denzel1990

Ik was op vakantie. Dus hierbij pas het logje. ComboFix 13-02-23.01 - Ellen 24-02-2013 12:11:52.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3071.1688 [GMT 1:00] Gestart vanuit: c:\users\Ellen\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-01-24 to 2013-02-24 )))))))))))))))))))))))))))))) . . 2013-02-24 11:20 . 2013-02-24 11:20 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-24 11:20 . 2013-02-24 11:21 -------- d-----w- c:\users\Ellen\AppData\Local\temp 2013-02-24 11:20 . 2013-02-24 11:20 -------- d-----w- c:\users\Marcha\AppData\Local\temp 2013-02-24 11:20 . 2013-02-24 11:20 -------- d-----w- c:\users\Gast\AppData\Local\temp 2013-02-24 11:20 . 2013-02-24 11:20 -------- d-----w- c:\users\Everhardus\AppData\Local\temp 2013-02-24 11:20 . 2013-02-24 11:20 -------- d-----w- c:\users\Erwin\AppData\Local\temp 2013-02-24 11:14 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA1FE6C8-32E7-48D5-976F-D7D757E504FA}\mpengine.dll 2013-02-06 10:35 . 2013-02-06 10:35 388096 ----a-r- c:\users\Ellen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-02-05 21:50 . 2013-02-05 21:50 -------- d-----w- c:\programdata\Auslogics 2013-02-05 18:51 . 2013-02-05 18:51 -------- d-----w- c:\program files\Microsoft Synchronization Services 2013-02-05 18:50 . 2013-02-05 18:50 -------- d-----w- c:\program files\Microsoft Sync Framework 2013-02-05 18:48 . 2013-02-05 18:48 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2013-02-05 18:47 . 2013-02-05 18:47 -------- d-----w- c:\program files\Microsoft Analysis Services 2013-02-05 18:45 . 2013-02-05 18:45 -------- d-----w- c:\users\Ellen\AppData\Local\Microsoft Help 2013-02-05 18:44 . 2013-02-05 18:44 -------- d-----r- C:\MSOCache 2013-02-05 18:41 . 2013-02-05 18:41 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-02-05 18:40 . 2013-02-06 10:14 -------- d-----w- c:\users\Ellen\AppData\Roaming\DAEMON Tools Lite 2013-02-05 18:39 . 2013-02-05 18:42 -------- d-----w- c:\programdata\DAEMON Tools Lite 2013-02-05 17:59 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-05 17:56 . 2013-02-06 10:14 -------- d-----w- c:\users\Ellen\AppData\Roaming\uTorrent . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-11 14:19 . 2012-04-22 15:23 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-11 14:19 . 2011-09-23 07:54 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-17 00:28 . 2009-10-03 09:33 232336 ------w- c:\windows\system32\MpSigStub.exe 2012-12-16 13:12 . 2012-12-31 00:29 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 10:50 . 2012-12-31 00:29 293376 ----a-w- c:\windows\system32\atmfd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-03-31 2221352] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S1 A2DDA;A2 Direct Disk Access Support Driver;d:\downloads\EmsisoftEmergencyKit\Run\a2ddax86.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] 2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll . Inhoud van de 'Gedeelde Taken' map . 2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 14:19] . 2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 15:13] . 2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 15:13] . 2013-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864024636-4092942703-1986771297-1001Core.job - c:\users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-24 13:32] . 2013-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864024636-4092942703-1986771297-1001UA.job - c:\users\Ellen\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-24 13:32] . 2011-03-23 c:\windows\Tasks\User_Feed_Synchronization-{1C2F6FF8-A04F-4B04-90F4-D8DE9355B614}.job - c:\windows\system32\msfeedssync.exe [2013-02-13 08:45] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://webmail.hanze.nl/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Ellen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 212.45.33.3 . - - - - ORPHANS VERWIJDERD - - - - . SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-02-24 12:21 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2013-02-24 12:23:14 ComboFix-quarantined-files.txt 2013-02-24 11:23 . Pre-Run: 2.482.585.600 bytes beschikbaar Post-Run: 2.635.165.696 bytes beschikbaar . - - End Of File - - 3D2E659416BAD3AA2B595EBFCB3A74E9

hierbij het hijack this log. heb de items verwijdert die jij genoemd hebt. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:01:14, on 7-2-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19393) Boot mode: Normal Running processes: D:\Progam Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Ellen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe D:\Progam Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PC Helpforum - Gratis hulp bij computer problemen R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.hanze.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PC Helpforum - Gratis hulp bij computer problemen R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Progam Files\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Progam Files\bin\jp2ssv.dll O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ellen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Google Updateservice (gupdate1c9950031d30f40) (gupdate1c9950031d30f40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Progam Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Progam Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Scrybe-updateprogramma (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 9750 bytes malware bytes logje komt nog, maar die kon de vorige keer ook al niks vinden. Zal hem voor de zekerheid nog een keer volledig voor je scannen.

