Mededeling

Collapse
No announcement yet.

Gedetecteerd: stolen.Data/Trojan.Agent.Gen/Malware.Trace

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Gedetecteerd: stolen.Data/Trojan.Agent.Gen/Malware.Trace

    Bovenstaande bestanden vond ik na een scan van malewarebytes.
    Wat kan ik verder nog doen om mijn pc op te schonen? Hij is ook tergend traag met opstarten.


    Malwarebytes Anti-Malware 1.70.0.1100
    Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.


    Databaseversie: v2013.01.07.09

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Claudia :: PC_CLAUDIA [administrator]

    12-1-2013 17:01:24
    mbam-log-2013-01-12 (17-01-24).txt

    Scan type: Volledige scan (C:\|D:\|E:\|)
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 513127
    Verstreken tijd: 1 uur/uren, 33 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 1
    HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 2
    C:\Users\Claudia\AppData\Roaming\data.dat (Stolen.Data) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Claudia\AppData\Roaming\Cybergate11.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.5.0
    Run by Claudia at 19:23:57 on 2013-01-12
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.3487 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\SysWOW64\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Samsung\Kies\AllShareDMS\AllShareDMS.exe
    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
    C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
    C:\Users\Claudia\AppData\Roaming\Adobe Reader\Adobe Updater Reader.exe
    C:\Users\Claudia\AppData\Roaming\Adobe Reader\Adobe Updater Reader.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.startpagina.nl/
    BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: WakoopaBHOClass Class: {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Users\Claudia\AppData\Local\Wakoopa Shared\WakoopaBHO.dll
    EB: {4A62FAC4-1670-430B-8C6B-9C7B53F51798} - <orphaned>
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [AMD Graphic] "C:\Users\Claudia\AppData\Local\AMD Drivers\AMDgraphics.exe"
    uRun: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
    uRun: [Adobe Updater] C:\Users\Claudia\AppData\Roaming\Adobe Reader\Adobe Updater Reader.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-System: EnableLUA = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to AMV Convert Tool... - D:\MP4\AMVConverter\grab.html
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: MediaManager tool grab multimedia file - D:\MP4\MediaManager\grab.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.coenbakker.nl/XTSAC.cab
    DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://vpn.coenbakker.nl/NELX.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.92.48.123:8081/activex/AMC.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
    TCP: NameServer = 212.54.40.25 212.54.35.25
    TCP: Interfaces\{36EE3602-E5B0-414D-8677-CBB375D4F173} : DHCPNameServer = 212.54.40.25 212.54.35.25
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
    x64-BHO: GfK Internet Monitor: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} -
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [Windows Mobile-based device management] "C:\Windows\WindowsMobile\wmdSync.exe"
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [Windows] C:\Users\Claudia\AppData\Roaming\svchostwindows\svchost.bat
    x64-Run: [SonicWALLNetExtender] "C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" -hideGUI -clearReboot
    x64-Run: [Skytel] "C:\Program Files\Realtek\Audio\HDA\Skytel.exe"
    x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe"
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-Explorer: NoDrives = dword:0
    x64-mPolicies-System: EnableLUA = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C} -
    x64-DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2011-12-10 72240]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2011-12-10 15920]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-9-17 55856]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-15 474168]
    R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\Kies\AllShareDMS\AllShareDMS.exe [2011-7-16 24992]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-9-15 188760]
    R3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 SSLDrv;SSL-VPN NetExtender Adapter;C:\Windows\System32\drivers\SSLDrv.sys [2009-2-23 22168]
    S2 .1242745991SsTR;1242745991SsTR;C:\ProgramData\Webroot\gebruiker002217.exe [2009-6-2 343435]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 PerfHost;Host van prestatiemeter-DLL;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
    S3 SimpleSlideShowServer;SimpleSlideShowServer;"C:\Program Files (x86)\Samsung\Kies\AllShareSlideShowService.exe" --> C:\Program Files (x86)\Samsung\Kies\AllShareSlideShowService.exe [?]
    S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2011-2-9 16448]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-12 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-01-10 07:57:54 67599240 ----a-w- C:\Windows\System32\mrt.exe
    2013-01-08 19:12:21 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-08 19:12:21 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-08 19:12:10 15739912 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 15:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-23 01:54:35 2770432 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-22 04:22:38 456192 ----a-w- C:\Windows\System32\shlwapi.dll
    2012-11-22 03:54:36 353280 ----a-w- C:\Windows\SysWow64\shlwapi.dll
    2012-11-20 04:22:50 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-20 04:21:04 253952 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
    2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
    2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
    2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
    2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-07 19:22:30 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-11-07 19:22:29 289768 ----a-w- C:\Windows\System32\javaws.exe
    2012-11-07 19:22:29 189416 ----a-w- C:\Windows\System32\javaw.exe
    2012-11-07 19:22:28 916456 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-11-07 19:22:28 188904 ----a-w- C:\Windows\System32\java.exe
    2012-11-07 19:22:28 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-11-02 10:47:16 1869824 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-02 10:47:16 1794560 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:19:34 1400832 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-02 10:19:33 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-10-25 02:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 02:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-02-16 18:46:32 7032780 ----a-w- C:\Program Files\SABnzbd-0.5.0RC6-win32-setup.exe
    2010-01-09 10:18:11 3004344 ----a-w- C:\Program Files\BitTorrent-6.2.exe
    2009-05-20 03:56:34 65912880 ----a-w- C:\Program Files\20080128135518500_Samsung_PC_Studio_321_HA4.exe
    2009-05-20 03:55:57 8420211 ----a-w- C:\Program Files\20070813082717640_Samsung_USB_Driver_Installer.exe
    .
    ============= FINISH: 19:26:56,63 ===============

