senne

ik had hem al her opgestart hoor

ik denk dat ik eraf blijf in't vervolg

ik heb mijn pc moeten terug zetten met systeem herstel alles liep vlot combofix deed wat hij moest maar ik kon niet kiezen waar ik combofix opsloeg hij starte gewoon nadat combofix klaar was met alles en opnieuw opgestart was had ik geen internet meer niet met IE,firefox of crome geen email meer geen enkel programma meer er kwam een foutmelding op dat er een bewerking uitgevoerd werd op een rigistersleutel die die aangesteld was voor verwijderen gelukkig heb ik systeem herstel hunnen uitvoeren oef nu ben ik toch geschrokken whe anders had mijn vrouw mij vermoord ! en ik mezelf ook !

Malwarebytes Anti-Malware 1.62.0.1300 Malwarebytes : Free anti-malware download Databaseversie: v2012.08.20.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 senne&cindy :: SENNECINDYPC [administrator] Realtime bescherming: Ingeschakeld 20/08/2012 12:11:23 mbam-log-2012-08-20 (12-11-23).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 195900 Verstreken tijd: 3 minuut/minuten, 19 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

dit is het logje Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:08:01, on 20/08/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\ProjectsWithLove\ServeToMe\ServeToMe.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Users\senne&cindy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\senne&cindy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\senne&cindy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\senne&cindy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\senne&cindy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\senne&cindy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\senne&cindy\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\senne&cindy\Downloads\HijackThis (1).exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\senne&cindy\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: ServeToMe.lnk = ? O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\senne&cindy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (no file) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (no file) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Belkin Local Backup Service - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe O23 - Service: Belkin Network USB Helper - Unknown owner - C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServeToMe-Service - ProjectsWithLove - C:\Program Files (x86)\ProjectsWithLove\ServeToMe\ServeToMe-Service.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14002 bytes dit kwam er ook op toen ik het starte :

http://www.pc-helpforum.be/f182/babylon-search-nieuw-tabblad-verwijderen-38125/ deze oplossing had ik gevonden mag ik dit alles ook doen of is deze oplossing voor iedere pc anders sorry dat ik het zo onduidelijk had geformuleerd é

als ik google crome opstart dan opent babylon search ook nu heb ik gezocht op jullie site en een oplossing gevonden maar mijn vraag is mag IK exact hetzelfde doen of assisteren jullie liever zodat ik niets fout doe graag jullie hulp groetjes senne dank bij voorbaat

ik wil jullie allen in elk geval heel hartelijk bedanken voor alles dag en nacht staan jullie paraat !!!!! mocht iedereen zich zo inzetten voor hun werk zou een mooie wereld zijn xD groetjes aan allen, SENNE

nu alles ok hoor ik heb nu ook comodo en avast geinstalleerd wat denken jullie ziet het er goed uit kan ik nog iets verbeteren aan de pc op wat moet ik letten dat van die keygen daar heb je wel een punt dat is een programma dat mijn vrouw nodig heeft voor haar fotobewerking ze geeft daar les in dus ja maar is anders alles in orde ?

waarom reageert er niemand meer ?????? is er iets mis??????

