Jion

Your Score: 100% All hail the master of rogue antivirus detection! lol

Ja inderdaad.

Dag Marielle, Welkom op PCH! We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem. 1. Download HijackThis. (klik er op) Klik op HijackThis.msi en de download start automatisch na 5 seconden. Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren". Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden. 2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!) Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog". Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets. Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets. Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier) 3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces. Tip! Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Dag Saida, Maak eens op een andere computer een Avira Antivir Rescue cd (klik erop) aan en volg de instructies om je besmette computer te scannen. Als dat gedaan is, probeer dan opnieuw een Hijackthis logje te plaatsen.

Dag François, Heb je al eens geprobeerd in veilige modus? Lukt het daar ook niet? Ik heb de malware specialisten verwittigd zodat zij je logje kunnen controleren.

Dag djibbie, We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem. 1. Download HijackThis. (klik er op) Klik op HijackThis.msi en de download start automatisch na 5 seconden. Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren". Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden. 2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!) Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog". Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets. Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets. Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier) 3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces. Tip! Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Qua gebruiksgemak zou ik zonder twijfel voor Windows 7 kiezen. Ik heb zelf ook nog een oudere laptop met slechts 3GB Ram geheugen en de 64 bits versie draait er probleemloos op.

ok bedankt (alweer) voor de hulp! Combofix en HJT zijn verwijderd. Nu een laatste opkuis doen en hij mag terug naar zijn eigenaar. ;-)