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-12 20:50:50
    Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 SAMSUNG_HD103UJ rev.1AA01113 931,51GB
    Running: xse2rybl.exe; Driver: C:\Users\Claudia\AppData\Local\Temp\pwlyykog.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Windows\Explorer.EXE[4364] C:\Windows\system32\WININET.dll!HttpAddRequestHeadersA 000000007755c2b0 5 bytes JMP 000000016fff00d8
    .text C:\Windows\Explorer.EXE[4364] C:\Windows\system32\WININET.dll!HttpAddRequestHeadersW 0000000077568074 5 bytes JMP 000000016fff0110
    .text C:\Windows\Explorer.EXE[4364] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefc7e3c90 5 bytes JMP 000007fffc7d00d8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\ntdll.dll!NtdllDefWindowProc_A 0000000077926300 7 bytes JMP 00000001037f04c8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\ntdll.dll!NtdllDefWindowProc_W 00000000779415bc 7 bytes JMP 00000001037f0500
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\kernel32.dll!CreateThread 00000000777fb580 9 bytes JMP 00000001037f0420
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefece16f0 7 bytes [68, 38, 05, 7F, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefe6f1190 10 bytes [68, 18, 06, 7F, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefe6f33d0 7 bytes [68, A8, 05, 7F, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefe6f42e0 6 bytes [68, 70, 05, 7F, 03, C3]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefe6f67c0 10 bytes [68, E0, 05, 7F, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe749b10 9 bytes [68, 78, 03, 7F, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll!PropertySheetW 000007fefcf2c404 7 bytes [68, 08, 03, 7F, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll!PropertySheet 000007fefcf2c414 9 bytes [68, 40, 03, 7F, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefe36b63c 9 bytes [68, B0, 03, 7F, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe801a10 5 bytes JMP 000007fffe5c0148
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\WS2_32.dll!recv 000007fefe802820 5 bytes JMP 000007fffe5c00d8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\WS2_32.dll!getaddrinfo 000007fefe8030a0 5 bytes JMP 000007fffe5c01f0
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\WS2_32.dll!connect 000007fefe8033c0 5 bytes JMP 000007fffe5c0110
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\WS2_32.dll!send 000007fefe8066e0 5 bytes JMP 000007fffe5c0180
    .text C:\Program Files\Internet Explorer\iexplore.exe[5920] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe80af70 9 bytes JMP 000007fffe5c01b8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\ntdll.dll!NtdllDefWindowProc_A 0000000077926300 7 bytes JMP 0000000103e904c8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\ntdll.dll!NtdllDefWindowProc_W 00000000779415bc 7 bytes JMP 0000000103e90500
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\kernel32.dll!CreateThread 00000000777fb580 9 bytes JMP 0000000103e90420
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefece16f0 7 bytes [68, 38, 05, E9, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefe6f1190 10 bytes [68, 18, 06, E9, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefe6f33d0 7 bytes [68, A8, 05, E9, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefe6f42e0 6 bytes [68, 70, 05, E9, 03, C3]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefe6f67c0 10 bytes [68, E0, 05, E9, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefe749b10 9 bytes [68, 78, 03, E9, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll!PropertySheetW 000007fefcf2c404 7 bytes [68, 08, 03, E9, 03, C3, CC]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd\comctl32.dll!PropertySheet 000007fefcf2c414 9 bytes [68, 40, 03, E9, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefe36b63c 9 bytes [68, B0, 03, E9, 03, C3, CC, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\WS2_32.dll!closesocket 000007fefe801a10 5 bytes JMP 000007fffe5c0148
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\WS2_32.dll!recv 000007fefe802820 5 bytes JMP 000007fffe5c00d8
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\WS2_32.dll!getaddrinfo 000007fefe8030a0 5 bytes JMP 000007fffe5c01f0
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\WS2_32.dll!connect 000007fefe8033c0 5 bytes JMP 000007fffe5c0110
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\WS2_32.dll!send 000007fefe8066e0 5 bytes JMP 000007fffe5c0180
    .text C:\Program Files\Internet Explorer\iexplore.exe[5492] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefe80af70 9 bytes JMP 000007fffe5c01b8