Emsisoft Emergency Kit - Versie 1.0 Laatste Update: 3/19/2012 8:34:08 AM Scaninstellingen: Scantype: Diepe Scan Objecten: Geheugen, Sporen, Cookies, C:\, D:\, I:\ Scan archieven: Aan Heuristieken: Uit ADS Scan: Aan Scan gestart: 3/19/2012 8:36:41 AM C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:41 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:229 Ontdekt: Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:3260 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:4736 Ontdekt: Trace.TrackingCookie.doubleclick.net!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5014 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5017 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5062 Ontdekt: Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5695 Ontdekt: Trace.TrackingCookie.server.iad.livepers!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5878 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6196 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6197 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6832 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6977 Ontdekt: Trace.TrackingCookie.adbrite.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7049 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7050 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7051 Ontdekt: Trace.TrackingCookie.casalemedia.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7647 Ontdekt: Trace.TrackingCookie.stat.onestat!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7827 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7828 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7829 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7830 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7831 Ontdekt: Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7875 Ontdekt: Trace.TrackingCookie.m.webtrends.com!A2 C:\Backup My Data\senne&cindy\AppData\Local\Temp\NwgJJtWO6kcPQW.exe.tmp Ontdekt: Trojan.Win32.FakeSysdef!IK C:\Backup My Data\senne&cindy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60551be-4768063a/tttqcmffcjqsyb\ljmdclkbhcdgcf.class Ontdekt: JAVA.Agent!IK C:\Backup My Data\senne&cindy\AppData\Roaming\uTorrent\PSP X2 Version 12.00\Keygen.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK I:\System Volume Information\_restore{211E2C15-D10B-42EC-85F4-3BDB542B19C2}\RP203\A0074296.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK I:\senne's map\Map allerlei\Unzipped\zwtcpspx\zwt.rar/Keygen.exe Ontdekt: Riskware.Keygen.Corel!IK I:\senne's map\Map allerlei\Unzipped\zip\Keygen.exe Ontdekt: Riskware.Keygen.Corel!IK I:\senne's map\Map allerlei\Unzipped\zip\zwtcpspx.zip/Keygen.exe Ontdekt: Riskware.Keygen.Corel!IK I:\Program Files\Corel\corel + keygen\Keygen.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK I:\Program Files\Corel\corel + keygen\Corel PaintShop Pro X2 V-12 FULLVERSION\Keygen.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK I:\cindy's map\Psp corels voor lore\PSP X2 Version 12.00\Keygen.exe Ontdekt: Riskware.Keygen.PaintShopPro!IK Gescand Bestanden: 1016570 Sporen: 405875 Cookies: 752 Processen: 53 Gevonden Bestanden: 11 Sporen: 0 Cookies: 27 Processen: 0 Registersleutels: 0 Scan Geëindigd: 3/20/2012 9:17:21 AM Scantijd: 0:40:40 I:\senne's map\Map allerlei\Unzipped\zwtcpspx\zwt.rar/Keygen.exe Verwijderd Riskware.Keygen.Corel!IK I:\senne's map\Map allerlei\Unzipped\zip\Keygen.exe Verwijderd Riskware.Keygen.Corel!IK I:\senne's map\Map allerlei\Unzipped\zip\zwtcpspx.zip/Keygen.exe Verwijderd Riskware.Keygen.Corel!IK C:\Backup My Data\senne&cindy\AppData\Roaming\uTorrent\PSP X2 Version 12.00\Keygen.exe Verwijderd Riskware.Keygen.PaintShopPro!IK I:\System Volume Information\_restore{211E2C15-D10B-42EC-85F4-3BDB542B19C2}\RP203\A0074296.exe Verwijderd Riskware.Keygen.PaintShopPro!IK I:\Program Files\Corel\corel + keygen\Keygen.exe Verwijderd Riskware.Keygen.PaintShopPro!IK I:\Program Files\Corel\corel + keygen\Corel PaintShop Pro X2 V-12 FULLVERSION\Keygen.exe Verwijderd Riskware.Keygen.PaintShopPro!IK I:\cindy's map\Psp corels voor lore\PSP X2 Version 12.00\Keygen.exe Verwijderd Riskware.Keygen.PaintShopPro!IK C:\Backup My Data\senne&cindy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\60551be-4768063a/tttqcmffcjqsyb\ljmdclkbhcdgcf.class Verwijderd JAVA.Agent!IK C:\Backup My Data\senne&cindy\AppData\Local\Temp\NwgJJtWO6kcPQW.exe.tmp Verwijderd Trojan.Win32.FakeSysdef!IK C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7875 Verwijderd Trace.TrackingCookie.m.webtrends.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7049 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7050 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7051 Verwijderd Trace.TrackingCookie.casalemedia.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6832 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6977 Verwijderd Trace.TrackingCookie.adbrite.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6196 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:6197 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7647 Verwijderd Trace.TrackingCookie.stat.onestat!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5878 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7828 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:7831 Verwijderd Trace.TrackingCookie.ad.yieldmanager.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5695 Verwijderd Trace.TrackingCookie.server.iad.livepers!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:3260 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5014 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5017 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:5062 Verwijderd Trace.TrackingCookie.www.googleadservices.com!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:229 Verwijderd Trace.TrackingCookie.statse.webtrendslive!A2 C:\Users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\cookies.sqlite:41 Verwijderd Trace.TrackingCookie.doubleclick.net!A2 Verwijderd Bestanden: 10 Sporen: 0 Cookies: 31 deze kunnen niet verwijderd worden zegt hij is dit erg: [ATTACH=CONFIG]17250[/ATTACH][ATTACH=CONFIG]17251[/ATTACH]