ComboFix 12-12-31.01 - David 31/12/2012 16:12:01.3.4 - x64 MINIMAL Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3894.2728 [GMT 1:00] Gestart vanuit: c:\users\David\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\David\Desktop\CFScript.txt AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))) . . 2012-12-31 15:17 . 2012-12-31 15:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-31 13:04 . 2012-12-31 13:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-31 13:04 . 2012-12-31 13:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-31 13:04 . 2012-12-31 13:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-31 13:04 . 2012-12-31 13:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-31 13:04 . 2012-12-31 13:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-31 13:04 . 2012-12-31 13:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-31 13:04 . 2012-12-31 13:04 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-12-31 13:04 . 2012-12-31 13:04 -------- d-----w- c:\program files (x86)\QuickTime 2012-12-31 13:04 . 2012-12-31 13:04 -------- d-----w- c:\programdata\Apple Computer 2012-12-31 13:02 . 2012-12-31 13:02 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-12-31 12:19 . 2012-12-31 12:19 -------- d-----w- c:\users\David\AppData\Roaming\CheckPoint 2012-12-31 12:19 . 2012-12-31 12:19 -------- d-----w- c:\program files\CheckPoint 2012-12-31 12:19 . 2012-01-09 17:59 11864 ----a-w- c:\windows\system32\drivers\kl2.sys 2012-12-31 12:19 . 2012-01-09 17:59 460888 ----a-w- c:\windows\system32\drivers\kl1.sys 2012-12-31 12:19 . 2012-01-09 17:59 485680 ----a-w- c:\windows\system32\drivers\klif.sys 2012-12-31 12:17 . 2012-12-31 12:19 -------- d-----w- c:\program files (x86)\CheckPoint 2012-12-31 12:17 . 2012-12-31 12:17 -------- d-----w- c:\programdata\CheckPoint 2012-12-31 09:16 . 2012-12-31 09:16 -------- d-----w- c:\program files\Speccy 2012-12-31 08:29 . 2012-12-31 08:29 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2012-12-31 08:21 . 2012-12-31 08:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-31 08:20 . 2012-12-31 08:20 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-31 08:20 . 2012-12-31 08:20 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-31 08:20 . 2012-12-31 08:20 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-31 08:20 . 2012-12-31 08:20 -------- d-----w- c:\program files (x86)\Java 2012-12-31 08:11 . 2012-12-31 08:11 -------- d-----w- c:\program files (x86)\VideoLAN 2012-12-31 07:31 . 2012-12-31 07:31 388096 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-31 07:31 . 2012-12-31 07:31 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-31 07:26 . 2012-12-31 07:26 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\programdata\Malwarebytes 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-31 07:25 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\users\David\AppData\Local\Programs 2012-12-31 07:11 . 2012-12-31 07:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-12-22 20:48 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll 2012-12-22 20:48 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-22 20:48 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-22 10:42 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe 2012-12-22 10:42 . 2012-12-22 10:47 -------- d-----w- c:\program files (x86)\The Logo Creator v5 2012-12-22 09:55 . 2012-11-08 23:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE 2012-12-22 09:50 . 2012-12-22 09:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2012-12-22 09:34 . 2012-12-22 09:34 171136 ----a-w- C:\internet_explorer.exe 2012-12-21 20:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 20:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 20:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 20:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 15:18 . 2012-12-31 07:45 -------- d-----w- c:\users\David\AppData\Local\THWIT 2012-12-03 18:22 . 1999-03-05 21:15 74000 ----a-w- c:\windows\SysWow64\msrclr40.dll 2012-12-03 18:22 . 1999-03-05 21:15 28944 ----a-w- c:\windows\SysWow64\msrecr40.dll 2012-12-03 18:17 . 2012-12-03 18:17 -------- d-----w- c:\users\David\AppData\Roaming\EASYTools 2012-12-03 18:09 . 2004-02-16 19:48 323584 ----a-w- c:\windows\SysWow64\AcShlExt.dll 2012-12-03 18:09 . 2002-11-27 12:12 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL 2012-12-03 18:09 . 2002-11-27 12:12 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL 2012-12-03 18:09 . 1995-09-20 16:16 456976 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\dao3032.dll 2012-12-03 18:05 . 2012-12-22 09:31 -------- d-----w- c:\program files (x86)\Micro Application 2012-12-03 18:05 . 2003-03-19 03:05 89088 ----a-w- c:\windows\SysWow64\atl71.dll 2012-12-03 18:05 . 2002-12-05 13:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-12-03 18:05 . 2002-12-02 12:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-12-03 18:05 . 2012-12-03 18:05 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-12-03 18:05 . 2012-12-03 18:05 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2012-12-03 18:05 . 2005-03-24 04:18 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-12-03 18:05 . 2002-12-02 14:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-12-03 18:05 . 2002-12-02 12:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-31 12:09 . 2011-07-19 20:50 648024 ----a-w- c:\programdata\bdinstall.bin 2012-12-22 10:11 . 2011-07-19 20:16 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 19:01 . 2012-09-23 12:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 19:01 . 2011-08-18 17:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-01 14:31 . 2012-11-01 14:31 450136 ----a-w- c:\windows\system32\drivers\vsdatant.sys 2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 19:55 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 19:55 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 19:55 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 19:55 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 14:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-15 19:55 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-15 19:55 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-15 19:55 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-15 19:55 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-15 19:55 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-15 19:55 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-15 19:55 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-15 19:55 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-15 19:55 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 19:55 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-15 19:55 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-25 1193176] "Akamai NetSession Interface"="c:\users\David\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] "OpwareSE4"="c:\program files (x86)\scansoft\omnipagese4\opwarese4.exe" [2007-02-04 79400] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-07 73392] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2012-01-09 11864] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] R2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-02 33712] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-02 827560] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-29 1432400] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-19 1255736] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 19:01] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 20:28] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 20:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\wrtmon.exe" [2006-09-20 20480] "SynTPEnh"="c:\program files (x86)\synaptics\syntp\syntpenh.exe" [bU] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-02 1127592] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\spluhwc1.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-11-06 15:54; plugin@yontoo.com; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\spluhwc1.default\extensions\plugin@yontoo.com FF - ExtSQL: 2012-11-30 07:33; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - ExtSQL: 2012-12-31 13:19; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - user.js: extensions.BabylonToolbar_i.id - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.BabylonToolbar_i.hardId - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15395 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.claro.autoRvrt - false FF - user.js: extensions.claro_i.newTab - false FF - user.js: extensions.claro.prtnrId - claro FF - user.js: extensions.claro.prdct - claro FF - user.js: extensions.claro.aflt - babsst FF - user.js: extensions.claro_i.smplGrp - none FF - user.js: extensions.claro.tlbrId - iclaro FF - user.js: extensions.claro.instlRef - sst FF - user.js: extensions.claro.dfltLng - en FF - user.js: extensions.claro.excTlbr - false FF - user.js: extensions.claro.admin - false FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=17425&tt=3912_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - def FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=3e6609200000000000001ef46ac7f3a1&q= FF - user.js: extensions.BabylonToolbar.id - 3e6609200000000000001ef46ac7f3a1 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15608 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:50 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babclient FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - std FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extentions.y2layers.installId - 7fb875cf-3991-4d50-a34e-03c7475c69f9 FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.hmpg - true FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.hpOld - hxxp://www.google.be FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.Softonic.dspOld - Search the web (Babylon) FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic) FF - user.js: extensions.Softonic_i.dnsErr - true FF - user.js: extensions.Softonic_i.newTab - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=15&cc= FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.Softonic.instlDay - 15674 FF - user.js: extensions.Softonic.vrsn - 1.6.7.4 FF - user.js: extensions.Softonic.vrsni - 1.6.7.4 FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.46:44 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive FF - user.js: extensions.Softonic.instlRef - INF00047 FF - user.js: extensions.Softonic.dfltLng - nl FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) Toolbar-!{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file) Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\SetId\Internal] @Denied: (A 2) (LocalSystem) "DEVICE2"="vaaur8rPygA=" "DATA2"="<settings accountStatus=\"3\" oldDevice=\"\" timeDiff=\"4\" expireTime=\"1313700792\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"195\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"0\" />\0a" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-31 16:19:29 ComboFix-quarantined-files.txt 2012-12-31 15:19 ComboFix2.txt 2012-12-31 11:33 ComboFix3.txt 2012-12-31 10:21 . Pre-Run: 83.975.393.280 bytes beschikbaar Post-Run: 83.856.228.352 bytes beschikbaar . - - End Of File - - FC4A9FEAD90A837092207805D8B5C613