Vorige keer ben ik hier erg goed geholpen. Bedankt nog daarvoor. Nu heb ik een nieuw geval. PC was erg traag, heb handmatig wat rare programma's verwijdert. Dit hielp al een stuk. Verder met malware bytes en emsisoft emergency kit, het een en ander verwijdert. Die laatste geeft nog steeds 4 register infecties aan die die niet kan verwijderen, ook is de pc nog altijd erg langzaam. Hijack this log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:37:53, on 6-2-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.19393) Boot mode: Normal Running processes: D:\Progam Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskeng.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Ellen\AppData\Local\Google\Chrome\Application\chrome.exe D:\Progam Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\Taskmgr.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PC Helpforum - Gratis hulp bij computer problemen R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.hanze.nl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = PC Helpforum - Gratis hulp bij computer problemen R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59293 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Progam Files\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Progam Files\bin\jp2ssv.dll O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ellen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - http://gfx1.hotmail.com/mail/w4/m3/photouploadcontrol/VistaMSNPUpldnl-nl.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: Google Updateservice (gupdate1c9950031d30f40) (gupdate1c9950031d30f40) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Progam Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - D:\Progam Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Scrybe-updateprogramma (ScrybeUpdater) - Synaptics, Inc. - C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 9800 bytes Emsisoft emergency kit log: - - - Updated - - - Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 5-2-2013 22:57:12 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 5-2-2013 22:57:39 Key: hkey_users\s-1-5-21-1864024636-4092942703-1986771297-1002\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531} Ontdekt: Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-1864024636-4092942703-1986771297-1003\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531} Ontdekt: Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-1864024636-4092942703-1986771297-1002\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531}\iexplore Ontdekt: Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-1864024636-4092942703-1986771297-1003\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531}\iexplore Ontdekt: Trace.Registry.GetStyles (A) Gescand 516503 Gevonden 4 Scan geëindigd: 6-2-2013 1:18:52 Scantijd: 2:21:13 Key: hkey_users\s-1-5-21-1864024636-4092942703-1986771297-1002\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531} Verwijderd Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-1864024636-4092942703-1986771297-1003\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531} Verwijderd Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-1864024636-4092942703-1986771297-1002\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531}\iexplore Verwijderd Trace.Registry.GetStyles (A) Key: hkey_users\s-1-5-21-1864024636-4092942703-1986771297-1003\software\microsoft\windows\currentversion\ext\stats\{963b125b-8b21-49a2-a3a8-e37092276531}\iexplore Verwijderd Trace.Registry.GetStyles (A) Verwijderd 4 hierbij het emsisoft logje. Alvast heel erg bedankt!

