Malwarebytes heeft virus gevonden - wat nu

[amazone]

Ik heb op mijn Dell portable Malwarebytes een diepe scan laten doen en dit is gevonden:

Bestanden gedetecteerd: 2

C:\Windows\winsxs\x86_microsoft-windows-n..g-napclientconfigui_31bf3856ad364e35_6.0.6000.16386_none_736b559342fe7c9f\napdsnap.dll (Troan.Dropper.KLH) -> Geen actie ondernomen.

D:\$RECYCLE.BIN\S-1-5-21-476572837-3613989952-766228717-1002\$RRECGG8\SoftonicDownloader_for_opswat-security-score.exe (PUP.Optional.Softonic) -> Geen actie ondernomen.

Voorlopig heb ik niets gedaan.

Als je op het internet zoekt naar TroanDropper vindt je allerlei programma's om die te deleten maar dat betrouw ik niet.

Je kan Malwarebytes opdracht geven deze te verwijderen.

Maar daar heb ik zonet op mijn andere pc een heel slechte ervaring mee gehad. Windows wilde niet meer starten. Gelukkig kon ik met Acronis een image terugzetten.

Dus nu vernietig ik niet zomaar meer.

[kape]

Download RSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

• RSIT 32 bit (RSIT.exe)
  
• RSIT 64 bit (RSITx64.exe)
  

Dubbelklik op RSIT.exe om de tool te starten.

• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  
• Wanneer de tool gereed is wordt er een kladblok bestand genaamd "Log" geopend.
  
• Plaats de inhoud hiervan in het volgende bericht.
  

[amazone]

Kape,

Schitterend dat je er weer zo vlug bij bent om mij te helpen.

Moet straks even weg maar kom in de late namiddag zeker terug hier kijken

Dit is de log file:

info.txt logfile of random's system information tool 1.09 2013-10-25 09:36:41

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x13

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x13

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x13

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x13

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x13

Aan de slag met Dell-->MsiExec.exe /I{2C086D06-187A-4050-ADD4-2F9D033651B4}

Acronis True Image Home-->MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -maintain activex

Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x13 /remove

Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x13 /remove

All My Books 3.5-->"C:\Program Files\AllMyBooks\unins000.exe"

BatteryCare 0.9.14.0-->"C:\Program Files\BatteryCare\unins000.exe"

Boilsoft Video Splitter 6.34-->"C:\Program Files\Boilsoft\Boilsoft Video Splitter\unins000.exe"

Broadcom Management Programs-->MsiExec.exe /I{C99C0593-3B48-41D9-B42F-6E035B320449}

Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Comodo Dragon-->"C:\Program Files\Comodo\Dragon\uninstall.exe"

COMODO Internet Security Premium-->MsiExec.exe /I{F1EC4151-805B-4097-B9BB-7D71A417AAF1}

Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000fz.inf

Dell Dock-->MsiExec.exe /I{F6CB42B9-F033-4152-8813-FF11DA8E6A78}

Dell Support Center-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}

Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE

Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x13 /remove

Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x13 /remove

Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0013 -removeonly

EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"

Extreme Thumbnail Generator 1.19.2-->"C:\Program Files\Extreme Thumbnail Generator\unins000.exe"

FileHippo.com Update Checker-->"C:\Program Files\FileHippo.com\uninstall.exe"

FILEminimizer Office-->"C:\Program Files\FILEminimizer Office\unins000.exe"

FileZilla Client 3.7.0.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe

Foxit Reader-->"C:\Program Files\Foxit Software\Foxit Reader\unins000.exe"

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_08875ABF44579E20.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

GoToAssist 8.0.0.514-->C:\Program Files\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Intel® PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe

Java 7 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217021FF}

KeePass Password Safe 1.26-->"C:\Program Files\KeePass Password Safe\unins000.exe"

K-Lite Codec Pack 9.9.5 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0413

LastPass(alleen deïnstalleren)-->C:\Program Files\LastPass\lastpass.exe --uninstall

Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0013 -removeonly /remove

Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0013 -removeonly /remove

MailWasher Pro-->"C:\Program Files\FireTrust\MailWasher Pro\unins000.exe"

Malwarebytes Anti-Malware versie 1.75.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}

MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall

mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}

Microsoft .NET Framework 3.5 Language Pack SP1 - nld-->MsiExec.exe /I{101738D7-D805-37A9-BB91-1F2C351782BF}

Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile NLD Language Pack-->MsiExec.exe /X{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Money 2001-->MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1D12BC91-360E-424C-97C4-813651313660}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-00A1-0413-0000-0000000FF1CE} /uninstall {26257879-B20D-4D30-A429-B387A4890929}

Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}

Microsoft Office Excel MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Dutch) 2007-->MsiExec.exe /X{90120000-00A1-0413-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Dutch) 2007-->MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}

Microsoft Office Professional Editie 2003-->MsiExec.exe /I{90110413-6000-11D3-8CFE-0150048383C9}

Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}

Microsoft Office Proofing (Dutch) 2007-->MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {928D7B99-2BEA-49F9-83B8-20FA57860643}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}

Microsoft Office Shared MUI (Dutch) 2007-->MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}

Microsoft Office Word MUI (Dutch) 2007-->MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

msvcrt_installer-->MsiExec.exe /I{6068A42A-C1CF-45F2-9859-5DB16287FE5D}

mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

MyTomTom 3.2.0.1219-->C:\Program Files\MyTomTom 3\Uninstall MyTomTom3.exe

NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0013 -removeonly

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}

Portfolio2000 - KBC-->C:\Windows\unin0413.exe -f"C:\Program Files\Portfolio2000 - KBC\DeIsL1.isu" -c"C:\Program Files\Portfolio2000 - KBC\_ISREG32.DLL"

QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}

Revo Uninstaller 1.95-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe

Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}

Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}

Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}

Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}

Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}

Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {48B0C142-A0F4-3263-90E1-1984CBB8DD18} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CD6D9B8A-BBC4-3FA7-B24D-D74CE90630CF} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {ECBEE23D-AB7E-3DAA-B66B-CD52003198F1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {788818B1-B191-3217-A210-7ACFDE19CE4A} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B7C20E16-9A3A-3F05-A6B5-E15AA09200E0} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {CF581973-77E0-3093-A1AC-A03130DE990F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {80774950-A707-386B-9C9B-D052D20BD54B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {576C07F8-777C-3981-B8BF-063A6B57254E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {90EA7C4E-7F03-31FD-BE27-B1A9B4AE56BD} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {1E88AFAE-CEF7-3540-8FF6-6D00877B2767} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8BA4E34D-95C5-3907-87E4-62FBB31A2190} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {21AEAFE4-6F0E-3169-A09C-9FB37C77E555} /parameterfolder Client

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder ClientLP

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP

Skype™ 6.6-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - nld\setup.exe

Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1043 /parameterfolder ClientLP

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {0160BA31-409C-3FD0-9C87-C7D95BF46986} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {D5B80B17-2443-3296-A700-792FAA0748BD} /parameterfolder Client

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}

Update voor Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {5CF7002F-6F49-4482-9564-5614FBE560FA}

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}

Update voor Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {A66AE6A1-8D8C-4102-BC18-38CBDE40F809}

Visual Studio C++ 10.0 Runtime-->MsiExec.exe /I{4412F224-3849-4461-A3E9-DEEF8D252790}

WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}

WinPatrol-->C:\PROGRA~2\INSTAL~2\{A62F9~1\Setup.exe /remove /q0

WinX HD Video Converter Deluxe 4.0.0-->"C:\Program Files\WinX_HD_Video_Converter_Deluxe\unins000.exe"

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: INSPIRON

Event Code: 7036

Message: De Microsoft Software Shadow Copy Provider-service heeft nu de status gestopt.

Record Number: 78690

Source Name: Service Control Manager

Time Written: 20130728125351.000000-000

Event Type: Informatie

User:

Computer Name: INSPIRON

Event Code: 4372

Message: De status van pakket KB2832412(Security Update) wordt ingesteld op Tijdelijk opslaan(Staging)

Record Number: 78689

Source Name: Microsoft-Windows-Servicing

Time Written: 20130728125350.000000-000

Event Type: Informatie

User: INSPIRON\Dany

Computer Name: INSPIRON

Event Code: 4372

Message: De status van pakket KB2832412(Security Update) wordt ingesteld op Tijdelijk opslaan(Staging)

Record Number: 78688

Source Name: Microsoft-Windows-Servicing

Time Written: 20130728125350.000000-000

Event Type: Informatie

User: INSPIRON\Dany

Computer Name: INSPIRON

Event Code: 4372

Message: De status van pakket KB2832412(Security Update) wordt ingesteld op Tijdelijk opslaan(Staging)