Update: Ondertussen is Bitdefender eraf gesmeten en vervangen door Zonealarm. De Bitdefender bleek een gekraakte versie te zijn en liet na de scan met Combofix een onstabiele netwerkverbinding achter.

ComboFix 12-12-31.01 - David 31/12/2012 12:25:57.2.4 - x64 MINIMAL Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3894.3235 [GMT 1:00] Gestart vanuit: c:\users\David\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\David\Desktop\CFScript.txt AV: BitDefender Antivirus *Disabled/Outdated* {50909708-FF80-02AF-F814-B28405891E92} FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SwSys1.bmp c:\windows\SwSys2.bmp c:\windows\wininit.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))) . . 2012-12-31 11:32 . 2012-12-31 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-31 09:16 . 2012-12-31 09:16 -------- d-----w- c:\program files\Speccy 2012-12-31 08:29 . 2012-12-31 08:29 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2012-12-31 08:21 . 2012-12-31 08:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-31 08:20 . 2012-12-31 08:20 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-31 08:20 . 2012-12-31 08:20 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-31 08:20 . 2012-12-31 08:20 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-31 08:20 . 2012-12-31 08:20 -------- d-----w- c:\program files (x86)\Java 2012-12-31 08:11 . 2012-12-31 08:11 -------- d-----w- c:\program files (x86)\VideoLAN 2012-12-31 07:31 . 2012-12-31 07:31 388096 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-31 07:31 . 2012-12-31 07:31 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-31 07:26 . 2012-12-31 07:26 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\programdata\Malwarebytes 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-31 07:25 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\users\David\AppData\Local\Programs 2012-12-31 07:11 . 2012-12-31 07:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-12-22 20:48 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll 2012-12-22 20:48 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-22 20:48 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-22 10:42 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe 2012-12-22 10:42 . 2012-12-22 10:47 -------- d-----w- c:\program files (x86)\The Logo Creator v5 2012-12-22 09:55 . 2012-11-08 23:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE 2012-12-22 09:50 . 2012-12-22 09:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2012-12-22 09:34 . 2012-12-22 09:34 171136 ----a-w- C:\internet_explorer.exe 2012-12-21 20:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 20:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 20:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 20:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 15:18 . 2012-12-31 07:45 -------- d-----w- c:\users\David\AppData\Local\THWIT 2012-12-03 18:22 . 1999-03-05 21:15 74000 ----a-w- c:\windows\SysWow64\msrclr40.dll 2012-12-03 18:22 . 1999-03-05 21:15 28944 ----a-w- c:\windows\SysWow64\msrecr40.dll 2012-12-03 18:17 . 2012-12-03 18:17 -------- d-----w- c:\users\David\AppData\Roaming\EASYTools 2012-12-03 18:09 . 2004-02-16 19:48 323584 ----a-w- c:\windows\SysWow64\AcShlExt.dll 2012-12-03 18:09 . 2002-11-27 12:12 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL 2012-12-03 18:09 . 2002-11-27 12:12 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL 2012-12-03 18:09 . 1995-09-20 16:16 456976 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\dao3032.dll 2012-12-03 18:05 . 2012-12-22 09:31 -------- d-----w- c:\program files (x86)\Micro Application 2012-12-03 18:05 . 2003-03-19 03:05 89088 ----a-w- c:\windows\SysWow64\atl71.dll 2012-12-03 18:05 . 2002-12-05 13:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-12-03 18:05 . 2002-12-02 12:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-12-03 18:05 . 2012-12-03 18:05 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-12-03 18:05 . 2012-12-03 18:05 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2012-12-03 18:05 . 2005-03-24 04:18 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-12-03 18:05 . 2002-12-02 14:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-12-03 18:05 . 2002-12-02 12:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-22 10:11 . 2011-07-19 20:16 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 19:01 . 2012-09-23 12:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 19:01 . 2011-08-18 17:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 19:55 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 19:55 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 19:55 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 19:55 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 14:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-15 19:55 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-15 19:55 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-15 19:55 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-15 19:55 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-15 19:55 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-15 19:55 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-15 19:55 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-15 19:55 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-15 19:55 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 19:55 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-15 19:55 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-25 1193176] "Akamai NetSession Interface"="c:\users\David\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "BitDefender Antiphishing Helper"="d:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-07-19 92352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624] "APSDaemon"="c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" [2011-11-01 59240] "OpwareSE4"="c:\program files (x86)\scansoft\omnipagese4\opwarese4.exe" [2007-02-04 79400] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144] R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408] R1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] R2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] R2 Updatesrv;BitDefender Desktop Update Service;d:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-07-19 53224] R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-11-29 591968] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-11-29 1186272] R3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-29 1432400] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-19 1255736] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 19:01] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 20:28] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 20:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "BitDefender Antiphishing Helper"="d:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-07-19 109344] "BDAgent"="d:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-07-19 2026680] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\wrtmon.exe" [2006-09-20 20480] "SynTPEnh"="c:\program files (x86)\synaptics\syntp\syntpenh.exe" [bU] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\spluhwc1.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-11-06 15:54; plugin@yontoo.com; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\spluhwc1.default\extensions\plugin@yontoo.com FF - ExtSQL: 2012-11-30 07:33; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - user.js: extensions.BabylonToolbar_i.id - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.BabylonToolbar_i.hardId - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15395 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.claro.autoRvrt - false FF - user.js: extensions.claro_i.newTab - false FF - user.js: extensions.claro.prtnrId - claro FF - user.js: extensions.claro.prdct - claro FF - user.js: extensions.claro.aflt - babsst FF - user.js: extensions.claro_i.smplGrp - none FF - user.js: extensions.claro.tlbrId - iclaro FF - user.js: extensions.claro.instlRef - sst FF - user.js: extensions.claro.dfltLng - en FF - user.js: extensions.claro.excTlbr - false FF - user.js: extensions.claro.admin - false FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=17425&tt=3912_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - def FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=3e6609200000000000001ef46ac7f3a1&q= FF - user.js: extensions.BabylonToolbar.id - 3e6609200000000000001ef46ac7f3a1 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15608 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:50 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babclient FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - std FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extentions.y2layers.installId - 7fb875cf-3991-4d50-a34e-03c7475c69f9 FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.hmpg - true FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.hpOld - hxxp://www.google.be FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.Softonic.dspOld - Search the web (Babylon) FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic) FF - user.js: extensions.Softonic_i.dnsErr - true FF - user.js: extensions.Softonic_i.newTab - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=15&cc= FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.Softonic.instlDay - 15674 FF - user.js: extensions.Softonic.vrsn - 1.6.7.4 FF - user.js: extensions.Softonic.vrsni - 1.6.7.4 FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.46:44 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive FF - user.js: extensions.Softonic.instlRef - INF00047 FF - user.js: extensions.Softonic.dfltLng - nl FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) Toolbar-!{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file) Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\SetId\Internal] @Denied: (A 2) (LocalSystem) "DEVICE2"="vaaur8rPygA=" "DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-31 12:33:44 ComboFix-quarantined-files.txt 2012-12-31 11:33 ComboFix2.txt 2012-12-31 10:21 . Pre-Run: 84.392.108.032 bytes beschikbaar Post-Run: 84.283.285.504 bytes beschikbaar . - - End Of File - - 5682A722E2206C0550DD1BFA88ADEEED

