Mededeling

**Emphyrio** · 08-06-13, 16:15

Hoi rogernan,

Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
.

Log enkel in als beheerder met alle rechten.
Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
Volg aandachtig de instructies die door mij worden gegeven.
Volg enkel het door mij gegeven advies op
Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
Als je iets niet weet of verstaat, vraag het dan even aub.
Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
Log enkel in als beheerder met alle rechten.
Zet je emoticons (Smileys) uit als je logs plaatst aub .
De logs niet als bijlage, noch tussen codetags zetten aub.

.
Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

Stap 1:

Malware scannen en verwijderen....

Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links:

Dubbelklik op mbam-setup.exe om het programma te installeren.

Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

Klik op de foto voor een vergroting...

Zorg dat er na de installatie een vinkje is geplaatst bij:

Update MalwareBytes' Anti-Malware
Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Zodra het programma gestart is, ga je naar het tabblad "Instellingen".

Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
Ga naar het tabblad "Updates" en Update MBAM.
Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
Druk vervolgens op "Scannen" om de scan te starten.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

Indien MBAM vraagt om een herstart, doe dit dan ook.
Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
In dat geval post je dus de twee logs.

De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Bij problemen!!!

___________________________________________________________

Stap 2:

Controle op slechte toolbars...

Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
Beveiligingssoftware uitschakelen.

Download AdwCleaner by Xplode naar je Bureaublad.

Sluit alle openstaande vensters
Start AdwCleaner en klik op Verwijderen
Klik bij AdwCleaner – Information op OK
Klik bij AdwCleaner – Restart Required op OK

Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

Vergeet niet om je "smileys" uit te schakelen.

Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

___________________________________________________________

Stap 3:

Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:

DDS is een diagnosetool en maakt gebruik van scripts.
Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.

Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
Beide logfiles sla je op je bureaublad.

Post de inhoud van DDS.txt.

De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

___________________________________________________________

Stap 4:

Controle op updates...

Download Security Check op je bureaublad via hier of hier

Start Security Check
Volg de Instructies in het scherm
Aan het eind verschijnt een log ( checkup.txt )
Plaats de inhoud ervan in je volgende antwoord.

In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
.

MBAM
AdwCleaner
DDS
checkup.txt

.
Deze logs NIET als bijlage of tussen codetags posten aub.

Emphyrio

**rogernan** · 08-06-13, 17:52

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes Cyber Security for Home & Business | Anti-Malware

https://www.malwarebytes.org

Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.

Databaseversie: v2013.06.08.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tini :: CP128083-C [administrator]

8-6-2013 17:00:34
mbam-log-2013-06-08 (17-00-34).txt

Scan type: Volledige scan (C:\|)
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 283173
Verstreken tijd: 38 minuut/minuten, 54 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

(einde)

# AdwCleaner v2.302 - Verslag gemaakt op 08/06/2013 om 17:42:03
# Geactualiseerd op 06/06/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Tini - CP128083-C
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Documents and Settings\Tini\Mijn documenten\Downloads\AdwCleaner (1).exe
# Optie [Zoeken]

***** [Diensten] *****

***** [Files / Mappen] *****

***** [Register] *****

***** [Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v21.0 (nl)

File : C:\Documents and Settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

File : C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\vj59kepf.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\Tini\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [2205 octets] - [07/06/2013 17:47:25]
AdwCleaner[R2].txt - [1247 octets] - [08/06/2013 17:42:03]
AdwCleaner[S1].txt - [10450 octets] - [31/05/2013 21:20:05]
AdwCleaner[S2].txt - [2286 octets] - [07/06/2013 17:48:04]

########## EOF - C:\AdwCleaner[R2].txt - [1428 octets] ##########

# AdwCleaner v2.302 - Verslag gemaakt op 08/06/2013 om 17:42:32
# Geactualiseerd op 06/06/2013 door Xplode
# Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
# Gebruiker : Tini - CP128083-C
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Documents and Settings\Tini\Mijn documenten\Downloads\AdwCleaner (1).exe
# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

***** [Register] *****

***** [Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v21.0 (nl)

File : C:\Documents and Settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

File : C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\vj59kepf.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v27.0.1453.110

File : C:\Documents and Settings\Tini\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [2205 octets] - [07/06/2013 17:47:25]
AdwCleaner[R2].txt - [1497 octets] - [08/06/2013 17:42:03]
AdwCleaner[S1].txt - [10450 octets] - [31/05/2013 21:20:05]
AdwCleaner[S2].txt - [2286 octets] - [07/06/2013 17:48:04]
AdwCleaner[S3].txt - [1433 octets] - [08/06/2013 17:42:32]

########## EOF - C:\AdwCleaner[S3].txt - [1493 octets] ##########

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Tini at 17:47:04 on 2013-06-08
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.678 [GMT 2:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\IObit\Advanced SystemCare 6\DelayLoad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062} : DHCPNameServer = 212.54.40.25 212.54.35.25
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: skype-ie-addon-data - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\
FF - plugin: c:\documents and settings\tini\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\tini\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-10 13560]
R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-20 464256]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
R3 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
R3 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2012-8-9 21888]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-1-10 33616]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\tini\locals~1\temp\gpu-z.sys --> c:\docume~1\tini\locals~1\temp\GPU-Z.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-23 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
.
=============== Created Last 30 ================
.
2013-06-08 14:56:22 -------- d--h--w- c:\windows\PIF
2013-06-08 14:47:15 -------- d-----w- c:\documents and settings\tini\application data\Malwarebytes
2013-06-08 14:47:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-08 14:47:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-08 14:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-08 13:11:45 388096 ----a-r- c:\documents and settings\tini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-06-06 19:03:29 -------- d-----w- C:\ComboFix
2013-06-06 18:41:45 -------- d-----w- c:\program files\Perfect Uninstaller
2013-06-06 18:17:41 -------- d--h--r- c:\documents and settings\tini\Onlangs geopend
2013-06-06 18:01:14 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2013-06-03 21:57:30 -------- d-----w- c:\documents and settings\all users\application data\BlueStacksSetup
2013-06-03 21:57:27 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
2013-05-30 20:28:43 -------- d-----w- c:\program files\AVAST Software
2013-05-30 20:26:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2013-05-30 21:19:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-30 21:19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:47:44,31 ===============

