Pup blabbers

[joska]

Open hier een nieuw topic want na malware scan, wordt elke keer PUP Blabbers gedetecteerd als twee objecten.

Dat is nu al de derde keer (gisteren) dus vermoed dat het nog niet goed zit.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:53:03, on 14-7-2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\AVG\AVG2012\avgemcx.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Atheros\ACU.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE

C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.2.0\ScriptHelper.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Gebruiker\Bureaublad\HijackThis.exe

C:\Documents and Settings\Gebruiker\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&barid={512A3F45-4A00-4CB7-9CFD-72B1B6E8D3DE}

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKCU\..\Run: [Registry Reviver] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} (sIKN Speler) - http://www.kerkomroep.nl/ocx/sIKNPlayer.cab

O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00) - http://imst.selfip.net:88/LNetCam.cab

O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - http://www.crtvg.es/camweb/camera.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Atheros-configuratieservice (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe

O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

--

End of file - 11087 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.6.4.3\bh\Softonic.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[joska]

Na download combofix vind ik deze nergens terug.

AVG staat uit en Malwere is verwijderd.

[kape]

Na download combofix vind ik deze nergens terug.

AVG staat uit en Malwere is verwijderd.

Kijk voor Combofix eens in Downloads of op de C:\-partitie ?

[joska]

In C:\ zie ik een lege map (combofix) en in downloads niks.

[kape]

Verwijder dan de bestaande download via Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall ... en download een nieuwe versie ervan.

[joska]

Hier dan toch het combofix bestand, probleem zat bij AVG ondanks dat die uit stond.

ComboFix 12-07-11.03 - Gebruiker 14-07-2012 12:34:40.10.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2940.2137 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\COMBOFIX.EXE

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_ctypes.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_elementtree.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_hashlib.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_socket.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\_ssl.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\pyexpat.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\pysqlite2._sqlite.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\python26.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\pythoncom26.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\PyWinTypes26.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\select.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\unicodedata.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32api.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32com.shell.shell.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32crypt.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32event.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32file.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32inet.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32pdh.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\win32process.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\windows._cacheinvalidation.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._controls_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._core_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._gdi_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._html2.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._misc_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._windows_.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wx._wizard.pyd

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxbase293u_net_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxbase293u_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxmsw293u_adv_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxmsw293u_core_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxmsw293u_html_vc.dll

c:\docume~1\GEBRUI~1\LOCALS~1\Temp\_MEI28842\wxmsw293u_webview_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_ctypes.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_elementtree.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_hashlib.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_socket.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\_ssl.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\pyexpat.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\pysqlite2._sqlite.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\python26.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\pythoncom26.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\PyWinTypes26.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\select.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\unicodedata.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32api.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32com.shell.shell.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32crypt.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32event.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32file.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32inet.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32pdh.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\win32process.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\windows._cacheinvalidation.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._controls_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._core_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._gdi_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._html2.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._misc_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._windows_.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wx._wizard.pyd

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxbase293u_net_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxbase293u_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxmsw293u_adv_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxmsw293u_core_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxmsw293u_html_vc.dll

c:\documents and settings\Gebruiker\Local Settings\temp\_MEI28842\wxmsw293u_webview_vc.dll

C:\Install.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-14 to 2012-07-14 ))))))))))))))))))))))))))))))

.

.

2012-07-13 20:28 . 2012-07-14 10:37 -------- d--h--r- c:\documents and settings\Gebruiker\Onlangs geopend

2012-07-13 18:36 . 2012-07-13 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\VirtualizedApplications

2012-07-13 16:45 . 2012-07-13 16:45 -------- d-----r- C:\MSOCache

2012-07-13 16:23 . 2012-07-13 16:23 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\SoftGrid Client

2012-07-13 16:23 . 2012-07-14 10:41 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\SoftGrid Client

2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\program files\Microsoft Application Virtualization Client

2012-07-13 16:20 . 2012-07-13 16:20 -------- d-----w- c:\documents and settings\All Users\Microsoft

2012-07-13 16:18 . 2012-07-13 16:37 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\TP

2012-07-13 06:30 . 2012-07-14 10:11 -------- d-----w- c:\program files\VS Revo Group

2012-07-11 20:11 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\HIDSERV.DLL

2012-07-11 20:11 . 2008-04-14 20:32 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2012-06-26 13:39 . 2012-06-26 13:39 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\PDAppFlex

2012-06-26 13:37 . 2012-06-26 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe

2012-06-26 13:34 . 2012-06-26 13:35 -------- d-----w- C:\Wouter

2012-06-26 12:58 . 2012-06-26 12:58 -------- d-----w- c:\documents and settings\Gebruiker\Wouter

2012-06-26 12:56 . 2012-06-26 12:56 -------- d-----w- c:\program files\Adobe Download Assistant

2012-06-19 20:04 . 2012-06-19 20:04 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant

2012-06-19 12:23 . 2004-03-29 14:23 90112 ----a-w- c:\windows\unvise32.exe

2012-06-19 12:23 . 2012-07-11 05:39 -------- d-----w- c:\program files\The Logo Creator v5

2012-06-19 12:07 . 2012-06-19 12:07 -------- d-----w- c:\program files\Babylon

2012-06-19 12:06 . 2012-07-13 16:37 513 ----a-w- C:\user.js

2012-06-19 12:05 . 2012-06-19 12:18 -------- d-----w- c:\program files\PC Speed Up

2012-06-19 12:00 . 2012-06-19 12:21 -------- d-----w- c:\documents and settings\Gebruiker\Local Settings\Application Data\Box Shot 3D

2012-06-19 12:00 . 2012-06-19 12:00 -------- d-----w- c:\program files\BoxShot3D

2012-06-18 16:11 . 2012-06-18 16:11 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Nitro PDF