ComboFix 12-03-17.01 - senne&cindy 18/03/2012 22:46:49.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4078.2393 [GMT 1:00] Gestart vanuit: c:\users\senne&cindy\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-18 to 2012-03-18 )))))))))))))))))))))))))))))) . . 2012-03-18 21:51 . 2012-03-18 21:51 -------- d-----w- c:\users\judith\AppData\Local\temp 2012-03-18 21:51 . 2012-03-18 21:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-18 15:33 . 2012-03-18 15:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-18 15:33 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-18 15:13 . 2012-03-18 15:13 61440 ----a-w- c:\windows\SysWow64\drivers\eckiln.sys 2012-03-18 14:55 . 2012-03-18 14:55 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2012-03-18 14:14 . 2012-03-18 15:13 266 ----a-w- C:\avexport.bat 2012-03-18 14:14 . 2012-03-18 14:14 61440 ----a-w- c:\windows\SysWow64\drivers\fqmmcypo.sys 2012-03-18 14:11 . 2012-03-18 14:11 -------- d-----w- c:\program files (x86)\Phpnuke Downloader 2012-03-18 13:38 . 2012-03-18 14:19 -------- d-----w- c:\programdata\CPA_VA 2012-03-18 13:30 . 2012-03-07 00:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-18 13:30 . 2012-03-07 00:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-18 13:30 . 2012-03-07 00:15 258520 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-18 13:30 . 2012-03-07 00:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-18 13:30 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-03-18 13:30 . 2012-03-07 00:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-18 13:30 . 2012-03-07 00:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-18 13:29 . 2012-03-07 00:15 41184 ----a-w- c:\windows\avastSS.scr 2012-03-18 13:29 . 2012-03-07 00:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-03-18 13:29 . 2012-03-18 13:29 -------- d-----w- c:\programdata\AVAST Software 2012-03-18 13:29 . 2012-03-18 13:29 -------- d-----w- c:\program files\AVAST Software 2012-03-18 13:22 . 2012-03-18 17:52 -------- d-----w- c:\programdata\Comodo 2012-03-18 13:22 . 2012-03-18 13:22 -------- d-----w- c:\program files\COMODO 2012-03-18 13:22 . 2012-03-18 13:22 -------- d-----w- c:\program files (x86)\Comodo 2012-03-18 13:22 . 2012-03-18 13:22 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-03-15 16:18 . 2012-03-15 16:18 -------- d-----w- c:\program files\Speccy 2012-03-13 21:36 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-13 21:36 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-13 21:36 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-13 20:38 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 20:38 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-13 20:38 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 17:40 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 17:40 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-13 17:40 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 17:40 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 17:40 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 17:40 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 17:40 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 06:54 . 2012-03-13 06:54 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2012-03-13 06:54 . 2012-03-13 06:54 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2012-03-12 13:06 . 2012-03-12 13:06 -------- d-----w- c:\programdata\Malwarebytes 2012-03-11 20:53 . 2012-03-16 11:28 4076 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys 2012-03-11 20:53 . 2012-03-11 20:53 88 --sh--r- c:\windows\SysWow64\D8BBC2F9FB.sys 2012-03-11 20:51 . 2012-03-11 20:51 -------- d-----w- c:\windows\SysWow64\Spool 2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll 2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll 2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll 2012-03-11 19:22 . 