Combofix ComboFix 12-12-31.01 - David 31/12/2012 10:43:46.1.4 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3894.2118 [GMT 1:00] Gestart vanuit: c:\users\David\Desktop\ComboFix.exe AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\TelevisionFanaticEI c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll c:\windows\SysWow64\UNWISE.EXE . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))) . . 2012-12-31 10:02 . 2012-12-31 10:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-31 09:16 . 2012-12-31 09:16 -------- d-----w- c:\program files\Speccy 2012-12-31 08:29 . 2012-12-31 08:29 8192 ----a-w- c:\windows\SysWow64\srvany.exe 2012-12-31 08:21 . 2012-12-31 08:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-31 08:20 . 2012-12-31 08:20 859072 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-12-31 08:20 . 2012-12-31 08:20 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-31 08:20 . 2012-12-31 08:20 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-31 08:20 . 2012-12-31 08:20 -------- d-----w- c:\program files (x86)\Java 2012-12-31 08:11 . 2012-12-31 08:11 -------- d-----w- c:\program files (x86)\VideoLAN 2012-12-31 07:31 . 2012-12-31 07:31 388096 ----a-r- c:\users\David\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-31 07:31 . 2012-12-31 07:31 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-31 07:26 . 2012-12-31 07:26 -------- d-----w- c:\users\David\AppData\Roaming\Malwarebytes 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\programdata\Malwarebytes 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-31 07:25 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-31 07:25 . 2012-12-31 07:25 -------- d-----w- c:\users\David\AppData\Local\Programs 2012-12-31 07:11 . 2012-12-31 07:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-12-22 20:48 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll 2012-12-22 20:48 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-22 20:48 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-22 10:42 . 2004-03-29 15:23 90112 ----a-w- c:\windows\unvise32.exe 2012-12-22 10:42 . 2012-12-22 10:47 -------- d-----w- c:\program files (x86)\The Logo Creator v5 2012-12-22 09:55 . 2012-11-08 23:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE 2012-12-22 09:50 . 2012-12-22 09:50 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2012-12-22 09:34 . 2012-12-22 09:34 171136 ----a-w- C:\internet_explorer.exe 2012-12-21 20:46 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 20:46 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 20:46 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 20:46 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-20 15:18 . 2012-12-31 07:45 -------- d-----w- c:\users\David\AppData\Local\THWIT 2012-12-03 18:22 . 1999-03-05 21:15 74000 ----a-w- c:\windows\SysWow64\msrclr40.dll 2012-12-03 18:22 . 1999-03-05 21:15 28944 ----a-w- c:\windows\SysWow64\msrecr40.dll 2012-12-03 18:17 . 2012-12-03 18:17 -------- d-----w- c:\users\David\AppData\Roaming\EASYTools 2012-12-03 18:09 . 2004-02-16 19:48 323584 ----a-w- c:\windows\SysWow64\AcShlExt.dll 2012-12-03 18:09 . 2002-11-27 12:12 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL 2012-12-03 18:09 . 2002-11-27 12:12 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL 2012-12-03 18:09 . 1995-09-20 16:16 456976 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\DAO\dao3032.dll 2012-12-03 18:05 . 2012-12-22 09:31 -------- d-----w- c:\program files (x86)\Micro Application 2012-12-03 18:05 . 2003-03-19 03:05 89088 ----a-w- c:\windows\SysWow64\atl71.dll 2012-12-03 18:05 . 2002-12-05 13:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll 2012-12-03 18:05 . 2002-12-02 12:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll 2012-12-03 18:05 . 2012-12-03 18:05 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll 2012-12-03 18:05 . 2012-12-03 18:05 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll 2012-12-03 18:05 . 2005-03-24 04:18 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll 2012-12-03 18:05 . 2002-12-02 14:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe 2012-12-03 18:05 . 2002-12-02 12:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-22 10:11 . 2011-07-19 20:16 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-12 19:01 . 2012-09-23 12:34 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 19:01 . 2011-08-18 17:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-16 08:38 . 2012-11-27 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-15 19:55 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-15 19:55 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-15 19:55 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 19:55 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 14:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-15 19:55 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-15 19:55 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-15 19:55 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-15 19:55 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-15 19:55 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-15 19:55 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-15 19:55 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-15 19:55 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-15 19:55 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 19:55 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-15 19:55 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-07-08 08:37 . 2010-07-08 08:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="c:\users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-25 1193176] "Akamai NetSession Interface"="c:\users\David\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "BitDefender Antiphishing Helper"="d:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-07-19 92352] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2006-09-01 282624] "APSDaemon"="c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe" [2011-11-01 59240] "OpwareSE4"="c:\program files (x86)\scansoft\omnipagese4\opwarese4.exe" [2007-02-04 79400] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144] R1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408] R1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] R2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys [2006-12-13 65024] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520] R2 KMService;KMService;c:\windows\system32\srvany.