Results of screen317's Security Check version 0.99.64
Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware versie 1.75.0.1300
HijackThis 1.99.1
CCleaner
JavaFX 2.1.1
Java(TM) 6 Update 32
Java(TM) 7 Update 5
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 10.1.4 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Google Chrome 27.0.1453.110
Google Chrome 27.0.1453.94
````````Process Check: objlist.exe by Laurent````````
Common Files Authentium AntiVirus5 vsedsps.exe
Common Files Authentium AntiVirus5 vseamps.exe
Common Files Authentium AntiVirus5 vseqrts.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````

**Emphyrio** · 08-06-13, 17:57

verwijder volgende tools van je pc:

Advanced SystemCare 6 (IOBit)
Java(TM) 6 Update 32
Java(TM) 7 Update 5
Adobe Reader 10.1.4

PC herstarten daarna.
Post een verse DDS log.

**rogernan** · 08-06-13, 19:11

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Tini at 19:09:22 on 2013-06-08
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.690 [GMT 2:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062} : DHCPNameServer = 212.54.40.25 212.54.35.25
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: skype-ie-addon-data - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\
FF - plugin: c:\documents and settings\tini\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\tini\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-10 13560]
R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
R3 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
R3 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2012-8-9 21888]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-1-10 33616]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\tini\locals~1\temp\gpu-z.sys --> c:\docume~1\tini\locals~1\temp\GPU-Z.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-23 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
.
=============== Created Last 30 ================
.
2013-06-08 14:56:22 -------- d--h--w- c:\windows\PIF
2013-06-08 14:47:15 -------- d-----w- c:\documents and settings\tini\application data\Malwarebytes
2013-06-08 14:47:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-08 14:47:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-08 14:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-08 13:11:45 388096 ----a-r- c:\documents and settings\tini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-06-06 19:03:29 -------- d-----w- C:\ComboFix
2013-06-06 18:41:45 -------- d-----w- c:\program files\Perfect Uninstaller
2013-06-06 18:17:41 -------- d--h--r- c:\documents and settings\tini\Onlangs geopend
2013-06-06 18:01:14 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2013-06-03 21:57:30 -------- d-----w- c:\documents and settings\all users\application data\BlueStacksSetup
2013-06-03 21:57:27 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
2013-05-30 20:28:43 -------- d-----w- c:\program files\AVAST Software
2013-05-30 20:26:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2013-05-30 21:19:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-30 21:19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 19:10:02,26 ===============

**Emphyrio** · 08-06-13, 23:35

Ik merk dat je Combofix reeds gebruikt hebt?

**rogernan** · 09-06-13, 09:54

Klopt, let wel: die heb ik gebruikt voor deze hulp. Op wat kleine dingen na, gaat het al beter. Ik had een supertrage internetverbinding. Downloadsnelheid van 30 kb/sec. Dit probleem la bij de provider is inmiddels gestegen naar 400k draadloos volgens speedtest. Nog niet wat het moet zijn (ik heb de 160 mb van ziggo) maar goed het is werkbaar. Aan je reactie te zien zijn er geen grote problemen gevonden. Rest mij nog 1 vraag. Volgens die scans heb ik AVG, AVAST en Athenium (of zoiets) op mij systeem staan. Echter kan Revo uninstallers, windows uninstaller of die van Obit ze niet vinden. Kom er toch telkens bestanden van tegen. Ook staan er overal mappen van programmas die ik al lang niet meer gebruik. Is hier een snelle manier voor om ze weg te krijgen of moet ik deze vraag weer verplaatsen naar algemene pc problemen?

Alvast dank!

**Emphyrio** · 09-06-13, 10:28

Uit je posting maak ik uit dat IOBit nog steeds op je pc staat?
Ik had graag gezien dat je mijn instructies volgt.

Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten

verwijder volgende tools van je pc:

Advanced SystemCare 6 (IOBit)
Java(TM) 6 Update 32
Java(TM) 7 Update 5
Adobe Reader 10.1.4

PC herstarten daarna.
Post een verse DDS log.

Waarom zou jij je Anitvirus en Firewall (AVG) willen verwijderen?
AVAST en Athenium mogen iddd verwijderdt worden. Dat gaan we hierna ook doen.

Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

ComboFix /Uninstall

Zorg ervoor dat er dus een spatie is tussen Combofix en /
Daarna klik je op Enter.

Klik op de afbeelding om te vergroten....

Download PC Info naar je bureaublad.
Unzip en klik op SetupPC Info.
Doorloop het installatieproces.

.
Dubbelklik op PC Info.
De scanning wordt nu ingezet...
Na de scanning selecteer je de tab: Logs
Vervolgens check je uitsluitend deze items:
.

Software
Hardware
Software Installed List
Startup List
Running Processes
Expert Mode
Registry Scan
Services

.
Klik nu op 'Create a log' kopieer en plak deze in je volgende posting.

**rogernan** · 09-06-13, 10:46

Ik wil ze niet persé verwijderen, maar ik heb liever dat ik weet wat ik heb draaien. IObit is niet aan te raden? Heb deze met Revo verwijderd, incl grondige verwijdering. Deze laptop is maar een oud beestje, kan er niet een al te zware antivirus op hebben dan wordt het onwerkbaar. Daarbij ga ik uiterst voorzichtig om met mijn handelingen online om potentiele infecties te vermijden. Hieronder pc info log, dank voor je snelle reacties.

PC Info vs 2.0.1.5 © 2011-2013 Onsia Patrick (Emphyrio)
9-6-2013 10:42:02
Boot Status: Normal boot

==================== OS INFO ====================================

OS version : Windows XP
Edition : Professional
Service Pack : 3
Build version : 5.1.2600.196608
Windows OS Bits : 32 *

Update detected : 2013-06-09 06:59:13
Update downloaded : 2013-05-15 07:48:14
Update installed : 2013-05-16 07:10:13

==================== GENERAL INFO ===============================

Windows Directory : C:\WINDOWS
User Profile : C:\Documents and Settings\Tini
Java Version : N/A
Antivirus : AVG Internet Security 2012 2012.0 [Enabled]
Anti Spam : n/a
Firewall : AVG Internet Security 2012 2012.0 [Running]

==================== HARDWARE ===================================

GenuineIntel x86 Family 6 Model 15 Stepping 10
Intel(R) Celeron(R) M CPU 530 @ 1.73GHz

Mainboard : Hewlett-Packard

Model : HP Compaq 6720s

Bios Version : 68MDU Ver. F.09 (Hewlett-Packard)

RAM Present : 1015 MB / 1 GB
RAM Free : 399 Mb ( 39 % Free )

Videocard : Mobile Intel(R) 965 Express Chipset Family
Memory : 384Mb
Driver version : 6.14.10.4873

==================== APP LIST ===================================

C:\ Fixed - - NTFS - 111 Gb (Free : 88746 Mb / 86 Gb )

==================== INSTALLED SOFTWARE LIST ====================