    ---- Kernel IAT/EAT - GMER 2.0 ----

    IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdD3Transition] [fffffa6000603578] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdD0Transition] [fffffa600060356c] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdReceivePacket] [fffffa60006035a0] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdSendPacket] [fffffa60006035c4] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdRestore] [fffffa60006035ac] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdSave] [fffffa60006035b8] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize0] [fffffa6000603584] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\ntoskrnl.exe[KDCOM.dll!KdDebuggerInitialize1] [fffffa6000603590] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\hal.dll[KDCOM.dll!KdRestore] [fffffa60006035ac] \SystemRoot\system32\kdcom.dll [unknown section]
    IAT C:\Windows\system32\kdcom.dll[ntoskrnl.exe!HalPrivateDispatchTable] [?]
    IAT C:\Windows\system32\kdcom.dll[ntoskrnl.exe!atol] [?]
    IAT C:\Windows\system32\kdcom.dll[ntoskrnl.exe!KeFindConfigurationEntry] [?]
    IAT C:\Windows\system32\kdcom.dll[ntoskrnl.exe!MmMapIoSpace] [?]
    IAT C:\Windows\system32\kdcom.dll[ntoskrnl.exe!_strupr] [?]
    IAT C:\Windows\system32\kdcom.dll[ntoskrnl.exe!InbvDisplayString] [?]
    IAT C:\Windows\system32\kdcom.dll[ntoskrnl.exe!KdDebuggerNotPresent] [?]
    IAT C:\Windows\system32\kdcom.dll[ntoskrnl.exe!strstr] [?]
    IAT C:\Windows\system32\kdcom.dll[HAL.dll!HalQueryRealTimeClock] [?]
    IAT C:\Windows\system32\kdcom.dll[HAL.dll!KdComPortInUse] [?]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef9472750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef9472b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef9477de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef9478130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef9471908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef9471c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef94781d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef9472878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef9477a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fef9476c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef94777bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef9477064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef9476544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
    IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3056] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef9475e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

    ---- Trace I/O - GMER 2.0 ----

    Trace ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8007a78334]<< ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8007a78334
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a7a060] fffffa8006a7a060
    Trace 3 CLASSPNP.SYS[fffffa6000fafc33] -> nt!IofCallDriver -> [0xfffffa800658c720] fffffa800658c720
    Trace 5 acpi.sys[fffffa60008defde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80065984b0] fffffa80065984b0
    Trace \Driver\atapi[0xfffffa800656fae0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8007a78334 fffffa8007a78334

    ---- Threads - GMER 2.0 ----

    Thread C:\Windows\system32\svchost.exe [1664:2136] 00000000000a2d50
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3136] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3140] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3144] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3152] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3236] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3240] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3492] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3500] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3520] 0000000066a653b7
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3524] 0000000066a653b7
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3864] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:3512] 0000000066f31f1f
    Thread C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988:8824] 0000000073cc6488
    Thread C:\Windows\Explorer.EXE [4364:4460] 0000000003b21430
    Thread C:\Windows\Explorer.EXE [4364:4468] 00000000041c3220
    Thread C:\Windows\Explorer.EXE [4364:4524] 00000000041abd78
    Thread C:\Windows\Explorer.EXE [4364:4528] 00000000041ab704
    Thread C:\Windows\Explorer.EXE [4364:1716] 00000000041aa018
    Thread C:\Windows\Explorer.EXE [4364:7992] 000000018003b540
    Thread C:\Windows\Explorer.EXE [4364:6236] 000000018002f430
    Thread C:\Windows\Explorer.EXE [4364:9028] 00000000041ab8ac
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Windows\system32\lsass.exe [948] 000007fefd6a0000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [1988] 0000000074070000

    ---- Disk sectors - GMER 2.0 ----

    Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
    Disk \Device\Harddisk0\DR0 suspicious partition 3 80 (A) 17 Hidd HPFS/NTFS NTFS 1 MB offset 1953521664

    ---- EOF - GMER 2.0 ----

  • #2
    Hallo,

    De logjes tonen sporen of restjes van malware. Voer deze instructies uit:

    Download TDSSKiller en plaats het op je bureaublad.
    Dubbelklik op TDSSKiller.exe om de tool te starten.
    Klik op "Change parameters" en vink aan:
    - Services and drivers
    - Boot sectors
    - Verify drivers digital signatures
    - Detect TDLFS file system.
    Klik op "OK"
    Klik op de knop "Start Scan" en volg de instructies.
    Wanneer de scan klaar is klik je op de knop "Report".
    Er opent een kladblokbestand. Post de inhoud van dit bestand.
    Geeft TDSSKiller aan om een bestand te genezen (Cure),dan sta je dit toe. In dit geval wordt gevraagd om de computer te herstarten. Doe dit onmiddellijk.
    De unsigned files skip je, TDSS File System laat je verwijderen of in quarantaine zetten ( delete of copy to quarantine).
    Rootkit.Boot.SST.b en anderen zoals Sinowal, ZeroAccess of Whistler laat je herstellen Cure.
    Na reboot vind je de log op c:\ met de naam TDSSKiller.versie_datum_uur_log.txt.
    Post dat logje.

    Comment


    • #3
      Bedankt voor de snelle reactie. Helaas start TDSSkiller niet op. Is er een soort gelijk programmaatje om te draaien?

      Comment


      • #4
        Wat gebeurt er dan wanneer je de TDSSKiller start? Wil de tool niet starten? Krijg je een foutmelding, zo ja welke?
        Probeer eventueel eens in veilige modus: http://users.telenet.be/marcvn/spywa...ige-modus.html

        Comment


        • #5
          Er gebeurd niks, hij start helemaal niet op. Helaas ook niet in de veilige modus.

          Comment


          • #6
            Download de 32 of 64 bit versie van HitmanPro naar het bureaublad.
            Klik hier voor een uitgebreide handleiding van HitmanPro.
            • Houd de linker CTRL toets ingedrukt en dubbelklik op "HitmanPro36.exe" om de "Force Breach" te starten en klik op "volgende" als HitmanPro de processen heeft geblokkeerd.
            • Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
            • Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
            • Als de scan klaar is klik je op "volgende"
            • Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
            • Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
            • Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
              Post dit logje.
            • Klik nu op de knop "Herstarten".

            Comment


            • #7
              Na 2x een blue screen gehad te hebben is het me uiteindelijk toch gelukt.. Er staat nogal wat shit zo te zien...


              HitmanPro 3.7.0.185
              HitmanPro cleans malware, viruses, trojans, keyloggers, rootkits, trackers, ransomware and spyware while HitmanPro.Alert provides continuous scanning in real time.


              Computer name . . . . : PC_CLAUDIA
              Windows . . . . . . . : 6.0.2.6002.X64/8
              User name . . . . . . : PC_CLAUDIA\Claudia
              UAC . . . . . . . . . : Disabled
              License . . . . . . . : Trial (30 days left)

              Scan date . . . . . . : 2013-01-13 22:03:54
              Scan mode . . . . . . : Normal
              Scan duration . . . . : 12m 12s
              Disk access mode . . : Direct disk access (SPTI)
              Cloud . . . . . . . . : Internet
              Reboot . . . . . . . : No

              Threats . . . . . . . : 8
              Traces . . . . . . . : 78

              Objects scanned . . . : 7.178.077
              Files scanned . . . . : 62.564
              Remnants scanned . . : 531.080 files / 6.584.433 keys

              Malware _____________________________________________________________________

              C:\ProgramData\Webroot\gebruiker002217.exe
              Size . . . . . . . : 343.435 bytes
              Age . . . . . . . : 1157.2 days (2009-11-13 17:29:24)
              Entropy . . . . . : 7.9
              SHA-256 . . . . . : 47FFE10762C989E793AB36D5544BB87807747F3B463AF3219C29D59512E52610
              Description . . . : BOX _Spy Sweeper Trial Reset
              Version . . . . . : 1.5.0.0
              Service . . . . . : .1242745991SsTR
              > G Data . . . . . . : Trojan.Generic.2487481 (Engine A)
              > Ikarus . . . . . . : Trojan.Generic!IK
              Fuzzy . . . . . . : 108.0
              Startup
              HKLM\SYSTEM\CurrentControlSet\Services\.1242745991SsTR\