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] R2 Updatesrv;BitDefender Desktop Update Service;d:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-07-19 53224] R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-11-29 591968] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-11-29 1186272] R3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896] R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-03-13 71168] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-29 1432400] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-03-13 20992] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-03-13 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\DRIVERS\terminpt.sys [2011-03-13 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2011-03-13 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-03-13 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-03-13 117248] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-19 1255736] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 19:01] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 20:28] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-09 20:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "BitDefender Antiphishing Helper"="d:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-07-19 109344] "BDAgent"="d:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-07-19 2026680] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024] "WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\wrtmon.exe" [2006-09-20 20480] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\spluhwc1.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-11-06 15:54; plugin@yontoo.com; c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\spluhwc1.default\extensions\plugin@yontoo.com FF - ExtSQL: 2012-11-30 07:33; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF - user.js: extensions.BabylonToolbar_i.id - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.BabylonToolbar_i.hardId - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15395 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: extensions.claro.autoRvrt - false FF - user.js: extensions.claro_i.newTab - false FF - user.js: extensions.claro.prtnrId - claro FF - user.js: extensions.claro.prdct - claro FF - user.js: extensions.claro.aflt - babsst FF - user.js: extensions.claro_i.smplGrp - none FF - user.js: extensions.claro.tlbrId - iclaro FF - user.js: extensions.claro.instlRef - sst FF - user.js: extensions.claro.dfltLng - en FF - user.js: extensions.claro.excTlbr - false FF - user.js: extensions.claro.admin - false FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=17425&tt=3912_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - def FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=3e6609200000000000001ef46ac7f3a1&q= FF - user.js: extensions.BabylonToolbar.id - 3e6609200000000000001ef46ac7f3a1 FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15608 FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12 FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1216:50 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babclient FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - std FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extentions.y2layers.installId - 7fb875cf-3991-4d50-a34e-03c7475c69f9 FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings FF - user.js: extensions.Softonic.autoRvrt - false FF - user.js: extensions.Softonic_i.hmpg - true FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.hpOld - hxxp://www.google.be FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=13&cc= FF - user.js: extensions.Softonic.dfltSrch - true FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic) FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=2&cc=&q= FF - user.js: extensions.Softonic.dspOld - Search the web (Babylon) FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic) FF - user.js: extensions.Softonic_i.dnsErr - true FF - user.js: extensions.Softonic_i.newTab - true FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=15&cc= FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/INF00047/tb_v1?SearchSource=1&cc=&q= FF - user.js: extensions.Softonic.id - 3e66092000000000000078acc03f27c9 FF - user.js: extensions.Softonic.instlDay - 15674 FF - user.js: extensions.Softonic.vrsn - 1.6.7.4 FF - user.js: extensions.Softonic.vrsni - 1.6.7.4 FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.46:44 FF - user.js: extensions.Softonic.prtnrId - softonic FF - user.js: extensions.Softonic.prdct - Softonic FF - user.js: extensions.Softonic.aflt - SD FF - user.js: extensions.Softonic_i.smplGrp - none FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive FF - user.js: extensions.Softonic.instlRef - INF00047 FF - user.js: extensions.Softonic.dfltLng - nl FF - user.js: extensions.Softonic.excTlbr - false FF - user.js: extensions.Softonic.admin - false . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) Toolbar-!{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file) Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-10 - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\synaptics\syntp\syntpenh.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\SetId\Internal] @Denied: (A 2) (LocalSystem) "DEVICE2"="vaaur8rPygA=" "DATA2"="<settings accountStatus=\"4\" oldDevice=\"\" timeDiff=\"1106312873\" expireTime=\"1309830893\" productStatus=\"1\" obSize=\"2\" InstallTS=\"1289332796\" isSubsc=\"0\" authStat_ts=\"0\" version=\"14.1\" keyType=\"194\" prodId=\"1\" moduleId1=\"7\" moduleId2=\"10\" relType=\"1\" />" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-31 11:21:59 - machine werd herstart ComboFix-quarantined-files.txt 2012-12-31 10:21 . Pre-Run: 84.394.704.896 bytes beschikbaar Post-Run: 84.212.719.616 bytes beschikbaar . - - End Of File - - D09B306A0EAC933123F4101BB33FF336 HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:26:29, on 31/12/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16438) Boot mode: Normal Running processes: D:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\David\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\David\AppData\Local\Akamai\netsession_win.exe D:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Bitdefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - !{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file) O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe O4 - HKLM\..\Run: [OpwareSE4] c:\program files (x86)\scansoft\omnipagese4\opwarese4.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\David\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - D:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\Program Files\BitDefender\BitDefender 2011\vsserv.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10872 bytes