Emsisoft Emergency Kit - Versie 3.0 Laatste Update: 29-1-2013 22:46:12 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\ Detecteer riskware: Uit Scan archieven: Aan ADS Scan: Aan Bestandsextensiefilter: Uit Geavanceerde cache: Aan Directe schijftoegang: Uit Scan gestart: 29-1-2013 22:48:35 C:\Users\Gebruiker\AppData\Roaming\mod Ontdekt: Trace.File.BtcMiner (A) C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FV6WKB3\main[1].txt Ontdekt: Trojan.Generic.KD.835562 ( C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4eaefb5b-7a62b1ec Ontdekt: Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\42237e29-6ae86a03 -> bagdfssdb.class Ontdekt: Exploit.Java.CVE-2012-5076.A ( C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\42237e29-6ae86a03 -> bagdfssda.class Ontdekt: Exploit.Java.CVE-2012-5076.A ( C:\Users\Gebruiker\AppData\Roaming\3fea2c38b3de1919.exe Ontdekt: Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\Roaming\3fec7ffa3b25864c.exe Ontdekt: Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\Roaming\afs.exe Ontdekt: Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\Roaming\anb.exe Ontdekt: Gen:Variant.Zusy.33475 ( C:\Users\Gebruiker\AppData\Roaming\pa.exe Ontdekt: Gen:Variant.Symmi.6431 ( C:\Users\Gebruiker\AppData\Roaming\sidebars.exe Ontdekt: Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\Desktop\MapleStory\HaRepacker 3.3\HaRepacker 3.3\HaRepacker.exe Ontdekt: Gen:Variant.Kazy.137229 ( C:\Users\Gebruiker\Desktop\MapleStory\Hope Pack\TO MOVE\moby_host.exe Ontdekt: Gen:Trojan.Heur.JP.emW@aW5f0Aoi ( C:\Users\Gebruiker\Desktop\MapleStory\moby_host.exe Ontdekt: Gen:Trojan.Heur.JP.emW@aW5f0Aoi ( C:\Users\Gebruiker\Documents\moby_host.exe Ontdekt: Gen:Trojan.Heur.JP.emW@aW5f0Aoi ( C:\Users\Gebruiker\Documents\moby_host_xp.exe Ontdekt: Gen:Trojan.Heur.JP.emW@aakbtufi ( C:\Users\Gebruiker\Documents\Windows\audiofilter.exe Ontdekt: Trojan.Generic.KD.835562 ( C:\Users\Gebruiker\Documents\Windows\miner.dll Ontdekt: Trojan.Generic.KD.837374 ( C:\Users\Gebruiker\Music\Brace Ft Mitta - Wat Wij Willen Zien.wma Ontdekt: Trojan.Generic.IS.614071 ( Gescand 437191 Gevonden 19 Scan geëindigd: 29-1-2013 23:34:04 Scantijd: 0:45:29 C:\Users\Gebruiker\Music\Brace Ft Mitta - Wat Wij Willen Zien.wma Verwijderd Trojan.Generic.IS.614071 ( C:\Users\Gebruiker\Documents\Windows\miner.dll Verwijderd Trojan.Generic.KD.837374 ( C:\Users\Gebruiker\Documents\moby_host_xp.exe Verwijderd Gen:Trojan.Heur.JP.emW@aakbtufi ( C:\Users\Gebruiker\Desktop\MapleStory\Hope Pack\TO MOVE\moby_host.exe Verwijderd Gen:Trojan.Heur.JP.emW@aW5f0Aoi ( C:\Users\Gebruiker\Desktop\MapleStory\moby_host.exe Verwijderd Gen:Trojan.Heur.JP.emW@aW5f0Aoi ( C:\Users\Gebruiker\Documents\moby_host.exe Verwijderd Gen:Trojan.Heur.JP.emW@aW5f0Aoi ( C:\Users\Gebruiker\Desktop\MapleStory\HaRepacker 3.3\HaRepacker 3.3\HaRepacker.exe Verwijderd Gen:Variant.Kazy.137229 ( C:\Users\Gebruiker\AppData\Roaming\pa.exe Verwijderd Gen:Variant.Symmi.6431 ( C:\Users\Gebruiker\AppData\Roaming\anb.exe Verwijderd Gen:Variant.Zusy.33475 ( C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\42237e29-6ae86a03 -> bagdfssdb.class Verwijderd Exploit.Java.CVE-2012-5076.A ( C:\Users\Gebruiker\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\4eaefb5b-7a62b1ec Verwijderd Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\Roaming\3fea2c38b3de1919.exe Verwijderd Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\Roaming\3fec7ffa3b25864c.exe Verwijderd Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\Roaming\afs.exe Verwijderd Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\Roaming\sidebars.exe Verwijderd Trojan.Generic.KDV.829319 ( C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5FV6WKB3\main[1].txt Verwijderd Trojan.Generic.KD.835562 ( C:\Users\Gebruiker\Documents\Windows\audiofilter.exe Verwijderd Trojan.Generic.KD.835562 ( Verwijderd 17 2 bleven er zitten. Ga hem nu opnieuw opstarten. Net nog ff snel een flashscan gedaan malware anti bytes en vond er nog 7.

Bedankt voor je hulp! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:11:33, on 29-1-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe C:\Users\Gebruiker\AppData\Local\Temp\BioCredProv.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe C:\Users\Gebruiker\AppData\Roaming\afs.exe C:\Windows\SysWOW64\conime.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Templates\authz.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer O4 - HKCU\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [Authorization Framework] C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Templates\authz.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11311 bytes ze zijn er nog steeds.

Een tijd geen virus scanner gebruikt. PC was niet meer te gebruiken. Gescanned met malware bites en 96 virussen verwijdert. Er zijn er 4 over die ik niet weg krijg. Ook niet in veilige modus. Dit is het hijack this log wat ik net gemaakt heb: 2 trojan agents, 1 stolen.data, malware.trace. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:14:57, on 29-1-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe C:\Users\Gebruiker\AppData\Local\Temp\BioCredProv.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe C:\Users\Gebruiker\AppData\Roaming\afs.exe C:\Users\Gebruiker\AppData\Roaming\afs.exe C:\Windows\SysWOW64\conime.exe C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Templates\authz.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = blekko | spam-free search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DFXAudioPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\Direct3DVideoOutput.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DirectSoundAudioOutput.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAACDecode.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXAVCDecode.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXDeinterlaceFilter.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DSEPlugins\DivXPlaybackModule.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer O4 - HKLM\..\RunOnce: "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer O4 - HKCU\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKCU\..\Run: [ahz] C:\Users\Gebruiker\AppData\Roaming\afs.exe O4 - HKCU\..\Run: [anc] C:\Users\Gebruiker\AppData\Roaming\anb.exe O4 - HKCU\..\Run: [anb] C:\Users\Gebruiker\AppData\Roaming\apc.exe O4 - HKCU\..\Run: [Authorization Framework] C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Templates\authz.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12774 bytes iemand een idee hoe dit opgelost kan worden.