2012-03-11 19:22 -------- d-----w- c:\program files (x86)\Trend Micro 2012-03-09 21:33 . 2010-08-26 08:32 98696 ----a-w- c:\windows\SysWow64\setupprwdrv03.exe 2012-03-09 21:33 . 2010-08-26 08:32 96648 ----a-w- c:\windows\system32\setupprwdrvx64.exe 2012-03-09 21:33 . 2010-08-25 18:39 16776 ----a-w- c:\windows\system32\prwntdrv.sys 2012-03-09 21:33 . 2010-08-25 18:39 13704 ----a-w- c:\windows\SysWow64\prwntdrv.sys 2012-03-08 09:25 . 2012-03-08 09:25 -------- d-----w- c:\windows\SysWow64\Wat 2012-03-08 09:25 . 2012-03-08 09:25 -------- d-----w- c:\windows\system32\Wat 2012-03-08 08:36 . 2012-03-13 19:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-08 08:36 . 2012-03-08 08:36 -------- d-----w- c:\windows\system32\Macromed 2012-03-08 08:18 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-03-07 20:49 . 2012-03-09 21:33 -------- d-----w- c:\program files (x86)\EASEUS 2012-03-07 07:07 . 2012-03-07 07:07 -------- d-----w- c:\program files (x86)\GetData 2012-03-07 06:55 . 2012-03-07 06:55 -------- d-----w- C:\recuva teruggehaalde bestanden 2012-03-07 06:49 . 2012-03-07 06:49 -------- d-----w- c:\program files\Recuva 2012-03-07 00:45 . 2012-03-07 00:45 -------- d-----w- c:\program files (x86)\uTorrent 2012-03-06 22:58 . 2012-03-06 22:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2012-03-06 22:20 . 2012-03-06 22:20 -------- d-----w- c:\programdata\Medion Reminder 2012-03-06 22:19 . 2012-03-06 22:19 -------- d-----w- c:\users\senne&cindy 2012-03-06 22:15 . 2012-03-06 22:15 -------- d-----w- c:\program files\PlayReady 2012-03-06 22:14 . 2012-03-11 20:52 -------- d-----w- c:\program files (x86)\Common Files\Corel 2012-03-06 22:14 . 2012-03-06 22:14 -------- d-----w- c:\program files (x86)\Common Files\Protexis 2012-03-06 22:14 . 2012-03-06 22:14 -------- d-----w- c:\programdata\Corel 2012-03-06 22:12 . 2012-03-11 20:51 -------- d-----w- c:\program files (x86)\Corel 2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\programdata\Partner 2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\program files\Google 2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\program files (x86)\Google 2012-03-06 22:09 . 2012-03-06 22:09 -------- d-sh--we C:\Documents and Settings 2012-03-06 22:09 . 2012-03-06 22:09 -------- d-----w- C:\Recovery . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-06 23:01 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-02-03 18:27 . 2012-02-03 18:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384] "COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304] "CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 136176] R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2012-03-06 332272] R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-11 2656280] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 22:11] . 2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 22:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2012-03-06 22:11 750064 ----a-w- c:\programdata\Partner\Partner64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568] "MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-03-12 443688] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-03-12 443688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_Dlls"=0x1 "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.zita.be/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube to MP3 Converter - c:\users\senne&cindy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 195.130.131.133 195.130.130.5 FF - ProfilePath - c:\users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\ FF - prefs.js: browser.startup.homepage - Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-18 22:53:00 ComboFix-quarantined-files.txt 2012-03-18 21:53 . Pre-Run: 1.256.920.367.104 bytes beschikbaar Post-Run: 1.256.630.054.912 bytes beschikbaar . - - End Of File - - 3E8F269A4EAACA8993C035510A3A6DEA