2012-06-18 16:11 . 2012-06-18 16:11 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\FileOpen

2012-06-18 16:11 . 2012-06-18 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\FileOpen

2012-06-18 16:10 . 2012-06-18 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF

2012-06-18 16:09 . 2012-06-18 16:09 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\Downloaded Installations

2012-06-17 13:46 . 2012-06-17 13:46 -------- d-----w- c:\documents and settings\Gebruiker\Application Data\PrimoPDF

2012-06-16 18:29 . 2011-02-28 22:37 180624 ----a-w- c:\windows\system32\Primomonnt.dll

2012-06-16 18:29 . 2012-06-21 21:51 -------- d-----w- c:\program files\Nitro PDF

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 12:21 . 2012-04-05 13:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-12 12:21 . 2011-08-10 07:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-13 13:55 . 2009-02-17 09:25 1866240 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:49 . 2009-02-17 09:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:49 . 2009-02-17 09:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2009-02-17 09:25 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 13:19 . 2009-02-17 09:25 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2009-02-17 09:25 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2009-02-17 09:25 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2009-02-17 09:25 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2009-02-17 09:25 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2009-02-17 09:25 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2009-02-17 09:25 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2009-02-17 09:24 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2009-02-17 09:25 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2009-02-17 09:25 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2009-02-17 09:25 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2009-02-17 09:25 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2009-02-17 09:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2010-02-10 04:22 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2010-02-10 04:22 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2010-02-10 04:22 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2009-02-17 09:24 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2009-02-17 09:25 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:44 . 2009-02-17 09:24 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2009-02-17 09:24 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2009-02-17 09:24 385024 ------w- c:\windows\system32\html.iec

2012-05-05 03:15 . 2009-02-17 09:25 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2009-02-17 09:25 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2009-02-17 09:25 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-06-20 17:02 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Registry Reviver"="c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe" [2012-04-05 1736520]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-06-20 12163848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-13 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-13 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-13 141848]

"RTHDCPL"="RTHDCPL.EXE" [2009-02-13 16860672]

"ACU"="c:\program files\Atheros\ACU.exe" [2008-04-14 450648]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2012-01-17 520544]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Railroads!\\RailRoads.exe"=

"c:\\WINDOWS\\system32\\dpnsvr.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\WINDOWS\\system32\\msiexec.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 8:13 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 16:03 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 6:41 230608]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [5-4-2011 0:59 295248]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12-10-2011 7:25 4433248]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2-8-2011 7:09 192776]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [7-2-2012 20:54 822624]

R2 DbgMsg;Debug Message;c:\windows\system32\drivers\DbgMsg.sys [8-6-2011 18:35 18240]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24-10-2009 3:18 360224]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [1-10-2011 1:30 508776]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [10-7-2012 9:50 935008]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 21:28 134608]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 7:53 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 7:53 16720]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [1-10-2011 1:30 584680]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [1-10-2011 1:30 209512]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [1-10-2011 1:30 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [1-10-2011 1:30 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [1-10-2011 1:30 219496]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [17-2-2009 11:25 20160]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5-4-2012 15:42 250056]

S3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys --> c:\windows\system32\DRIVERS\avfsfilter.sys [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [18-10-2011 2:43 78136]

S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [7-10-2009 22:32 21888]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29-9-2010 10:09 136176]

S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [9-6-2011 9:05 40960]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [5-11-2009 3:31 4640000]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [18-10-2011 2:43 181432]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19-2-2010 13:37 517096]

S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [11-5-2011 0:03 1025352]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 12:21]

.

2012-07-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-36DCC4F78D5444B-Gebruiker.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-06-26 04:09]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 08:09]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004Core.job

- c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 19:44]

.

2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-343818398-1801674531-1004UA.job

- c:\documents and settings\Gebruiker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-16 19:44]

.

2012-07-14 c:\windows\Tasks\Registry Reviver-Gebruiker-Startup.job

- c:\program files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2011-02-04 08:37]

.

2012-07-13 c:\windows\Tasks\User_Feed_Synchronization-{02361792-D5A7-4357-9E1C-AADB8871148C}.job

- c:\windows\system32\msfeedssync.exe [2009-02-17 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.igoogle.nl/

mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={512A3F45-4A00-4CB7-9CFD-72B1B6E8D3DE}

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

Trusted Zone: 127.0.0.1

Trusted Zone: localhost

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab

DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://imst.selfip.net:88/LNetCam.cab

DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} - hxxp://www.crtvg.es/camweb/camera.cab

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-07-14 12:44

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(2548)

c:\program files\Google\Drive\googledrivesync32.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\acs.exe

c:\program files\Canon\IJPLM\IJPLMSVC.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Google\Update\1.3.21.115\GoogleCrashHandler.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\windows\system32\SearchIndexer.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-14 13:24:33 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-14 11:24

ComboFix2.txt 2012-07-11 20:26

.

Pre-Run: 90.146.824.192 bytes beschikbaar

Post-Run: 90.228.396.032 bytes beschikbaar

.

- - End Of File - - 38B2774F9A9516374EF6AF83A7D0E3DC

[kape]

Verwijder deze vetgedrukte bestanden en mappen :

C:\user.js

c:\program files\Babylon

... en laat dan even weten hoe het nu met je Pub Blabbers staat ?

[joska]

Waar kan ik deze verwijderen

[kape]

Op de aangeduide locatie :

Deze Computer -> C:\ -> user.js

Deze Computer -> C:\ -> Program Files -> Babylon

Rechtsklikken op de vetgedrukte bestanden en mappen en kiezen voor verwijderen.