Hey kape, KW, Kunnen jullie dit logje van men collega eens checken aub? MBAM Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free anti-malware download Databaseversie: v2012.12.31.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16439 David :: DAVID-PC [administrator] 31/12/2012 8:26:23 mbam-log-2012-12-31 (08-26-23).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 231197 Verstreken tijd: 10 minuut/minuten, 3 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 7 HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 2 C:\Program Files (x86)\LiveVDO.tv plugin\ssBarLcher.dll (PUP.VShareRedir) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Downloads\installer_paint_net.exe (PUP.Adbundler) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:55:38, on 31/12/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16438) Boot mode: Normal Running processes: D:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe C:\Program Files (x86)\ExpressFiles\EFUpdater.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Users\David\AppData\Local\Akamai\netsession_win.exe C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe D:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\QuickTime\qttask.exe C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Users\David\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=46b1e7f4-84b4-4929-a286-f58125491d4a&searchtype=ds&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=46b1e7f4-84b4-4929-a286-f58125491d4a&searchtype=ds&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=BE&userid=46b1e7f4-84b4-4929-a286-f58125491d4a&searchtype=ds&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: Bitdefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll O3 - Toolbar: (no name) - {2c892d6f-fd96-4a77-9aac-d4564543e627} - (no file) O3 - Toolbar: (no name) - {77f8c945-4b74-4bd6-a073-e0d1997edce8} - (no file) O3 - Toolbar: (no name) - !{2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: (no name) - !{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - (no file) O3 - Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file) O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe O4 - HKLM\..\Run: [OpwareSE4] c:\program files (x86)\scansoft\omnipagese4\opwarese4.exe O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\David\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\David\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - D:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\Program Files\BitDefender\BitDefender 2011\vsserv.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12038 bytes