het logje heb ik per ongeluk gesloten maar dit komt er weer op:

ik heb op annuleren gedrukt en het is weg nu toch

wat moet ik hiermee ik heb avast geinstalleerd en commodo ////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Platform: Windows NT 6.1 (build 7601, Service Pack 1) Sun Mar 18 15:14:57 2012 15:14:40: Error: Invalid registry syntax in command: "{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}" Only registry keys under the HKEY_LOCAL_MACHINE hive are accessible to this program. Skipping line. (Registry key deletion mode) //////////////////////////////////////////

het blijft hetzelfde hoor hij blijft zeggen dat de naam verkeerd geschreven is ---------- Post toegevoegd om 10:29 ---------- Vorige post was om 10:26 ---------- en hij plaatst combofix automatisch in de map downloads hoor

ach zo oei sorry dacht dat het ik het juist had gedaan ga het direct proberen zi ---------- Post toegevoegd om 11:31 ---------- Vorige post was om 11:25 ---------- ik heb het scriptje naar de map downloads gezet maar het lukt nog niet hoor

het is zo geschreven ik heb het een aantal keren geprobeerd maar het lukt niet

als ik dat combofix start krijg ik dit te zien

ComboFix 12-03-14.01 - senne&cindy 14/03/2012 21:17:19.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4078.2571 [GMT 1:00] Gestart vanuit: c:\users\senne&cindy\Downloads\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . I:\install.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))) . . 2012-03-14 20:21 . 2012-03-14 20:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-13 21:36 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-13 21:36 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-13 21:36 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-13 20:38 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 20:38 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-13 20:38 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 17:40 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-13 17:40 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-13 17:40 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-13 17:40 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-13 17:40 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 17:40 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-13 17:40 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-13 06:54 . 2012-03-13 06:54 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2012-03-13 06:54 . 2012-03-13 06:54 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2012-03-12 13:06 . 2012-03-12 13:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-12 13:06 . 2012-03-12 13:06 -------- d-----w- c:\programdata\Malwarebytes 2012-03-12 13:06 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-11 20:53 . 2012-03-11 21:02 4076 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys 2012-03-11 20:53 . 2012-03-11 20:53 88 --sh--r- c:\windows\SysWow64\D8BBC2F9FB.sys 2012-03-11 20:51 . 2012-03-11 20:51 -------- d-----w- c:\windows\SysWow64\Spool 2012-03-11 19:22 . 2012-03-11 19:22 -------- d-----w- c:\program files (x86)\Trend Micro 2012-03-09 21:33 . 2010-08-26 08:32 98696 ----a-w- c:\windows\SysWow64\setupprwdrv03.exe 2012-03-09 21:33 . 2010-08-26 08:32 96648 ----a-w- c:\windows\system32\setupprwdrvx64.exe 2012-03-09 21:33 . 2010-08-25 18:39 16776 ----a-w- c:\windows\system32\prwntdrv.sys 2012-03-09 21:33 . 2010-08-25 18:39 13704 ----a-w- c:\windows\SysWow64\prwntdrv.sys 2012-03-08 09:25 . 2012-03-08 09:25 -------- d-----w- c:\windows\SysWow64\Wat 2012-03-08 09:25 . 2012-03-08 09:25 -------- d-----w- c:\windows\system32\Wat 2012-03-08 08:36 . 2012-03-13 19:40 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-08 08:36 . 2012-03-08 08:36 -------- d-----w- c:\windows\system32\Macromed 2012-03-08 08:18 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-03-07 20:49 . 2012-03-09 21:33 -------- d-----w- c:\program files (x86)\EASEUS 2012-03-07 07:07 . 2012-03-07 07:07 -------- d-----w- c:\program files (x86)\GetData 2012-03-07 06:55 . 2012-03-07 06:55 -------- d-----w- C:\recuva teruggehaalde bestanden 2012-03-07 06:49 . 2012-03-07 06:49 -------- d-----w- c:\program files\Recuva 2012-03-07 00:45 . 2012-03-07 00:45 -------- d-----w- c:\program files (x86)\uTorrent 2012-03-06 22:58 . 2012-03-06 22:58 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation 2012-03-06 22:20 . 2012-03-06 22:20 -------- d-----w- c:\programdata\Medion Reminder 2012-03-06 22:19 . 