Record Number: 78687

Source Name: Microsoft-Windows-Servicing

Time Written: 20130728125350.000000-000

Event Type: Informatie

User: INSPIRON\Dany

Computer Name: INSPIRON

Event Code: 4372

Message: De status van pakket KB2832412(Security Update) wordt ingesteld op Tijdelijk opslaan(Staging)

Record Number: 78686

Source Name: Microsoft-Windows-Servicing

Time Written: 20130728125350.000000-000

Event Type: Informatie

User: INSPIRON\Dany

=====Application event log=====

Computer Name: PC_GuyVanAckere

Event Code: 223

Message: WinMail (3420) WindowsMail0: Het maken van een back-up van logboekbestanden (bereik C:\Users\Guy Van Ackere\AppData\Local\Microsoft\Windows Mail\edb00001.log - C:\Users\Guy Van Ackere\AppData\Local\Microsoft\Windows Mail\edb00001.log) is gestart.

Record Number: 529

Source Name: ESENT

Time Written: 20080918201325.000000-000

Event Type: Informatie

User:

Computer Name: PC_GuyVanAckere

Event Code: 221

Message: WinMail (3420) WindowsMail0: Het maken van een back-up van bestand C:\Users\Guy Van Ackere\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore wordt beëindigd.

Record Number: 528

Source Name: ESENT

Time Written: 20080918201325.000000-000

Event Type: Informatie

User:

Computer Name: PC_GuyVanAckere

Event Code: 220

Message: WinMail (3420) WindowsMail0: Het maken van een back-up van bestand C:\Users\Guy Van Ackere\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore (grootte 2 Mb) wordt gestart.

Record Number: 527

Source Name: ESENT

Time Written: 20080918201325.000000-000

Event Type: Informatie

User:

Computer Name: PC_GuyVanAckere

Event Code: 210

Message: WinMail (3420) WindowsMail0: Het maken van een volledige back-up wordt gestart.

Record Number: 526

Source Name: ESENT

Time Written: 20080918201325.000000-000

Event Type: Informatie

User:

Computer Name: PC_GuyVanAckere

Event Code: 102

Message: WinMail (3420) WindowsMail0: De database-engine (6.00.6000.0000) heeft een nieuwe sessie (0) gestart.

Record Number: 525

Source Name: ESENT

Time Written: 20080918201325.000000-000

Event Type: Informatie

User:

=====Security event log=====

Computer Name: PC_GuyVanAckere

Event Code: 4907

Message: De controle-instellingen voor een object zijn gewijzigd.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: D65PLV3J$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Object:

Objectserver: Security

Objecttype: File

Objectnaam: C:\Windows\winsxs\Temp\PendingRenames\b1b28db3cb19c901d4080000b40ae80c.XboxMCX-V.XEX

Ingangs-id: 0xbe0

Procesgegevens:

Proces-id: 0xab4

Procesnaam: C:\Windows\servicing\TrustedInstaller.exe

Controle-instellingen:

Oorspronkelijke security descriptor:

Nieuwe security descriptor: S:ARAI

Record Number: 474

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20080918201823.948126-000

Event Type: Controle geslaagd

User:

Computer Name: PC_GuyVanAckere

Event Code: 4672

Message: Speciale bevoegdheden toegewezen aan nieuwe aanmelding.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Bevoegdheden: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 473

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20080918201636.502926-000

Event Type: Controle geslaagd

User:

Computer Name: PC_GuyVanAckere

Event Code: 4624

Message: Er is een account aangemeld.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: D65PLV3J$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldingstype: 5

Nieuwe aanmelding:

Beveiligings-id: S-1-5-18

Accountnaam: SYSTEEM

Accountdomein: NT AUTHORITY

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Procesgegevens:

Proces-id: 0x23c

Naam proces: C:\Windows\System32\services.exe

Netwerkgegevens:

Naam van werkstation:

Netwerkadres van bron: -

Poort van bron: -

Gedetailleerde verificatiegegevens:

Aanmeldingsproces: Advapi

Verificatiepakket: Negotiate

Doorgezette services: -

Pakketnaam (alleen NTLM): -

Sleutellengte: 0

Deze gebeurtenis wordt gegenereerd wanneer een aanmeldingssessie wordt gemaakt. De gebeurtenis wordt gegenereerd op de computer waartoe toegang wordt verkregen.

De velden Onderwerp bevatten de account op het lokale systeem waardoor de aanmelding is aangevraagd. Dit is meestal een service zoals de Server-service, of een lokaal proces zoals Winlogon.exe of Services.exe.

In het veld Aanmeldingstype ziet u het type aanmelding. De meest algemene typen zijn 2 (interactief) en 3 (netwerk).

Het veld Nieuwe aanmelding bevat de account waarvoor de nieuwe aanmelding is gemaakt. Dit is de account waarmee is aangemeld.

In de netwerkvelden ziet u de bron van een externe aanmeldingsaanvraag. Naam van werkstation is niet altijd beschikbaar en kan in sommige gevallen leeg zijn.

De velden met verificatiegegevens bevatten gedetailleerde informatie over deze aanmeldingsaanvraag.

- Aanmeldings-GUID is een unieke id die kan worden gebruikt om deze gebeurtenis af te stemmen met een KDC-gebeurtenis.

- In Doorgezette services ziet u welke tussentijdse services voor deze aanmeldingsaanvraag zijn gebruikt.

- Pakketnaam geeft aan welk subprotocol van de NTLM-protocollen is gebruikt.

- Sleutellengte geeft de lengte van de gegenereerde sessiesleutel aan. Dit veld is 0 als er geen sessiesleutel is aangevraagd.

Record Number: 472

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20080918201636.502926-000

Event Type: Controle geslaagd

User:

Computer Name: PC_GuyVanAckere

Event Code: 4648

Message: Poging tot aanmelden met expliciete referenties.

Onderwerp:

Beveiligings-id: S-1-5-18

Accountnaam: D65PLV3J$

Accountdomein: WORKGROUP

Aanmeldings-id: 0x3e7

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Account waarvan de referenties zijn gebruikt:

Accountnaam: SYSTEEM

Accountdomein: NT AUTHORITY

Aanmeldings-GUID: {00000000-0000-0000-0000-000000000000}

Doelserver:

Naam van doelserver: localhost

Aanvullende gegevens: localhost

Procesgegevens:

Proces-id: 0x23c

Procesnaam: C:\Windows\System32\services.exe

Netwerkgegevens:

Netwerkadres: -

Poort: -

Deze gebeurtenis wordt gegenereerd wanneer een proces probeert zich op een account aan te melden door expliciet de referenties van die account op te geven. Meestal gebeurt dit in batchconfiguraties zoals geplande taken, of bij gebruik van de opdracht Uitvoeren als.

Record Number: 471

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20080918201636.502926-000

Event Type: Controle geslaagd

User:

Computer Name: PC_GuyVanAckere

Event Code: 1102

Message: Het controlelogboek is gewist.

Onderwerp:

Beveiligings-id: S-1-5-21-476572837-3613989952-766228717-1000

Accountnaam: Guy Van Ackere

Domeinnaam: PC_GuyVanAckere

Aanmeldings-id: 0x17ce9d

Record Number: 470

Source Name: Microsoft-Windows-Eventlog

Time Written: 20080918201320.774526-000

Event Type: Controle geslaagd

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"NUMBER_OF_PROCESSORS"=2

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel

"PROCESSOR_LEVEL"=6

"PROCESSOR_REVISION"=1706

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

"TEMP"=T:\Temp

"TMP"=T:\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

-----------------EOF-----------------

- - - Updated - - -

Even een opmerking hierover.

Ik heb de portable gekocht begin dit jaar van GuyVanAckere.

Hij had hem volledig opgekuist.

Ik weet niet waarom er zoveel meldingen met zijn naam zijn.

[Hensyr]

van zodra een van onze experts online is zullen ze deze log bestuderen

[kape]

Dit is één logje van RSIT info.txt. Wil je ook het logje log.txt eens in een bericht hangen.

[amazone]

Sorry Kape, maar er is geen enkele aanduiding over waar wat opgeslagen wordt.

Ik draai het programma dat je opgaf en er komt een lijst a la Hijack this.

Kladblok opent log.txt - ik heb CrtlA gedaan en alles gekopieerd en geplakt

Heb het programma nog eens laten lopen.

Het bestand noemt wel log.txt - en dit is het:

Logfile of random's system information tool 1.09 (written by random/random)

Run by Dany at 2013-10-25 19:57:40

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 91 GB (65%) free of 139 GB

Total RAM: 3581 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:57:41, on 25/10/2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16514)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\Comodo\COMODO Internet Security\cistray.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\BatteryCare\BatteryCare.exe

C:\Program Files\Comodo\COMODO Internet Security\cis.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe

C:\Windows\Explorer.exe

C:\Windows\system32\NOTEPAD.EXE

D:\Downloads\RSIT.exe

C:\Program Files\trend micro\Dany.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gepersonaliseerde startpagina

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Startup: MailWasherPro.lnk = C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: LastPass - file://C:\Users\Dany\AppData\LocalLow\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: LastPass Invulformulieren - file://C:\Users\Dany\AppData\LocalLow\LastPass\context.html?cmd=fillforms

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: M4-Service - Unknown owner - C:\Users\Dany\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8977 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-13 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95D9ECF5-2A4D-4550-BE49-70D42F71296E}]

LastPass Vault - C:\Program Files\LastPass\LPToolbar.dll [2013-06-14 608256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-10 194640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-13 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - LastPass Toolbar - C:\Program Files\LastPass\LPToolbar.dll [2013-06-14 608256]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-10-10 194640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2013-10-20 1576152]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2013-07-15 436800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe [2007-07-27 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]

C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2008-03-11 202544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2008-03-11 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

C:\Dell\E-Center\EULALauncher.exe [2008-02-29 17920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

C:\Windows\system32\NvCpl.dll [2009-06-16 13793824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]

C:\Windows\system32\nvHotkey.dll [2009-06-16 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]

C:\Windows\OEM02Mon.exe [2007-12-03 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

C:\Program Files\Dell\MediaDirect\PCMService.exe [2007-12-21 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]

C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [2008-01-02 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]

C:\Users\Dany\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-31 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

C:\PROGRA~1\DIGITA~1\DLG.exe [2006-11-03 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Dany^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasherPro.lnk]

C:\PROGRA~1\FIRETR~1\MAILWA~1\MAILWA~1.EXE [2007-09-25 16485023]

C:\Users\Dany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe

MailWasherPro.lnk - C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-31 10536]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2013-10-25 09:35:52 ----D---- C:\rsit

2013-10-25 09:35:52 ----D---- C:\Program Files\trend micro

2013-10-24 15:55:23 ----D---- C:\Users\Dany\AppData\Roaming\Malwarebytes

2013-10-24 15:52:31 ----D---- C:\ProgramData\Malwarebytes

2013-10-24 15:52:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2013-10-24 15:52:29 ----A---- C:\Windows\system32\drivers\mbam.sys

2013-10-10 20:22:36 ----D---- C:\Users\Dany\AppData\Roaming\Boilsoft

2013-10-10 20:22:33 ----D---- C:\Program Files\Boilsoft

2013-10-10 19:02:34 ----A---- C:\Windows\system32\vbscript.dll

2013-10-10 19:02:34 ----A---- C:\Windows\system32\mshtmled.dll

2013-10-10 19:02:33 ----A---- C:\Windows\system32\wininet.dll

2013-10-10 19:02:33 ----A---- C:\Windows\system32\msfeeds.dll

2013-10-10 19:02:33 ----A---- C:\Windows\system32\jsproxy.dll

2013-10-10 19:02:33 ----A---- C:\Windows\system32\jscript.dll

2013-10-10 19:02:33 ----A---- C:\Windows\system32\ieUnatt.exe

2013-10-10 19:02:33 ----A---- C:\Windows\system32\ieui.dll

2013-10-10 19:02:32 ----A---- C:\Windows\system32\url.dll

2013-10-10 19:02:32 ----A---- C:\Windows\system32\jscript9.dll

2013-10-10 19:02:32 ----A---- C:\Windows\system32\iertutil.dll

2013-10-10 19:02:31 ----A---- C:\Windows\system32\urlmon.dll

2013-10-10 19:02:31 ----A---- C:\Windows\system32\mshtml.dll

2013-10-10 19:02:30 ----A---- C:\Windows\system32\ieframe.dll

2013-10-10 18:57:40 ----A---- C:\Windows\system32\drivers\Wdf01000.sys

2013-10-10 18:57:40 ----A---- C:\Windows\system32\drivers\usbuhci.sys

2013-10-10 18:57:40 ----A---- C:\Windows\system32\drivers\usbport.sys

2013-10-10 18:57:40 ----A---- C:\Windows\system32\drivers\usbhub.sys

2013-10-10 18:57:40 ----A---- C:\Windows\system32\drivers\usbehci.sys

2013-10-10 18:57:40 ----A---- C:\Windows\system32\drivers\usbd.sys

2013-10-10 18:57:40 ----A---- C:\Windows\system32\drivers\usbccgp.sys

2013-10-10 18:57:39 ----A---- C:\Windows\system32\atmlib.dll

2013-10-10 18:57:39 ----A---- C:\Windows\system32\atmfd.dll

2013-10-10 18:56:50 ----A---- C:\Windows\system32\comctl32.dll

2013-10-10 18:56:49 ----A---- C:\Windows\system32\drivers\hidparse.sys

2013-10-09 20:17:56 ----A---- C:\Windows\system32\win32k.sys

2013-10-09 20:17:56 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-09 20:17:56 ----A---- C:\Windows\system32\FntCache.dll