              C:\Users\Claudia\AppData\Roaming\Adobe Reader\Adobe Updater Reader.exe
              Size . . . . . . . : 716.800 bytes
              Age . . . . . . . : 604.0 days (2011-05-20 21:02:30)
              Entropy . . . . . : 6.7
              SHA-256 . . . . . : 26C7AA89ADB554CF6B8FB55CF404CF72D0303AC439E79BC90AFC39F48927109E
              Product . . . . . : prnyfo
              Publisher . . . . : b
              Description . . . : auresjh
              Version . . . . . : 26.25.0010
              > G Data . . . . . . : Gen:[email protected]@Kqki (Engine A)
              Fuzzy . . . . . . : 108.0

              C:\Users\Claudia\AppData\Roaming\Cybergate11.exe
              Size . . . . . . . : 716.800 bytes
              Age . . . . . . . : 1.1 days (2013-01-12 19:17:01)
              Entropy . . . . . : 6.7
              SHA-256 . . . . . : 26C7AA89ADB554CF6B8FB55CF404CF72D0303AC439E79BC90AFC39F48927109E
              Product . . . . . : prnyfo
              Publisher . . . . : b
              Description . . . : auresjh
              Version . . . . . : 26.25.0010
              > G Data . . . . . . : Gen:[email protected]@Kqki (Engine A)
              Fuzzy . . . . . . : 107.0
              Startup
              HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List\C:\Users\Claudia\AppData\Roaming\Cybergate11.exe


              Malware remnants ____________________________________________________________

              HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}\ (Adware.Hotbar)
              HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}\ (Adware.Hotbar)
              HKU\S-1-5-21-587077702-722379597-246163064-1001\Software\Classes\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}\ (Sinowal)
              HKU\S-1-5-21-587077702-722379597-246163064-1001_Classes\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}\ (Sinowal)
              HKU\S-1-5-21-587077702-722379597-246163064-1001_Classes\Wow6432Node\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887}\ (Sinowal)

              Potential Unwanted Programs _________________________________________________

              C:\Users\Claudia\AppData\LocalLow\DataMngr\ (SearchQU)
              C:\Users\Claudia\AppData\LocalLow\DataMngr\{7CA1F051-A4FB-4143-B263-02B41E571EED} (SearchQU)
              HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
              HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
              HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
              HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
              HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
              HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
              HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
              HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
              HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
              HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
              HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
              HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
              HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
              HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
              HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
              HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
              HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
              HKLM\SOFTWARE\Classes\Wow6432Node\bbylntlbr.bbylntlbrHlpr\ (Babylon)
              HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
              HKLM\SOFTWARE\Classes\Wow6432Node\escort.escortIEPane.1\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\escort.escortIEPane\ (Funmoods)
              HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
              HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
              HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
              HKU\S-1-5-21-587077702-722379597-246163064-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ (SearchQU)
              HKU\S-1-5-21-587077702-722379597-246163064-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)

              Cookies _____________________________________________________________________

              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\0J8O9XB5.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\0LBIUYY2.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\19K3WF7L.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\36UFRA83.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\400SCWK8.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\4HLIPFYJ.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\5X18UIHN.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\6QQGMWGZ.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\7GYIQEOA.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\9HQURA6D.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\9IBGU7PZ.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\9QPDBNR3.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\C83V4V4W.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\DFNAOHX7.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\HTZCF8I8.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\KRS3KER2.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\M4NKHO4N.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\N84YE5AE.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\NDBOE18Q.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\P2NLZWBG.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\TJ31DUEG.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\TUWO55U3.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\UOLL1OUD.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\VB2CT8O5.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\WGROET43.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\X07XVBGJ.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\YRV0P90J.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\YVYLOFPZ.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\ZJEXRBY6.txt
              C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Cookies\ZK8CQ3EX.txt
              Last edited by Marckie; 13-01-13, 22:25. Reden: code tags verwijderd

              Comment


              • #8
                Prima.

                Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
                ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
                Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
                Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
                Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
                Krijg je deze melding dan meld je dit.
                Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                Post de inhoud van dit bestandje.

                Comment


                • #9
                  ComboFix 13-01-14.01 - Claudia 14-01-2013 17:55:01.3.8 - x64
                  Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.3244 [GMT 1:00]
                  Gestart vanuit: c:\users\Claudia\Desktop\ComboFix1.exe
                  SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  * Nieuw herstelpunt werd aangemaakt
                  .
                  .
                  (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  c:\programdata\Windows
                  c:\programdata\windows\du44.dat
                  c:\users\Claudia\AppData\Local\Opinieland Hits\Opinieland Hits.exe
                  c:\users\Claudia\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe
                  c:\users\Claudia\AppData\Roaming\data.dat
                  c:\users\Claudia\AppData\Roaming\Secure-Soft Bot
                  c:\users\Claudia\AppData\Roaming\Secure-Soft Stealer
                  .
                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2012-12-14 to 2013-01-14 ))))))))))))))))))))))))))))))
                  .
                  .
                  2013-01-14 17:09 . 2013-01-14 17:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
                  2013-01-14 17:09 . 2013-01-14 17:09 -------- d-----w- c:\users\Public\AppData\Local\temp
                  2013-01-14 17:09 . 2013-01-14 17:09 -------- d-----w- c:\users\Gast\AppData\Local\temp
                  2013-01-14 17:09 . 2013-01-14 17:09 -------- d-----w- c:\users\Default\AppData\Local\temp
                  2013-01-14 16:40 . 2013-01-14 16:40 32152 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
                  2013-01-13 20:35 . 2013-01-13 20:35 -------- d-----w- c:\program files\HitmanPro
                  2013-01-13 20:34 . 2013-01-13 21:20 -------- d-----w- c:\programdata\HitmanPro
                  2013-01-09 15:55 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
                  2013-01-09 15:55 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll
                  2013-01-09 15:55 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys
                  2013-01-09 15:55 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll
                  2013-01-09 15:55 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll
                  2013-01-09 15:55 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll
                  2013-01-09 15:55 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
                  2013-01-09 15:55 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll
                  2013-01-07 20:27 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
                  2012-12-22 11:17 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
                  2012-12-22 11:17 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
                  2012-12-22 11:17 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
                  2012-12-22 11:17 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
                  2012-12-19 18:49 . 2012-12-19 18:49 -------- d-----w- c:\users\Claudia\.MakeMKV
                  2012-12-19 06:22 . 2012-12-19 06:22 -------- d-----w- c:\program files (x86)\Dropbox
                  .
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2013-01-10 07:57 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe
                  2013-01-08 19:12 . 2012-04-05 15:39 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
                  2013-01-08 19:12 . 2011-05-17 15:47 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
                  2013-01-08 19:12 . 2012-10-09 16:12 15739912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
                  2012-11-14 07:06 . 2012-12-13 16:36 17811968 ----a-w- c:\windows\system32\mshtml.dll
                  2012-11-14 06:32 . 2012-12-13 16:36 10925568 ----a-w- c:\windows\system32\ieframe.dll
                  2012-11-14 06:11 . 2012-12-13 16:36 2312704 ----a-w- c:\windows\system32\jscript9.dll
                  2012-11-14 06:04 . 2012-12-13 16:36 1346048 ----a-w- c:\windows\system32\urlmon.dll
                  2012-11-14 06:04 . 2012-12-13 16:36 1392128 ----a-w- c:\windows\system32\wininet.dll
                  2012-11-14 06:02 . 2012-12-13 16:36 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
                  2012-11-14 06:02 . 2012-12-13 16:36 237056 ----a-w- c:\windows\system32\url.dll
                  2012-11-14 05:59 . 2012-12-13 16:36 85504 ----a-w- c:\windows\system32\jsproxy.dll
                  2012-11-14 05:58 . 2012-12-13 16:36 816640 ----a-w- c:\windows\system32\jscript.dll
                  2012-11-14 05:57 . 2012-12-13 16:36 599040 ----a-w- c:\windows\system32\vbscript.dll
                  2012-11-14 05:57 . 2012-12-13 16:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
                  2012-11-14 05:55 . 2012-12-13 16:36 2144768 ----a-w- c:\windows\system32\iertutil.dll
                  2012-11-14 05:55 . 2012-12-13 16:36 729088 ----a-w- c:\windows\system32\msfeeds.dll
                  2012-11-14 05:53 . 2012-12-13 16:36 96768 ----a-w- c:\windows\system32\mshtmled.dll
                  2012-11-14 05:52 . 2012-12-13 16:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
                  2012-11-14 05:46 . 2012-12-13 16:36 248320 ----a-w- c:\windows\system32\ieui.dll
                  2012-11-14 02:09 . 2012-12-13 16:36 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
                  2012-11-14 01:58 . 2012-12-13 16:36 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
                  2012-11-14 01:57 . 2012-12-13 16:36 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
                  2012-11-14 01:49 . 2012-12-13 16:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
                  2012-11-14 01:48 . 2012-12-13 16:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
                  2012-11-14 01:44 . 2012-12-13 16:36 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
                  2012-11-13 01:45 . 2012-12-12 19:54 2048 ----a-w- c:\windows\system32\tzres.dll
                  2012-11-13 01:29 . 2012-12-12 19:54 2048 ----a-w- c:\windows\SysWow64\tzres.dll
                  2012-11-07 19:22 . 2012-11-07 19:22 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
                  2012-11-07 19:22 . 2012-11-07 19:22 289768 ----a-w- c:\windows\system32\javaws.exe
                  2012-11-07 19:22 . 2012-11-07 19:22 189416 ----a-w- c:\windows\system32\javaw.exe
                  2012-11-07 19:22 . 2012-11-07 19:22 916456 ----a-w- c:\windows\system32\deployJava1.dll
                  2012-11-07 19:22 . 2012-11-07 19:22 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
                  2012-11-07 19:22 . 2012-11-07 19:22 188904 ----a-w- c:\windows\system32\java.exe
                  2012-11-02 10:45 . 2012-12-12 19:54 477696 ----a-w- c:\windows\system32\dpnet.dll
                  2012-11-02 10:45 . 2012-12-12 19:54 68096 ----a-w- c:\windows\system32\dpnathlp.dll
                  2012-11-02 10:18 . 2012-12-12 19:54 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
                  2012-11-02 08:59 . 2012-12-12 19:54 26112 ----a-w- c:\windows\system32\dpnsvr.exe
                  2012-11-02 08:26 . 2012-12-12 19:54 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
                  2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
                  2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
                  2010-02-16 18:46 . 2010-02-16 18:46 7032780 ----a-w- c:\program files\SABnzbd-0.5.0RC6-win32-setup.exe
                  2010-01-09 10:18 . 2010-01-09 13:30 3004344 ----a-w- c:\program files\BitTorrent-6.2.exe
                  2009-05-20 03:56 . 2009-05-20 03:56 65912880 ----a-w- c:\program files\20080128135518500_Samsung_PC_Studio_321_HA4.exe
                  2009-05-20 03:55 . 2009-05-20 03:55 8420211 ----a-w- c:\program files\20070813082717640_Samsung_USB_Driver_Installer.exe
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                  REGEDIT4
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
                  @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                  2012-11-13 23:32 129272 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
                  @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                  2012-11-13 23:32 129272 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
                  @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                  2012-11-13 23:32 129272 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
                  @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                  2012-11-13 23:32 129272 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
                  .
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "0x017"="0x017" [X]
                  "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
                  "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
                  "AMD Graphic"="c:\users\Claudia\AppData\Local\AMD Drivers\AMDgraphics.exe" [2009-09-04 4550656]
                  "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
                  "TNS NIPO Clicks"="c:\users\Claudia\AppData\Local\TNS NIPO Clicks\TNS NIPO Clicks.exe" [BU]
                  "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
                  "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
                  "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
                  "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
                  "nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
                  "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-12-18 2617552]
                  "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
                  "PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
                  "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-09-20 1493288]
                  "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
                  "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
                  "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
                  "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
                  "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
                  "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-12-18 905056]
                  .
                  c:\users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                  Dropbox.lnk - c:\users\Claudia\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-29 28539392]
                  .
                  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
                  VideoCam Suite.lnk - c:\program files (x86)\Common Files\Panasonic\VideoCam Suite AutoStart\VideoCamSuiteAutoStart.exe [2011-1-25 349600]
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "EnableLUA"= 0 (0x0)
                  "EnableUIADesktopToggle"= 0 (0x0)
                  "EnableLinkedConnections"= 1 (0x1)
                  .
                  [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
                  "EnableLUA"= 0 (0x0)
                  .
                  [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
                  BootExecute REG_MULTI_SZ autocheck autochk /r \??\f:\0autocheck autochk /r \??\M:\0autocheck autochk *
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
                  @=""
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
                  @=""
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
                  @=""
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
                  @=""
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                  @="Service"
                  .
                  --- Andere Services/Drivers In Geheugen ---
                  .
                  *Deregistered* - NisDrv
                  .
                  HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
                  Themes
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
                  2007-07-18 15:53 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                  2013-01-12 15:04 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  .
                  2013-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
                  - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 19:12]
                  .
                  2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
                  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 18:44]
                  .
                  2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 18:44]
                  .
                  2013-01-14 c:\windows\Tasks\User_Feed_Synchronization-{31211911-6031-4BC9-9472-24E78C22596A}.job
                  - c:\windows\system32\msfeedssync.exe [2011-03-31 13:30]
                  .
                  .
                  --------- X64 Entries -----------
                  .
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                  @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                  2012-11-13 23:32 162552 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                  @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                  2012-11-13 23:32 162552 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                  @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                  2012-11-13 23:32 162552 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                  @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                  [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                  2012-11-13 23:32 162552 ----a-w- c:\users\Claudia\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
                  "SonicWALLNetExtender"="c:\program files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-08-05 710528]
                  "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 1833504]
                  "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-11-25 6936096]
                  "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-12-18 140568]
                  .
                  ------- Bijkomende Scan -------
                  .
                  uLocal Page = c:\windows\system32\blank.htm
                  uStart Page = hxxp://www.startpagina.nl/
                  mLocal Page = c:\windows\SysWOW64\blank.htm
                  uInternet Settings,ProxyOverride = *.local
                  IE: Add to AMV Convert Tool... - d:\mp4\AMVConverter\grab.html
                  IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
                  IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
                  IE: MediaManager tool grab multimedia file - d:\mp4\MediaManager\grab.html
                  Trusted Zone: coenbakker.nl\vpn
                  TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                  DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.92.48.123:8081/activex/AMC.cab
                  CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
                  .
                  - - - - ORPHANS VERWIJDERD - - - -
                  .
                  Toolbar-10 - (no file)
                  Wow6432Node-HKCU-Run-Opinieland Hits - c:\users\Claudia\AppData\Local\Opinieland Hits\Opinieland Hits.exe
                  Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
                  Wow6432Node-HKCU-Run-KiesPDLR - c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
                  Wow6432Node-HKCU-Run-KiesHelper - c:\program files (x86)\Samsung\Kies\KiesHelper.exe
                  SafeBoot-WudfPf
                  SafeBoot-WudfRd
                  WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
                  .
                  .
                  .
                  --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="FlashBroker"
                  "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe ,-101"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                  "Enabled"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                  @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="IFlashBroker5"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                  @="{00020424-0000-0000-C000-000000000046}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  "Version"="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="FlashBroker"
                  "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe ,-101"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                  "Enabled"=dword:00000001
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  @="Shockwave Flash Object"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
                  "ThreadingModel"="Apartment"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
                  @="0"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
                  @="ShockwaveFlash.ShockwaveFlash.11"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
                  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
                  @="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                  @="ShockwaveFlash.ShockwaveFlash"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  @="Macromedia Flash Factory Object"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
                  "ThreadingModel"="Apartment"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
                  @="FlashFactory.FlashFactory.1"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
                  @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
                  @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
                  @="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
                  @="FlashFactory.FlashFactory"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                  @Denied: (A 2) (Everyone)
                  @="IFlashBroker5"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                  @="{00020424-0000-0000-C000-000000000046}"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                  @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                  "Version"="1.0"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
                  @Denied: (A 2) (Everyone)
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
                  @="Shockwave Flash"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
                  @Denied: (A 2) (Everyone)
                  @=""
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
                  @="FlashBroker"
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
                  "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
                  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
                  "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
                  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
                  .
                  Voltooingstijd: 2013-01-14 18:17:23
                  ComboFix-quarantined-files.txt 2013-01-14 17:17
                  ComboFix2.txt 2012-09-20 16:34
                  ComboFix3.txt 2012-06-23 19:40
                  .
                  Pre-Run: 213.245.071.360 bytes beschikbaar
                  Post-Run: 212.955.127.808 bytes beschikbaar
                  .
                  - - End Of File - - 6F2AD8E0AA817DE8196EA56F30CE7487

                  Comment


                  • #10
                    Geef een update van de problemen die je eventueel nog hebt.

                    Comment


                    • #11
                      Ik krijg geen melding van virussen via hitmanpro of malwarebytes maar toch loopt de pc niet helemaal soepel. Het blijft lang duren voor hij opgestart is en ook als ik eenmaal het buroblad heb, duurt het lang voor ik iets kan doen.
                      Kan er nog ergens iets verborgen zitten?

                      Comment


                      • #12
                        Deïnstalleer ComboFix. Ga naar "Start" - "Uitvoeren" en tik in: Combofix /Uninstall
                        (Let op de spatie tussen Combofix en /Uninstall)
                        Druk daarna op Enter.
                        Dit zal Combofix en ook alle gerelateerde mappen en bestanden verwijderen.

                        Je moet ook de melding krijgen dat ComboFix verwijderd werd.
                        Herstart de computer en meldt even of het beter loopt nu.

                        Comment


                        • #13
                          Hmm. ik twijfel, de ene keer start hij wel snel op en de volgende keer blijft hij weer hangen.

                          Moet ik verder nog iets verwijderen of kan ik hitmanpro en/of malwarebytes laten staan om de pc te checken op virussen?

                          Comment


                          • #14
                            Die mag je laten staan hoor.

                            Comment


                            • #15
                              Ok. bedankt weer voor de goede en snelle support!

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X