Acrobat.com 1.6.65
Adobe AIR 2.5.1.17730
Adobe Flash Player 11 ActiveX 11.7.700.202
Adobe Flash Player 11 Plugin 11.7.700.202
Agere Systems HDA Modem
AVSDK5 5.2.9
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2675157) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2699988) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2722913) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2744842) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2761465) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2792100) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2797052) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2799329) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2809289) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2817183) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2829530) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB2847204) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332) 1
Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381) 1
Beveiligingsupdate voor Windows XP (KB2655992) 1
Beveiligingsupdate voor Windows XP (KB2691442) 1
Beveiligingsupdate voor Windows XP (KB2698365) 1
Beveiligingsupdate voor Windows XP (KB2705219) 1
Beveiligingsupdate voor Windows XP (KB2712808) 1
Beveiligingsupdate voor Windows XP (KB2718523) 1
Beveiligingsupdate voor Windows XP (KB2719985) 1
Beveiligingsupdate voor Windows XP (KB2723135) 1
Beveiligingsupdate voor Windows XP (KB2724197) 1
Beveiligingsupdate voor Windows XP (KB2727528) 1
Beveiligingsupdate voor Windows XP (KB2731847) 1
Beveiligingsupdate voor Windows XP (KB2753842-v2) 2
Beveiligingsupdate voor Windows XP (KB2753842) 1
Beveiligingsupdate voor Windows XP (KB2758857) 1
Beveiligingsupdate voor Windows XP (KB2761226) 1
Beveiligingsupdate voor Windows XP (KB2770660) 1
Beveiligingsupdate voor Windows XP (KB2779030) 1
Broadcom 802.11 WLAN-adapter 4.170.25.12
Canon MP210 series
Canon My Printer
Catan Online World 3.926
CCleaner 4.02
Cheat Engine 6.2
Digital Photo Resizer
DivX Setup 2.6.1.8
Facebook Video Calling 1.2.0.287 1.2.287
Google Chrome 27.0.1453.110
Google Drive 1.9.4536.8202
Google Earth Plug-in 7.0.3.8542
Google Toolbar for Internet Explorer 1.0.0
Google Toolbar for Internet Explorer 7.4.3607.2246
Google Update Helper 1.3.21.145
HiJackThis 1.0.0
HijackThis 1.99.1 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) 1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) 1
Hotfix for Windows XP (KB954550-v5) 5
Hotfix for Windows XP (KB976002-v5) 5
Hotfix voor Windows XP (KB2756822) 1
Hotfix voor Windows XP (KB2779562) 1
HP ProtectTools Security Manager 3.00 A10
HP Quick Launch Buttons 6.40 B2 6.40 B2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
IrfanView (remove only)
JavaFX 2.1.1 2.1.1
JPG to PDF Converter 1.0 1.0
Malwarebytes Anti-Malware versie 1.75.0.1300 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2 2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD 2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD 3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - nld 3.5.30729
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 3.5.30729
Microsoft Antimalware Service NL-NL Language Pack 3.0.8402.2
Microsoft Application Error Reporting 12.0.6012.5000
Microsoft Choice Guard 2.0.48.0
Microsoft Compression Client Pack 1.0 for Windows XP 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Security Client NL-NL Language Pack 2.1.1116.0
Microsoft Silverlight 5.1.20125.0
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable 8.0.56336
Microsoft Visual C++ 2005 Redistributable 8.0.61001
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161
Mozilla Firefox 21.0 (x86 nl) 21.0
Mozilla Maintenance Service 21.0
MSVCRT 14.0.1468.721
MSXML 6 Service Pack 2 (KB973686) 6.20.2003.0
MWSnap 3 3.0.0.74
OpenOffice.org 3.1 3.1.9420
Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
PC Info 2.0.15
PDF Creator Plus 5.0 5.0.000
Perfect Uninstaller v6.3.3.9
PowerDVD
Revo Uninstaller Pro 3.0.5 3.0.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) 1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) 1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) 1
Segoe UI 14.0.4327.805
SelectionLinks 1.0
Skype™ 6.3 6.3.107
SoundMAX 5.10.01.5220
Synaptics Pointing Device Driver 9.1.11.3
System Requirements Lab for Intel 4.5.5.0
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
TechPowerUp GPU-Z
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) 1
Update voor Windows Internet Explorer 8 (KB2598845) 1
Update voor Windows Internet Explorer 8 (KB2632503) 1
Update voor Windows Internet Explorer 8 (KB976662) 1
Update voor Windows XP (KB2661254-v2) 2
Update voor Windows XP (KB2718704) 1
Update voor Windows XP (KB2736233) 1
Update voor Windows XP (KB2749655) 1
VC80CRTRedist - 8.0.50727.6195 1.2.0
VLC media player 1.0.5 1.0.5
VobSub v2.23 (Remove Only)
WebFldrs XP 9.50.7523
Windows Genuine Advantage Notifications (KB905474) 1.9.0040.0
Windows Imaging Component 3.0.0.0
Windows Installer Clean Up 3.00.00.0000
Windows Internet Explorer 7 20070813.185237
Windows Internet Explorer 8 20090308.140743
Windows Live - Hulpprogramma voor uploaden 14.0.8014.1029
Windows Live aanmeldhulp 5.000.818.5
Windows Live Call 14.0.8117.0416
Windows Live Communications Platform 14.0.8117.416
Windows Live Essentials 14.0.8117.0416
Windows Live Essentials 14.0.8117.416
Windows Live Messenger 14.0.8117.0416
Windows Live OneCare safety scanner
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin 1.0.0.8
Windows XP Service Pack 3 20080414.175804
WinRAR
XML Paper Specification Shared Components Language Pack 1.0

==================== STARTUP LIST Enabled========================

------- Local [HKLM] Tini------------

Persistence : C:\WINDOWS\system32\igfxpers.exe
Broadcom Wireless Manager UI : C:\WINDOWS\system32\WLTRAY.exe
SynTPEnh : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
IgfxTray : C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe

------- Current User [HKCU] Tini------------

==================== RUNNING PROCESSES ==========================

WinRAR ID = 2676 Path: C:\Program Files\WinRAR\WinRAR.exe
svchost ID = 600 Path: C:\WINDOWS\system32\svchost.exe
services ID = 972 Path: C:\WINDOWS\system32\services.exe
wmiprvse ID = 3552 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
GoogleCrashHandler ID = 248 Path: C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
chrome ID = 1796 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
spoolsv ID = 1672 Path: C:\WINDOWS\system32\spoolsv.exe
svchost ID = 1136 Path: C:\WINDOWS\system32\svchost.exe
svchost ID = 1312 Path: C:\WINDOWS\system32\svchost.exe
svchost ID = 1400 Path: C:\WINDOWS\system32\svchost.exe
WLTRAY ID = 1528 Path: C:\WINDOWS\system32\WLTRAY.exe
igfxsrvc ID = 2560 Path: C:\WINDOWS\system32\igfxsrvc.exe
scardsvr ID = 1840 Path: C:\WINDOWS\System32\SCardSvr.exe
svchost ID = 1216 Path: C:\WINDOWS\system32\svchost.exe
SynTPEnh ID = 1476 Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PC Info ID = 2804 Path: C:\Program Files\E Dev\PC Info\PC Info.exe