2012-03-06 22:19 -------- d-----w- c:\users\senne&cindy 2012-03-06 22:16 . 2012-03-14 18:30 -------- d-----w- c:\programdata\Kaspersky Lab 2012-03-06 22:16 . 2012-03-06 22:16 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2012-03-06 22:15 . 2012-03-06 22:15 -------- d-----w- c:\program files\PlayReady 2012-03-06 22:14 . 2012-03-11 20:52 -------- d-----w- c:\program files (x86)\Common Files\Corel 2012-03-06 22:14 . 2012-03-06 22:14 -------- d-----w- c:\program files (x86)\Common Files\Protexis 2012-03-06 22:14 . 2012-03-06 22:14 -------- d-----w- c:\programdata\Corel 2012-03-06 22:12 . 2012-03-11 20:51 -------- d-----w- c:\program files (x86)\Corel 2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\programdata\Partner 2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\program files\Google 2012-03-06 22:11 . 2012-03-06 22:11 -------- d-----w- c:\program files (x86)\Google 2012-03-06 22:09 . 2012-03-06 22:09 -------- d-sh--we C:\Documents and Settings 2012-03-06 22:09 . 2012-03-06 22:09 -------- d-----w- C:\Recovery . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-06 23:01 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-27 336384] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\sbhook.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 136176] R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2012-03-06 332272] R3 prwntdrv;prwntdrv;c:\windows\system32\prwntdrv.sys [2010-08-25 16776] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-03-11 2656280] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x] S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 22:11] . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-06 22:11] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}] 2012-03-06 22:11 750064 ----a-w- c:\programdata\Partner\Partner64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568] "MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-03-12 443688] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-08-28 531272] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-03-12 443688] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.zita.be/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube to MP3 Converter - c:\users\senne&cindy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Toevoegen aan Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm TCP: DhcpNameServer = 195.130.131.133 195.130.130.5 FF - ProfilePath - c:\users\senne&cindy\AppData\Roaming\Mozilla\Firefox\Profiles\2gtyd87h.default\ FF - prefs.js: browser.startup.homepage - Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-Corel Photo Downloader - c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-14 21:23:35 ComboFix-quarantined-files.txt 2012-03-14 20:23 . Pre-Run: 1.253.939.044.352 bytes beschikbaar Post-Run: 1.253.972.324.352 bytes beschikbaar . - - End Of File - - A67EFA7237166A1EC7D5781D23AD93DC

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:33:33, on 12/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9733 bytes dit is nu het logje moet ik nog iets doen ,ben ik nu veilig? ik heb kaspersky beveiliging is dit ok ?

Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.03.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 senne&cindy :: SENNECINDY-PC [administrator] 12/03/2012 14:07:22 mbam-log-2012-03-12 (14-07-22).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 201430 Verstreken tijd: 2 minuut/minuten, 52 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)

welke moet ik juist verwijderen dat ik heel zeker ben die van die ebay he die andere heb ik al verwijderd

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:27:10, on 11/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Zita - het Web van Z tot A - Nieuws | Entertainment | Lifestyle | Fun R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Toevoegen aan Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll O9 - Extra button: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay.be - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay België (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10043 bytes en nog maals bedankt hé zeg

JOEPIE!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! we hebben alles terug echt alles whoehoe!!!!!! clarkie je bent een engel 1000000 maal bedankt er kwam een melding dat er trojan virussen op de pc zaten zou hij kunnen gecracht zijn daardoor en nog maals dank u :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: :adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore::adore: