andere programma's enorm traag geworden. Vooral de laadtijd is langzaam maar ook het gebruik is traag en "hakkelig". Ik heb Imesh inmiddels gedeinstalleerd maar de problemen blijven bestaan. Kunnen jullie mij helpen? Bedankt! Groet, Dennis

ComboFix 11-12-20.01 - gebruiker 20-12-2011 13:59:41.10.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1377 [GMT 1:00] Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\gebruiker\Bureaublad\CFScript.txt AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . FILE :: "c:\documents and settings\gebruiker\local settings\Temp\ldiskl.sys" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2} c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2}\1043.MST c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2}\ABN AMRO e.dentifier2 software.msi . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_ldiskl . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))) . . 2011-12-14 08:59 . 2011-12-20 12:55 -------- d--h--r- c:\documents and settings\gebruiker\Onlangs geopend 2011-12-10 10:29 . 2008-03-20 11:34 21888 ----a-w- c:\windows\system32\drivers\aabed2.sys 2011-12-10 10:29 . 2011-12-10 10:29 -------- d-----w- c:\program files\ABN AMRO e.dentifier2 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:13 . 2001-09-07 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2007-05-03 15:21 186880 ------w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2007-05-03 14:47 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2001-09-07 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-12-07 20:16 . 2011-09-09 10:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-18_13.14.55 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-20 13:13 . 2011-12-20 13:13 16384 c:\windows\temp\Perflib_Perfdata_7cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "nwiz"="nwiz.exe" [2006-07-20 1519616] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"= "c:\\Program Files\\Call of Duty\\CoDMP.exe"= "d:\\Battle for middle earth\\game.dat"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\All Users\\Documenten\\logivert\\ebt5\\catalogs\\Babywinkel (demo)\\previewbase\\usbwebserver8\\apache\\bin\\httpd_usbwv8.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 13:53 64288] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 20:39 95024] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 16:52 1355968] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 11:15 1097728] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [10-12-2011 11:29 21888] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 14:52 100480] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2011-12-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53] . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . 2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-20 14:14 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f, 68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(832) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(2612) c:\windows\system32\nview.dll c:\windows\system32\NVWRSNL.DLL c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\System32\SCardSvr.exe c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\RTHDCPL.EXE c:\windows\system32\msiexec.exe c:\windows\system32\rundll32.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe . ************************************************************************** . Voltooingstijd: 2011-12-20 14:22:14 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-20 13:22 ComboFix2.txt 2011-12-19 18:38 ComboFix3.txt 2011-12-18 13:17 ComboFix4.txt 2011-10-09 16:01 . Pre-Run: 11.024.310.272 bytes beschikbaar Post-Run: 11.158.351.872 bytes beschikbaar . - - End Of File - - C7979358911918D7EAEE83C13197B6D7

Het verwijderen van Bitdefender via IE is gelukt! Hierbij de logs van Hijackthis en combofix: Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:23:35, on 19-12-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\PROGRA~1\DAP\DAP.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265730781890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1265730753062 O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 9372 bytes Combofix: ComboFix 11-12-19.01 - gebruiker 19-12-2011 19:22:27.9.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1449 [GMT 1:00] Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))) . . 2011-12-14 08:59 . 2011-12-19 17:23 -------- d--h--r- c:\documents and settings\gebruiker\Onlangs geopend 2011-12-10 10:29 . 2008-03-20 11:34 21888 ----a-w- c:\windows\system32\drivers\aabed2.sys 2011-12-10 10:29 . 2011-12-10 10:29 -------- d-----w- c:\program files\ABN AMRO e.dentifier2 2011-12-10 10:28 . 2011-12-10 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:13 . 2001-09-07 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2007-05-03 15:21 186880 ------w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2007-05-03 14:47 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2001-09-07 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-12-07 20:16 . 2011-09-09 10:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-18_13.14.55 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-19 17:34 . 2011-12-19 17:34 16384 c:\windows\temp\Perflib_Perfdata_8c.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "nwiz"="nwiz.exe" [2006-07-20 1519616] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"= "c:\\Program Files\\Call of Duty\\CoDMP.exe"= "d:\\Battle for middle earth\\game.dat"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\All Users\\Documenten\\logivert\\ebt5\\catalogs\\Babywinkel (demo)\\previewbase\\usbwebserver8\\apache\\bin\\httpd_usbwv8.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 13:53 64288] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 20:39 95024] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 16:52 1355968] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 11:15 1097728] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [10-12-2011 11:29 21888] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 14:52 100480] S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2011-12-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . 2011-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-19 19:33 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f, 68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(828) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . - - - - - - - > 'explorer.exe'(3780) c:\windows\system32\nview.dll c:\windows\system32\NVWRSNL.DLL c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\nvwddi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2011-12-19 19:38:25 ComboFix-quarantined-files.txt 2011-12-19 18:38 ComboFix2.txt 2011-12-18 13:17 ComboFix3.txt 2011-10-09 16:01 . Pre-Run: 11.097.739.264 bytes beschikbaar Post-Run: 11.317.653.504 bytes beschikbaar . - - End Of File - - 3C1AF31097359AB20AC23C83ABF7108F

Avira gebruik ik inderdaad maar ik gebruik niets van trendmicro of Bitdefender en er zijn ook geen aanverwante programma's geinstalleerd. Ik heb dit middels een zoekopdracht ook nog eens gecontroleerd. Het kan zijn dat ik deze programma's in het verleden wel eens gebruikt heb maar de laatste tijd zeker niet.

Hierbij de log van combofix: ComboFix 11-12-17.05 - gebruiker 18-12-2011 14:05:44.8.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1389 [GMT 1:00] Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7} AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242} FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.exe.lnk . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))) . . 2011-12-14 08:59 . 2011-12-15 21:38 -------- d--h--r- c:\documents and settings\gebruiker\Onlangs geopend 2011-12-10 10:29 . 2008-03-20 11:34 21888 ----a-w- c:\windows\system32\drivers\aabed2.sys 2011-12-10 10:29 . 2011-12-10 10:29 -------- d-----w- c:\program files\ABN AMRO e.dentifier2 2011-12-10 10:28 . 2011-12-10 10:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{6CDCEBFA-D5FA-4ED0-A11F-AC1F8BD76DF2} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-23 14:40 . 2001-09-07 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys 2011-11-04 19:13 . 2001-09-07 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2011-11-04 19:13 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-11-04 19:13 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-11-04 11:25 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec 2011-11-01 16:07 . 2001-09-07 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll 2011-10-28 05:32 . 2001-09-07 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-10-26 10:50 . 2001-09-07 12:00 2153472 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-10-26 10:50 . 2001-09-06 19:53 2031616 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-10-18 11:13 . 2007-05-03 15:21 186880 ------w- c:\windows\system32\encdec.dll 2011-10-10 14:22 . 2007-05-03 14:47 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06 . 2001-09-07 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 09:41 . 2008-07-29 17:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2001-09-07 12:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2001-09-07 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-12-07 20:16 . 2011-09-09 10:44 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280] "LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776] "LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088] "DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920] "NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "nwiz"="nwiz.exe" [2006-07-20 1519616] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\Program Files\\ABC\\abc.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"= "c:\\Program Files\\Call of Duty\\CoDMP.exe"= "d:\\Battle for middle earth\\game.dat"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\All Users\\Documenten\\logivert\\ebt5\\catalogs\\Babywinkel (demo)\\previewbase\\usbwebserver8\\apache\\bin\\httpd_usbwv8.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 13:53 64288] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 20:39 95024] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 16:52 1355968] R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 11:15 1097728] S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?] S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664] S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [10-12-2011 11:29 21888] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 13:06 135664] S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 14:52 100480] S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?] S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?] S3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2011-12-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53] . 2011-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . 2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\ . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-18 14:14 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f, 68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80 . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(828) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . Voltooingstijd: 2011-12-18 14:17:05 ComboFix-quarantined-files.txt 2011-12-18 13:17 ComboFix2.txt 2011-10-09 16:01 . Pre-Run: 11.078.254.592 bytes beschikbaar Post-Run: 11.230.728.192 bytes beschikbaar . - - End Of File - - B3F74A060419F4BC669A19B13B62E8F8

Ik heb inderdaad ook in verborgen mappen gezocht maar tevergeefs. Ik kan dit .exe file niet vinden.

Ik heb geprobeerd het volledige pad op te sporen maar kom hier niet echt verder mee. Tevens heb ik proberen te achterhalen waar dit bestand bij zou moeten horen maar ook dat kan ik niet achterhalen. Ik kan nergens een bestand vinden met de naam agent.exe Gr. Dennis