chrome ID = 3960 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
svchost ID = 2024 Path: C:\WINDOWS\system32\svchost.exe
chrome ID = 2884 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
winlogon ID = 928 Path: C:\WINDOWS\system32\winlogon.exe
chrome ID = 3464 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
alg ID = 1816 Path: C:\WINDOWS\System32\alg.exe
chrome ID = 3684 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
vseamps ID = 300 Path: C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
smss ID = 832 Path: C:\WINDOWS\system32\smss.exe
BCMWLTRY ID = 1632 Path: C:\WINDOWS\System32\bcmwltry.exe
chrome ID = 3500 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
WLTRYSVC ID = 1620 Path: C:\WINDOWS\System32\WLTRYSVC.EXE
chrome ID = 3932 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
agrsmsvc ID = 1884 Path: C:\WINDOWS\system32\agrsmsvc.exe
csrss ID = 904 Path: C:\WINDOWS\system32\csrss.exe
vseqrts ID = 356 Path: C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
explorer ID = 1432 Path: C:\WINDOWS\Explorer.EXE
msiexec ID = 1520 Path: C:\WINDOWS\system32\msiexec.exe
svchost ID = 1252 Path: C:\WINDOWS\System32\svchost.exe
lsass ID = 984 Path: C:\WINDOWS\system32\lsass.exe

==================== REG SCAN ===================================

Empthy keys and/or values aren't logged !

==================== SESSION MANAGER ============================

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
BootExecute = autocheck autochk *

==================== WINLOGON ===================================

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

Userinit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe

==================== ShellServiceObjectDelayLoad ================

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9}
PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9}
SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153}
WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
File in HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32\ = C:\WINDOWS\system32\webcheck.dll

==================== Shell Extensions\Approved ==================

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = WebCheck
{08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
File in HKCR\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}\InProcServer32\ = C:\WINDOWS\system32\webcheck.dll

==================== Shell Extensions\Approved WOW 6432 =========

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

==================== SharedTaskScheduler ========================

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

{8C7461EF-2B13-11d2-BE35-3078302C2030} = Cache-daemon voor onderdeelcategorieën

File in HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32\ = C:\WINDOWS\system32\browseui.dll

==================== RUN KEYS====================================

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Broadcom Wireless Manager UI = C:\WINDOWS\system32\WLTRAY.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
Persistence = C:\WINDOWS\system32\igfxpers.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce

==================== vVv Krepper Trojan Pointers vVv ============

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run

==================== RUN SERVICES ===============================

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE
DWQueuedReporting = "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -tHKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

==================== Shell Folder ===============================

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Startup = C:\Documents and Settings\Tini\Menu Start\Programma's\Opstarten

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

==================== DLL Loaded =================================

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows

RequireSignedAppInit_DLLs = 0x00000001
( 0x0 – Load any DLLs. 0x1 – Load only code-signed DLLs.)

-------------- NOTIFY (HKLM)--------------

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
DllName = C:\WINDOWS\System32\dimsntfy.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
DllName = igfxdev.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
DllName = sclgntfy.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
DllName = WgaLogon.dll

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load

==================== ShellExecuteHooks ==========================

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks

==================== Command Processor ==========================

HKLM\Software\Microsoft\Command Processor
HKCU\Software\Microsoft\Command Processor

==================== BROWSER HELPER OBJECTS =====================

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

{AA58ED58-01DD-4d91-8333-CF10577473F7} = Google Toolbar Helper
File in HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InProcServer32\
= C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
--------------------------------------------------------------------
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} = Google Toolbar Notifier BHO
AppID = {96FBC13C-8214-4100-88E0-FF74D7A1CB4D}
File in HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InProcServer32\
= C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
--------------------------------------------------------------------

==================== BHO - CLSID Wow6432Node ====================

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects

# Not exist #

==================== TOOLBAR ====================================

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

# Not exist #

==================== TOOLBAR - Wow6432Node ======================

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar

# Not exist #

==================== URL SEARCH HOOKS ===========================

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks

==================== SAFE BOOT ==================================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

AlternateShell = cmd.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

{533C5B84-EC70-11D2-9505-00C04F79DEAF}
= Volume shadow copy{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}{D48179BE-EC20-11D1-B6B8-00C04FA372A7}{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

{50DD5230-BA8A-11D1-BF5D-0000F805F530}{533C5B84-EC70-11D2-9505-00C04F79DEAF}{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}{D48179BE-EC20-11D1-B6B8-00C04FA372A7}{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}DnsCache
= ServiceWudfPfWudfRdWudfSvcWudfUsbccidDriver

==================== DESKTOP ====================================

HKCU\Control Panel\Desktop

ScreenSaveActive = 0
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE

==================== SECURITYPROVIDERS ==========================

HKLM\system\currentcontrolset\control\securityproviders

SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
File in C:\WINDOWS\System32\credssp.dll 12800 bytes [ 14-4-2008 19:02:23 ]

==================== SERVICES ===================================

Service without a value in ImagePath or 'svchost.exe -k' aren't logged !

HKLM\SYSTEM\CurrentControlSet\Services

*** Win32OwnProcess ***

S3 - AdobeFlashPlayerUpdateSvc - Adobe Flash Player Update Service - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
R2 - AgereModemAudio - Agere Modem Call Progress Audio - C:\WINDOWS\system32\agrsmsvc.exe
R3 - ALG - Application Layer Gateway-service - C:\WINDOWS\System32\alg.exe
S3 - aspnet_state - ASP.NET-statusservice - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
S3 - ClipSrv - ClipBook - C:\WINDOWS\system32\clipsrv.exe
S3 - clr_optimization_v2.0.50727_32 - .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S3 - COMSysApp - COM+-systeemtoepassing - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S2 - gupdate - Google Updateservice (gupdate) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
S3 - gupdatem - Google Update-service (gupdatem) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
S3 - gusvc - Google Software Updater - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - hpqwmiex - hpqwmiex - "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"
S3 - ImapiService - COM-service voor IMAPI cd-branders - C:\WINDOWS\system32\imapi.exe
S3 - MozillaMaintenance - Mozilla Maintenance Service - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
S3 - MSDTC - Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
S4 - RDSessMgr - Helpsessiebeheer voor Extern bureaublad - C:\WINDOWS\system32\sessmgr.exe
S3 - RpcLocator - Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
S4 - RSVP - QoS RSVP - C:\WINDOWS\system32\rsvp.exe
S2 - SkypeUpdate - Skype Updater - "C:\Program Files\Skype\Updater\Updater.exe"
S3 - SwPrv - MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe /Processid:{1F8B584F-F9D3-4F33-B616-C9850F219087}
S3 - SysmonLog - Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
S3 - TlntSvr - Telnet - C:\WINDOWS\system32\tlntsvr.exe
S3 - UPS - Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
R3 - vseamps - vseamps - "C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe"
R3 - vsedsps - vsedsps - "C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe"
R2 - vseqrts - vseqrts - "C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe"
S3 - VSS - Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
S3 - WmiApSrv - WMI-prestatieadapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
S3 - WMPNetworkSvc - Windows Media Player Network Sharing-service - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

*** Win32ShareProcess ***

S3 - dmadmin - Logical Disk Manager Administrative-service - C:\WINDOWS\System32\dmadmin.exe /com
R2 - Eventlog - Event Log - C:\WINDOWS\system32\services.exe
S3 - idsvc - Windows CardSpace - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
R3 - MSIServer - Windows Installer - C:\WINDOWS\system32\msiexec.exe /V
S4 - NetDDE - Network DDE - C:\WINDOWS\system32\netdde.exe
S4 - NetDDEdsdm - Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
S4 - Netlogon - Net Logon - C:\WINDOWS\system32\lsass.exe
S4 - NetTcpPortSharing - Net.Tcp Port Sharing Service - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
S3 - NtLmSsp - NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
R2 - PlugPlay - Plug and Play - C:\WINDOWS\system32\services.exe
R2 - PolicyAgent - IPSEC-services - C:\WINDOWS\system32\lsass.exe
R2 - SamSs - Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
R2 - SCardSvr - Smart Card - C:\WINDOWS\System32\SCardSvr.exe

*** Other ***

S3 - CiSvc - Indexing-service - C:\WINDOWS\system32\cisvc.exe
R0 - FltMgr - FltMgr - \SystemRoot\system32\drivers\fltmgr.sys
R1 - HMFAxCore23f14cc2704814471a284145846ada24 - HMFAxCore23f14cc2704814471a284145846ada24 - HMFAxCore23f14cc2704814471a284145846ada24.sys
S4 - mnmsrvc - Delen van Extern bureaublad met NetMeeting - C:\WINDOWS\system32\mnmsrvc.exe
S3 - MRxDAV - WebDav-client-redirector - system32\DRIVERS\mrxdav.sys
R1 - MRxSmb - MRxSmb - system32\DRIVERS\mrxsmb.sys
R1 - NetBIOS - NetBIOS-interface - system32\DRIVERS\netbios.sys
R2 - ProtectedStorage - Protected Storage - C:\WINDOWS\system32\lsass.exe
R1 - Rdbss - Rdbss - system32\DRIVERS\rdbss.sys
S3 - Revoflt - Revoflt - system32\DRIVERS\revoflt.sys
R2 - Spooler - Print Spooler - C:\WINDOWS\system32\spoolsv.exe
R4 - sr - Stuurprogramma voor systeemherstelfilter - \SystemRoot\system32\DRIVERS\sr.sys
S3 - Srv - Srv - system32\DRIVERS\srv.sys
R2 - wltrysvc - Broadcom Wireless LAN Tray Service - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe

==================== WOW-CMDLINE ================================

HKLM\SYSTEM\CurrentControlSet\Control\WOW
cmdline = C:\WINDOWS\system32\ntvdm.exe
wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

==================== SVCHOST (White Listed) ==================

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

WINRM => WINRM
SYSTEM\CurrentControlSet\Services\WINRM\Parameters
ServiceDll = C:\WINDOWS\system32\WsmSvc.dll

==================== INTERFACES =================================

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062}
====================*============================================

{67D2E3D8-9709-41D8-A684-11F94CC0B65B}
====================*============================================

{A2A7DD0C-0C49-4200-8E27-6667746948FE}
====================*============================================

{ACBDC1A9-91EF-4AAB-9CE8-F518D2BA9633}
====================*============================================

{EFB3A29E-2103-40FC-9F4D-1A8F0ED4F6A5}
====================*============================================

==================== SEARCHSCOPES ===============================

HKCU\Software\Microsoft\Internet Explorer\SearchScopes

DefaultScope :

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL : http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
====================*============================================

{31DB4886-7A53-4BEC-ADDA-04A8294B65AA}
URL : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7ADFA_nlNL487
====================*============================================

{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
URL : http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
====================*============================================

{B8CEC1DD-F6CE-41DA-A7E5-EE8FD65CE9EE}
URL : http://searchya.com/?chnl=dcom-100&s=1&cr=914423506&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtC&q={searchTerms}
====================*============================================

HKLM\Software\Microsoft\Internet Explorer\SearchScopes

DefaultScope :

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL : http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
--------------------------------------------------------------------
{31DB4886-7A53-4BEC-ADDA-04A8294B65AA}
URL : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
--------------------------------------------------------------------

==================== Job files ==================================

There are no .job files found.
=================================================================

Log finished at 9-6-2013 10:42:09
Thanks for using PC Info...

==================== END ========================================

**Emphyrio** · 09-06-13, 11:44

IOBit is niet aan te raden.
Met AVG Internet Security 2012 heb je een actieve Antivirus én firewall in huis. Dat is goed.
Zonder AV en Firewall is het niet verantwoord om op het Web te gaan.

Ook betekend dit voor ons (de Helpers) een beetje dweilen met de kraan open dan.

Ik merk idd nog sporen van Authentium, we gaan deze direct verwijderen.

Eerst gaan we Combofix downloaden en runnen...

Download TFC en sla deze op je Bureaublad op.

Dubbelklik op TFC.exe om het programma te openen.
Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
Klik op de knop Start om het programma te starten.
Als het programma klaar is, dan zal het je computer opnieuw opstarten.
Als dit niet gebeurt, start dan je computer handmatig opnieuw op.

_____________________________________________________________

Download Combofix en plaats het op je bureaublad.

Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.

Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.

Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
Deze kan je vinden als C:\combofix.txt.

Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

Emphyrio

**rogernan** · 09-06-13, 12:09

ComboFix 13-06-08.02 - Tini 09-06-2013 12:00:16.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.730 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Tini\Mijn documenten\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))))
.
.
2013-06-09 08:40 . 2013-06-09 08:40 -------- d-----w- c:\program files\E Dev
2013-06-08 14:56 . 2013-06-08 14:56 -------- d--h--w- c:\windows\PIF
2013-06-08 14:47 . 2013-06-08 14:47 -------- d-----w- c:\documents and settings\Tini\Application Data\Malwarebytes
2013-06-08 14:47 . 2013-06-08 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-08 14:47 . 2013-06-08 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-08 14:47 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-08 13:11 . 2013-06-08 13:11 388096 ----a-r- c:\documents and settings\Tini\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-06 18:41 . 2013-06-06 18:41 -------- d-----w- c:\program files\Perfect Uninstaller
2013-06-06 18:17 . 2013-06-08 15:46 -------- d--h--r- c:\documents and settings\Tini\Onlangs geopend
2013-06-06 18:01 . 2013-06-06 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2013-06-03 21:57 . 2013-06-03 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
2013-05-30 20:28 . 2013-06-06 18:33 -------- d-----w- c:\program files\AVAST Software
2013-05-30 20:26 . 2013-06-06 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-30 21:19 . 2012-05-23 18:30 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-30 21:19 . 2011-08-13 18:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:30 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2006-03-02 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-09 1839104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^CaptureWiz.lnk]
path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^Dropbox.lnk]
path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^OpenOffice.org 3.1 .lnk]
path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk
backup=c:\windows\pss\OpenOffice.org 3.1 .lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-01-29 17:22 138096 ----atw- c:\documents and settings\Tini\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_419160B8BAE8A281612C898CF12F9EE3]
2013-05-29 05:27 825808 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCACheck]
2012-10-11 15:01 36336 ----a-w- c:\program files\Common Files\WinOfficeca\OCACheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeCyberAlert]
2012-10-13 14:09 1687024 ----a-w- c:\program files\Common Files\WinOfficeca\Sysmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 14:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2012-11-20 21:43 136336 ----atw- c:\documents and settings\Tini\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-05-08 16:27 18680424 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 06:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 15:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-06-29 20:05 4011184 ----a-w- c:\documents and settings\Tini\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-06-06 18:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Tini\\Application Data\\Spotify\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Tini\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Tini\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [10-1-2013 19:32 13560]
R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1-3-2013 12:11 161384]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [8-4-2010 16:46 154152]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2-6-2011 11:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [9-8-2012 13:06 21888]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [10-1-2013 21:50 33616]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Tini\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Tini\LOCALS~1\Temp\GPU-Z.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23-5-2012 20:37 27064]
S3 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [8-4-2010 16:46 117288]
S3 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [8-4-2010 16:46 117288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 08:57 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 21:19]
.
2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1563985344-2147246695-1003Core.job
- c:\documents and settings\Tini\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-29 17:22]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4a74390bd8a4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 21:40]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 21:40]
.
2013-06-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-682003330-1563985344-2147246695-1003Core.job
- c:\documents and settings\Tini\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-11-20 21:43]
.
2013-06-08 c:\windows\Tasks\User_Feed_Synchronization-{09D0AA6A-F6D7-42E5-A0C5-5E327A8C3CF7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\
FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\extensions\[email protected]
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-09 12:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2716)
c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2013-06-09 12:08:04
ComboFix-quarantined-files.txt 2013-06-09 10:07
ComboFix2.txt 2013-06-06 19:18
.
Pre-Run: 93.234.184.192 bytes beschikbaar
Post-Run: 93.224.947.712 bytes beschikbaar
.
- - End Of File - - 2176E3230AE84930B8C003F8C75BDA04
3051207086651214E435112E51817DC5

dds komt eraan

**rogernan** · 09-06-13, 12:10

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Tini at 12:09:51 on 2013-06-09