2013-10-09 20:17:56 ----A---- C:\Windows\system32\DWrite.dll

2013-10-09 20:17:56 ----A---- C:\Windows\system32\d3d10level9.dll

2013-10-09 20:17:55 ----A---- C:\Windows\system32\d3d10warp.dll

2013-10-09 20:17:55 ----A---- C:\Windows\system32\d3d10core.dll

2013-10-09 20:17:55 ----A---- C:\Windows\system32\d3d10_1core.dll

2013-10-09 20:17:55 ----A---- C:\Windows\system32\d3d10_1.dll

2013-10-09 20:17:55 ----A---- C:\Windows\system32\d3d10.dll

2013-10-09 20:17:55 ----A---- C:\Windows\system32\d2d1.dll

2013-10-09 20:17:52 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys

2013-10-09 20:17:52 ----A---- C:\Windows\system32\cdd.dll

2013-10-05 16:17:05 ----D---- C:\Program Files\FileStream

2013-09-18 12:01:06 ----A---- C:\Windows\system32\themeui.dll

2013-09-17 12:32:41 ----D---- C:\Program Files\Dropbox

2013-09-17 12:31:59 ----D---- C:\Users\Dany\AppData\Roaming\Dropbox

2013-09-16 19:43:25 ----D---- C:\ProgramData\AllMyBooks

2013-09-16 19:24:19 ----D---- C:\Users\Dany\AppData\Roaming\Obsidium

2013-09-16 19:23:51 ----D---- C:\Program Files\AllMyBooks

2013-09-16 18:35:50 ----D---- C:\ProgramData\FILEminimizer

2013-09-16 18:35:50 ----D---- C:\Program Files\FILEminimizer Office

2013-09-13 18:00:01 ----D---- C:\Windows\pss

2013-09-02 12:29:38 ----D---- C:\ProgramData\OPSWAT

2013-09-01 11:53:08 ----A---- C:\Windows\system32\WMVDECOD.DLL

2013-08-26 18:51:38 ----D---- C:\Windows\system32\MRT

2013-08-26 18:46:05 ----A---- C:\Windows\system32\tzres.dll

2013-08-26 18:45:58 ----A---- C:\Windows\system32\drivers\tcpip.sys

2013-08-26 18:45:57 ----A---- C:\Windows\system32\icaapi.dll

2013-08-26 18:45:57 ----A---- C:\Windows\system32\drivers\tssecsrv.sys

2013-08-26 18:45:56 ----A---- C:\Windows\system32\wintrust.dll

2013-08-26 18:45:56 ----A---- C:\Windows\system32\cryptsvc.dll

2013-08-26 18:45:56 ----A---- C:\Windows\system32\cryptnet.dll

2013-08-26 18:45:56 ----A---- C:\Windows\system32\crypt32.dll

2013-08-26 18:45:54 ----A---- C:\Windows\system32\ntoskrnl.exe

2013-08-26 18:45:54 ----A---- C:\Windows\system32\ntkrnlpa.exe

2013-08-26 18:45:54 ----A---- C:\Windows\system32\ntdll.dll

2013-08-26 18:45:14 ----A---- C:\Windows\system32\rpcrt4.dll

2013-08-25 19:49:48 ----D---- C:\ProgramData\Extreme Thumbnail Generator

2013-08-25 19:49:47 ----D---- C:\Program Files\Extreme Thumbnail Generator

2013-08-03 15:13:17 ----A---- C:\Windows\system32\gcapi_dll.dll

2013-08-03 15:13:11 ----D---- C:\Program Files\Foxit Software

2013-07-28 20:19:49 ----D---- C:\Users\Dany\AppData\Roaming\Media Player Classic

2013-07-28 20:11:28 ----A---- C:\Windows\system32\unrar.dll

2013-07-28 20:11:23 ----D---- C:\Program Files\K-Lite Codec Pack

2013-07-28 14:47:14 ----A---- C:\Windows\system32\qedit.dll

2013-07-27 16:22:40 ----D---- C:\ProgramData\WindowsSearch

======List of files/folders modified in the last 3 months======

2013-10-25 19:50:47 ----D---- C:\Windows\Prefetch

2013-10-25 19:49:52 ----D---- C:\Users\Dany\AppData\Roaming\MailWasherPro

2013-10-25 09:35:52 ----RD---- C:\Program Files

2013-10-24 20:37:43 ----D---- C:\Windows\Temp

2013-10-24 20:37:39 ----A---- C:\Windows\system32\certsentry.dll

2013-10-24 20:37:21 ----D---- C:\Program Files\Comodo

2013-10-24 20:36:55 ----D---- C:\Windows\system32\drivers

2013-10-24 17:43:12 ----SHD---- C:\System Volume Information

2013-10-24 15:52:31 ----HD---- C:\ProgramData

2013-10-23 12:16:34 ----D---- C:\Windows\System32

2013-10-23 12:16:34 ----D---- C:\Windows\inf

2013-10-23 12:16:34 ----A---- C:\Windows\system32\PerfStringBackup.INI

2013-10-23 10:11:10 ----SHD---- C:\Windows\Installer

2013-10-23 09:20:39 ----D---- C:\Windows\Microsoft.NET

2013-10-23 09:20:38 ----RSD---- C:\Windows\assembly

2013-10-10 19:09:44 ----D---- C:\Windows

2013-10-10 19:09:36 ----D---- C:\Windows\system32\migration

2013-10-10 19:09:36 ----D---- C:\Program Files\Internet Explorer

2013-10-10 19:08:11 ----D---- C:\Windows\winsxs

2013-10-10 19:03:51 ----A---- C:\Windows\system32\mrt.exe

2013-10-10 19:02:45 ----D---- C:\Windows\system32\catroot2

2013-10-10 19:02:45 ----D---- C:\Windows\system32\catroot

2013-10-10 17:27:30 ----D---- C:\Windows\system32\Msdtc

2013-10-10 17:27:28 ----D---- C:\Windows\system32\wbem

2013-10-10 17:22:24 ----D---- C:\Windows\system32\config

2013-10-10 17:21:56 ----D---- C:\Windows\Tasks

2013-10-10 17:21:56 ----D---- C:\Windows\system32\spool

2013-10-10 17:21:56 ----D---- C:\Windows\system32\CodeIntegrity

2013-10-10 17:21:47 ----D---- C:\Windows\registration

2013-09-25 17:17:18 ----D---- C:\ProgramData\Microsoft SkyDrive

2013-09-24 12:53:51 ----A---- C:\Windows\system32\guard32.dll

2013-09-24 12:53:51 ----A---- C:\Windows\system32\cmdcsr.dll

2013-09-24 12:53:35 ----A---- C:\Windows\system32\cmdvrt32.dll

2013-09-24 12:53:34 ----A---- C:\Windows\system32\cmdkbd32.dll

2013-09-18 12:01:45 ----D---- C:\Windows\Debug

2013-09-17 19:46:20 ----D---- C:\Windows\Panther

2013-09-17 18:25:48 ----D---- C:\Program Files\VS Revo Group

2013-09-10 19:52:58 ----D---- C:\Program Files\Portfolio2000 - KBC

2013-09-10 10:03:25 ----D---- C:\ProgramData\Microsoft Help

2013-09-02 12:27:59 ----HD---- C:\VTRoot

2013-08-31 19:44:23 ----D---- C:\Users\Dany\AppData\Roaming\Skype

2013-08-27 10:19:11 ----D---- C:\Windows\rescache

2013-08-26 19:54:18 ----D---- C:\Windows\system32\nl-NL

2013-08-17 23:50:15 ----D---- C:\Windows\system32\LogFiles

2013-08-16 12:59:37 ----D---- C:\Users\Dany\AppData\Roaming\BatteryCare

2013-08-11 14:23:14 ----SD---- C:\Users\Dany\AppData\Roaming\Microsoft

2013-08-06 19:07:53 ----D---- C:\Windows\system32\WDI

2013-07-28 15:27:00 ----D---- C:\Windows\system32\XPSViewer

2013-07-28 14:53:19 ----D---- C:\Windows\SoftwareDistribution

2013-07-28 14:47:53 ----D---- C:\Program Files\Windows Journal

2013-07-27 16:58:54 ----D---- C:\Program Files\KeePass Password Safe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-02-12 277784]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-11-14 43840]

R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2013-06-09 129248]

R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2013-06-09 368480]

R0 timounter;Acronis True Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2013-06-09 441760]

R1 cmderd;COMODO Internet Security Eradication Driver; C:\Windows\System32\DRIVERS\cmderd.sys [2013-09-24 20072]

R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\system32\DRIVERS\cmdguard.sys [2013-09-24 584496]

R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2013-09-24 43728]

R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2013-09-24 85464]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-27 32256]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-27 43520]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-27 37376]

R2 tifsfilter;Acronis True Image FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2013-06-09 44384]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 8192]

R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-09-24 155136]

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-03 986624]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-03 206848]

R3 NETw4v32;Stuurprogramma voor Intel® Wireless WiFi Link Adapter onder Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-06-16 9768640]

R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-02 330240]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-03 659968]

R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\BatteryCare\WinRing0.sys [2008-07-26 14416]

R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]

S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]

S3 BthPan;Bluetooth-apparaat (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]

S3 BTHPORT;Stuurprogramma voor Bluetooth-poort; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]

S3 BTHUSB;USB-stuurprogramma voor Bluetooth-radio; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]

S3 btwaudio;Bluetooth-audioapparaat; C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 78128]

S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 80176]

S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 16560]

S3 drmkaud;Microsoft Kernel DRM-audiodecoder; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 e1express;Stuurprogramma voor Intel® PRO/1000 PCI Express-netwerkverbinding; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]

S3 MSKSSRV;Microsoft Streaming Service-proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock-proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Kwaliteitsbeheer Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-conversieprogramma; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 RFCOMM;Bluetooth-apparaat (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]

S3 usb_rndisx;USB RNDIS-adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-02-29 427288]

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2008-01-02 73728]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2013-10-20 4832192]

R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-04-28 161048]

R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files\Comodo\Dragon\dragon_updater.exe [2013-10-09 2104968]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 M4-Service;M4-Service; C:\Users\Dany\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe [2013-06-17 1008968]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-06-16 211488]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-03-11 202544]

R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-02 102400]

R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-02-29 493320]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-08-05 386560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 gupdate;Google Updateservice (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-09 135664]

S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-09-24 131288]

S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-31 29744]

S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [2008-07-31 16680]

S3 gupdatem;Google Update-service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-09 135664]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-06-09 194032]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]

S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-06-21 162408]

-----------------EOF-----------------

[kape]

Dat is het correcte logje dat we zochten. Nu mag je dit doen:

Download AdwCleaner by Xplode naar je bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  
• Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  
• Klik vervolgens op Scan.
  
• Klik vervolgens op Clean als er items zijn gevonden.
  
• Klik bij Herstarten Noodzakelijk op OK
  

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.

[amazone]

Sorry Kape heb geen mail gekregen over je reactie.

Begin er direct aan en mail dan weer.

Zie je iets ernstigs??????

[amazone]

# AdwCleaner v3.010 - Report created 26/10/2013 at 16:47:04

# Updated 20/10/2013 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : Dany - INSPIRON

# Running from : D:\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

*************************

AdwCleaner[R0].txt - [825 octets] - [26/10/2013 16:44:34]

AdwCleaner[s0].txt - [755 octets] - [26/10/2013 16:47:04]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [814 octets] ##########

- - - Updated - - -

Heb het logje gepost.

Is alles hiermee OK?

Jullie zijn toch wel heel positief over malwarebytes. Die stellen zelf voor het gevonden virus te verwijderen. Hoe veilig is dat?

Zoals in mijn eerste post geschreven had ik pas een enge ervaring.

Malwarebytes had infectie gevonden in c:/program files/comodo/comodo internet security/quarantine. Ik had het malware bytes laten vernietigen en daarna wou windows niet meer opstarten - zou toeval kunnen geweest zijn maar ik denk het niet.

[kape]

Laat Malwarebytes nu eens opnieuw scannen. Benieuwd of die nog iets te melden heeft ?