Dag AnnaSophia, We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem. 1. Download HijackThis. (klik er op) Klik op HijackThis.msi en de download start automatisch na 5 seconden. Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren". Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden. 2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!) Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog". Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets. Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets. Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier) 3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces. Tip! Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Zorg er in ieder geval voor dat alle updates op je computer geïnstalleerd staan. Zo heb je bijvoorbeeld nog Service pack 2 voor Vista en vermoedelijk nog wel enkele andere te installeren. Ook andere software zoals Java en Flashplayer enz. dienen steeds up to date te zijn. Steeds zorgen dat alles up to date is, is heel belangrijk in het vermijden van malware op je systeem.

Dat is heel goed nieuws alvast!! Het best hou je het met 1 virusscanner. AVG of MSE. Meerdere virusscanners op je computer kan deze sterk vertragen of zelfs instabiel maken. Omdat MSE over het algemeen heel zwak scoort, zou ik je aanraden om deze van je systeem te verwijderen. Mbam mag je gerus houden als second opinion om af en toe eens mee te scannen. We gaan toch proberen om een HJT logje aan te maken. Dan kunnen onze malware experts nakijken of dat je systeem nu volledig clean is. Bij deze melding mag je gewoon op OK klikken. Indien het niet lukt om via de snelkoppeling als administrator uit te voeren ga dan via je verkenner naar de map: C:\Program Files\Trend Micro\HijackThis of C:\Program Files (x86)\Trend Micro\HijackThis. Klik daar met de rechtermuisknop op HijackThis in het rechterdeelvenster en kies "als administrator uitvoeren".

Dag Lammie51, Hoe ver sta je met je probleem?

Dag Sjakiee, Downloaden van Illegale Windows 7 is een schending van de wetgeving op het copyright. Als forum mogen/willen/kunnen we hier geen hulp aanbieden om zelf niet in problemen te komen. In deze handleiding wordt uitgelegd hoe je een recovery uitvoert van het toestel. De (Engelstalige) uitleg hiervan kan je terugvinden in Chapter 4.

Indien je Comodo niet verwijderd krijgt kan je altijd eens REVO uninstaller (klik erop) proberen. Handleiding in bijlage. HANDLEIDING REVO UNINSTALLER.pdf

Dat is inderdaad de juiste procedure.

Dag lauralief, welkom op PCH! Het kan zijn dat jou account "gephished" is. Soms maken spammers nep pagina's die lijken op de Facebook loginpagina. Wanneer je op een van deze pagina's je email en wachtwoord invoert, worden deze gegevens door de spammer bijgehouden. Wanneer iemand "gephished" is geweest, zal hun account vaak beginnen met het automatisch verzenden van berichten of koppelingen naar een groot aantal van hun vrienden. Deze berichten of links zijn vaak advertenties die je vrienden vertellen om video's of producten te controleren. Wanneer je account dus na 24u terug wordt vrijgegeven, dien je best onmiddelijk je paswoord te veranderen. Een handige gratis Facebook applicatie die dergelijke spam ook tegenhoud is Bitdefender Safego. Ondertussen zullen we ook eens nagaan of er geen malware op je computer staat: 1. Download HijackThis. (klik er op) Klik op HijackThis.msi en de download start automatisch na 5 seconden. Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren". Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden. 2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!) Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog". Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets. Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets. Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier) 3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces. Tip! Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Heb je al systeemherstel geprobeerd en is dat mislukt? Of bedoel je dat je geen herstelpunten hebt? Probeer eens op te starten met de USB van Kaspersky: 1. Download de onderstaande ISO en bijbehorende utility. Kaspersky Rescue Disk (ISO) rescue2usb.exe 2. Kaspersky Rescue USB stick maken Dubbelklik op rescue2usb.exe, dit is een Winrar self-extracting archive. Klik op "Install" en de Kaspersky Rescue Disk maker zal gestart worden. Klik op "Browse" en selecteer de gedownloade Kaspersky Rescue Disk (ISO) en klik op "Openen" Kies bij "USB Medium:" de gebruikte USB stick, als deze niet standaard is geselecteerd. Klik nu op "Start" en de benodigde bestanden vanuit de ISO zullen naar de USB stick worden gekopieerd. Als het kopiëren gereed is zal u de volgende melding krijgen; 'Kaspersky USB Rescue Disk has been succesfully created'. Klik in dit scherm op "OK" en sluit de Kaspersky Rescue Disk maker.

Beste maxkoning, Wij hebben uw discussie gesloten wegens het vermoeden van illegale praktijken. Downloaden van torrents is een schending van de wetgeving op het copyright. Als forum mogen/willen/kunnen we hier geen hulp aanbieden om zelf niet in problemen te komen. Vriendelijke groeten, Jion

Dag raoulb, welkom op PCH! Download op een andere niet geïnfecteerde computer de Kaspersky Rescue CD en sla deze op je bureaublad op. Download daarna IMG Burn en sla deze op je bureaublad op en installeer deze. Start "IMG burn" en klik op "Write image file to disc" Selecteer het image bestand van de Kaspersky Rescue CD en klik op de knop "Write". Stop de Kaspersky Rescue CD, in de besmette PC. Start die PC opnieuw op. Druk op F11 en selecteer dan het cdrom station om het rescue systeem van Kaspersky te starten. Bij “Press any key to enter the menu” druk je op gelijk welke toets om het menu van de Kaspersky Rescue CD te openen. · Kies in het volgende scherm de optie "Kaspersky Rescue Disk - Grafische modus" en druk op enter. · Druk hierna op "A" of op “1” om de licentie overeenkomst te accepteren. Als de computer is opgestart van de Kaspersky Rescue CD klik dan op de start (KDE) knop in de taakbalk en klik op "Terminal" Geef in de terminal het commando windowsunlocker op gevolgd door enter. Via de terminal zullen nu de registerwaarden die door de ransomware infectie zijn aangemaakt hersteld worden. In het rode kader hieronder kunt u zien dat de registerwaarden zijn hersteld. Herstart de computer.

Dag Shkipper, welkom op PCH! Voer alvast het volgende uit: 1. Download HijackThis. (klik er op) Klik op HijackThis.msi en de download start automatisch na 5 seconden. Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren". Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst. Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden. Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map. De logjes kan je dan ook in die map terugvinden. 2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!) Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog". Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets. Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets. Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier) 3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces. Tip! Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.