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.572 [GMT 2:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062} : DHCPNameServer = 212.54.40.25 212.54.35.25
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: skype-ie-addon-data - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\
FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-10 13560]
R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2012-8-9 21888]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-1-10 33616]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\tini\locals~1\temp\gpu-z.sys --> c:\docume~1\tini\locals~1\temp\GPU-Z.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-23 27064]
S3 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
S3 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
.
=============== Created Last 30 ================
.
2013-06-09 09:58:26 98816 ----a-w- c:\windows\sed.exe
2013-06-09 09:58:26 256000 ----a-w- c:\windows\PEV.exe
2013-06-09 09:58:26 208896 ----a-w- c:\windows\MBR.exe
2013-06-09 08:40:33 -------- d-----w- c:\program files\E Dev
2013-06-08 14:56:22 -------- d--h--w- c:\windows\PIF
2013-06-08 14:47:15 -------- d-----w- c:\documents and settings\tini\application data\Malwarebytes
2013-06-08 14:47:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-08 14:47:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-08 14:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-08 13:11:45 388096 ----a-r- c:\documents and settings\tini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-06-06 18:41:45 -------- d-----w- c:\program files\Perfect Uninstaller
2013-06-06 18:17:41 -------- d--h--r- c:\documents and settings\tini\Onlangs geopend
2013-06-06 18:01:14 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2013-06-03 21:57:30 -------- d-----w- c:\documents and settings\all users\application data\BlueStacksSetup
2013-06-03 21:57:27 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
2013-05-30 20:28:43 -------- d-----w- c:\program files\AVAST Software
2013-05-30 20:26:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
.
==================== Find3M ====================
.
2013-05-30 21:19:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-30 21:19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:09:59,29 ===============

**Emphyrio** · 09-06-13, 12:30

Je hebt Combofix niet op je bureaublad gedownload niettegenstaand dit duidelijk gevraagd geweest is.
Laat het nu maar staan waar het staat, maar ik heb graag dat je mijn instructies in het vervolg correct opvolgd.
Kwestie van calamiteiten te vermijden.

Schakel je beveiligingssoftware uit.

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

Open een kladblokbestand.
Kopieer het onderstaande en plak dit in het kladblokbestand.
Sla het kladblokbestand op als CFScript.txt

Code:

KillAll::
ClearJavaCache::
AtJob::
DDS::
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
Folder::
c:\program files\Common Files\Authentium
c:\program files\AVAST Software
c:\documents and settings\All Users\Application Data\AVAST Software
Driver::
vseqrts
vseamps
vsedsps
Registry::
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B8CEC1DD-F6CE-41DA-A7E5-EE8FD65CE9EE}]

Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe

ComboFix zal opnieuw starten.
Als Combofix vraagt om een update, dan staat je dit toe.

Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

Maak een nieuwe DDS log en post deze ook.

**rogernan** · 09-06-13, 23:23

Dat deed ik niet met opzet. Ik weet niet hoe ik die AVG realscanner uitzet, want ik zie m nergens staan. Combifix wel laten lopen, hieronder de logs incl dds:

ComboFix 13-06-08.02 - Tini 09-06-2013 23:07:49.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.704 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Tini\Mijn documenten\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Tini\Bureaublad\CFScript.txt
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVAST Software
c:\program files\AVAST Software
c:\program files\Common Files\Authentium
c:\program files\Common Files\Authentium\AntiVirus5\aicam.dll
c:\program files\Common Files\Authentium\AntiVirus5\aidef.dll
c:\program files\Common Files\Authentium\AntiVirus5\aiio.dll
c:\program files\Common Files\Authentium\AntiVirus5\aimsg.msg
c:\program files\Common Files\Authentium\AntiVirus5\aiscan.exe
c:\program files\Common Files\Authentium\AntiVirus5\aise.dll
c:\program files\Common Files\Authentium\AntiVirus5\aivse000.dll
c:\program files\Common Files\Authentium\AntiVirus5\aivsec.dll
c:\program files\Common Files\Authentium\AntiVirus5\aivsecon.def
c:\program files\Common Files\Authentium\AntiVirus5\ampmf\amp.cat
c:\program files\Common Files\Authentium\AntiVirus5\ampmf\amp.inf
c:\program files\Common Files\Authentium\AntiVirus5\ampmf\amp.sys
c:\program files\Common Files\Authentium\AntiVirus5\ampse\ampse.cat
c:\program files\Common Files\Authentium\AntiVirus5\ampse\ampse.inf
c:\program files\Common Files\Authentium\AntiVirus5\ampse\AMPSE.sys
c:\program files\Common Files\Authentium\AntiVirus5\AmpVseApi.dll
c:\program files\Common Files\Authentium\AntiVirus5\antivir.def
c:\program files\Common Files\Authentium\AntiVirus5\antiviri.def
c:\program files\Common Files\Authentium\AntiVirus5\antivirv.dll
c:\program files\Common Files\Authentium\AntiVirus5\DPInst.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseampc.dll
c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseapi.dll
c:\program files\Common Files\Authentium\AntiVirus5\vsecapi.dll
c:\program files\Common Files\Authentium\AntiVirus5\vsecdspc.dll
c:\program files\Common Files\Authentium\AntiVirus5\vsecqrt.dll
c:\program files\Common Files\Authentium\AntiVirus5\vsedspc.dll
c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe
c:\program files\Common Files\Authentium\AntiVirus5\vseqrt.dll
c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe
c:\program files\Common Files\Authentium\AntiVirus5\vsestmio.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VSEAMPS
-------\Legacy_VSEDSPS
-------\Legacy_VSEQRTS
-------\Service_vseamps
-------\Service_vsedsps
-------\Service_vseqrts
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))))
.
.
2013-06-09 08:40 . 2013-06-09 08:40 -------- d-----w- c:\program files\E Dev
2013-06-08 14:56 . 2013-06-08 14:56 -------- d--h--w- c:\windows\PIF
2013-06-08 14:47 . 2013-06-08 14:47 -------- d-----w- c:\documents and settings\Tini\Application Data\Malwarebytes
2013-06-08 14:47 . 2013-06-08 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-08 14:47 . 2013-06-08 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-08 14:47 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-08 13:11 . 2013-06-08 13:11 388096 ----a-r- c:\documents and settings\Tini\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-06-06 18:41 . 2013-06-06 18:41 -------- d-----w- c:\program files\Perfect Uninstaller
2013-06-06 18:17 . 2013-06-09 21:04 -------- d--h--r- c:\documents and settings\Tini\Onlangs geopend
2013-06-06 18:01 . 2013-06-06 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2013-06-03 21:57 . 2013-06-03 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-30 21:19 . 2012-05-23 18:30 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-30 21:19 . 2011-08-13 18:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:30 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01 . 2006-03-02 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-09 1839104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^CaptureWiz.lnk]
path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\CaptureWiz.lnk
backup=c:\windows\pss\CaptureWiz.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^Dropbox.lnk]
path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^OpenOffice.org 3.1 .lnk]
path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk
backup=c:\windows\pss\OpenOffice.org 3.1 .lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2013-01-29 17:22 138096 ----atw- c:\documents and settings\Tini\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_419160B8BAE8A281612C898CF12F9EE3]
2013-05-29 05:27 825808 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCACheck]
2012-10-11 15:01 36336 ----a-w- c:\program files\Common Files\WinOfficeca\OCACheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeCyberAlert]
2012-10-13 14:09 1687024 ----a-w- c:\program files\Common Files\WinOfficeca\Sysmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 14:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
2012-11-20 21:43 136336 ----atw- c:\documents and settings\Tini\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-05-08 16:27 18680424 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2006-07-13 06:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-01-05 15:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-06-29 20:05 4011184 ----a-w- c:\documents and settings\Tini\Application Data\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-06-06 18:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Tini\\Application Data\\Spotify\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Tini\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Tini\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*

isabled:Windows Remote Management
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [10-1-2013 19:32 13560]
R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1-3-2013 12:11 161384]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2-6-2011 11:08 11336]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [9-8-2012 13:06 21888]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [10-1-2013 21:50 33616]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\Tini\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Tini\LOCALS~1\Temp\GPU-Z.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23-5-2012 20:37 27064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 08:57 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 21:19]
.
2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1563985344-2147246695-1003Core.job
- c:\documents and settings\Tini\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-29 17:22]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4a74390bd8a4.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 21:40]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 21:40]
.
2013-06-09 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-682003330-1563985344-2147246695-1003Core.job
- c:\documents and settings\Tini\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-11-20 21:43]
.
2013-06-09 c:\windows\Tasks\User_Feed_Synchronization-{09D0AA6A-F6D7-42E5-A0C5-5E327A8C3CF7}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\
FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-09 23:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(2796)
c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
.
**************************************************************************
.
Voltooingstijd: 2013-06-09 23:19:52 - machine werd herstart
ComboFix-quarantined-files.txt 2013-06-09 21:19
ComboFix2.txt 2013-06-09 10:08
ComboFix3.txt 2013-06-06 19:18
.
Pre-Run: 93.134.938.112 bytes beschikbaar
Post-Run: 93.075.619.840 bytes beschikbaar
.
- - End Of File - - CB69DE34FFC4330674E5CA5C66B91924
3051207086651214E435112E51817DC5

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Tini at 23:21:14 on 2013-06-09
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.693 [GMT 2:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
TCP: NameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062} : DHCPNameServer = 212.54.40.25 212.54.35.25
Handler: livecall - <Clsid value has no data>
Handler: msnim - <Clsid value has no data>
Handler: skype-ie-addon-data - <Clsid value has no data>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\
FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\extensions\[email protected]
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-10 13560]
R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2012-8-9 21888]
S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-1-10 33616]
S3 GPU-Z;GPU-Z;\??\c:\docume~1\tini\locals~1\temp\gpu-z.sys --> c:\docume~1\tini\locals~1\temp\GPU-Z.sys [?]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-23 27064]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
.
=============== Created Last 30 ================
.
2013-06-09 09:58:26 98816 ----a-w- c:\windows\sed.exe
2013-06-09 09:58:26 256000 ----a-w- c:\windows\PEV.exe
2013-06-09 09:58:26 208896 ----a-w- c:\windows\MBR.exe
2013-06-09 08:40:33 -------- d-----w- c:\program files\E Dev
2013-06-08 14:56:22 -------- d--h--w- c:\windows\PIF
2013-06-08 14:47:15 -------- d-----w- c:\documents and settings\tini\application data\Malwarebytes
2013-06-08 14:47:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-08 14:47:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-08 14:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-08 13:11:45 388096 ----a-r- c:\documents and settings\tini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-06-06 18:41:45 -------- d-----w- c:\program files\Perfect Uninstaller
2013-06-06 18:17:41 -------- d--h--r- c:\documents and settings\tini\Onlangs geopend
2013-06-06 18:01:14 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2013-06-03 21:57:30 -------- d-----w- c:\documents and settings\all users\application data\BlueStacksSetup
2013-06-03 21:57:27 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
.
==================== Find3M ====================
.
2013-05-30 21:19:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-30 21:19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:26:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:21:21,70 ===============

**Emphyrio** · 09-06-13, 23:26

Hoe je AVG realtime scanner uitzet kan je hier vinden: http://www.avg.com/nl-nl/faq.num-4498

Hoe is het nu?

Mededeling

Trage laptop, trage verbining hond in beeld chrome.

Trage laptop, trage verbining hond in beeld chrome.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment