Mededeling

Collapse
No announcement yet.

Trage laptop, trage verbining hond in beeld chrome.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Trage laptop, trage verbining hond in beeld chrome.

    Systeem start heel traag op, na het inloggen krijg ik een minuut lang een zwart scherm alvorens ik mijn desktop in beeld krijg. Allerlei Anti spy and mal erop los gelaten. Nu krijg ik bij het openen van internetpaginas in chrome telkens in het midden van mijn scherm een animatie van een gele puppyhond in beeld die verdwijnt als de pagina geladen is. Wie kan mij helpen?
    Hijack log


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15:13:12, on 8-6-2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} (Album Upload Software Control) - http://www.mijnalbum.nl/v3/skinsrc/c...eUploader6.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab...el_4.5.5.0.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://yahoouk.oberon-media.com/Game...onGameHost.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://cache.hyves-static.net/static...eUploader4.cab
    O18 - Protocol: skype-ie-addon-data - (no CLSID) - (no file)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 6 (AdvancedSystemCareService6) - IObit - C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 8125 bytes

  • #2
    Hoi rogernan,

    Voor we beginnen , wil ik even vriendelijk op de volgende richtlijnen wijzen:
    .
    • Log enkel in als beheerder met alle rechten.
    • Post je probleem niet in verscheidene fora. het komt je probleem niet ten goede en het is niet netjes tegenover de helpers.
    • Het opruimen van je systeem kan wat tijd in beslag nemen, wees geduldig.
    • Volg aandachtig de instructies die door mij worden gegeven.
    • Volg enkel het door mij gegeven advies op
    • Blijf bij het topic totdat ik gemeldt heb dat je PC clean is.
    • Als je iets niet weet of verstaat, vraag het dan even aub.
    • Installeer of deinstalleer géén software of hardware terwijl we met je probleem bezig zijn.
    • Ga ondertussen niet wat "anders" proberen, dat maakt het alleen maar moeilijker voor ons
    • Log enkel in als beheerder met alle rechten.
    • Zet je emoticons (Smileys) uit als je logs plaatst aub .
    • De logs niet als bijlage, noch tussen codetags zetten aub.

    .
    Opmerking: Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    De instructies die worden gegeven, zijn enkel geldig voor jouw PC.

    Stap 1:

    Malware scannen en verwijderen....


    Download MalwareBytes' Anti-Malware naar je bureaublad vanuit één van de volgende links: Dubbelklik op mbam-setup.exe om het programma te installeren.

    Op het einde van de setup procedure, krijg je een scherm waar je op "Voltooien" moet klikken.
    Indien je MBAM niet wenst te evalueren, vink je de eerste optie uit en klik je dan pas op "Voltooien"

    KLIK HIER voor een vergroting! 
    Klik op de foto voor een vergroting...

    Zorg dat er na de installatie een vinkje is geplaatst bij:
    • Update MalwareBytes' Anti-Malware
    • Start MalwareBytes' Anti-Malware
    • Klik daarna op "Voltooien". Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.



    Zodra het programma gestart is, ga je naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
    • Ga naar het tabblad "Updates" en Update MBAM.
    • Ga daarna naar het tabblad "Scanner", kies hier voor "VOLLEDIGE Scan".
    • Druk vervolgens op "Scannen" om de scan te starten.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.

    Indien MBAM vraagt om een herstart, doe dit dan ook.
    Wanneer je de restart hebt gedaan, maak je een nieuwe snelle scan met MBAM.
    In dat geval post je dus de twee logs.

    De log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.


    Bij problemen!!!

    ___________________________________________________________

    Stap 2:

    Controle op slechte toolbars...

    Opmerking:Vista of Windows 7 ? >> Alle tools steeds uitvoeren als admin.
    Beveiligingssoftware uitschakelen.

    Download AdwCleaner by Xplode naar je Bureaublad.
    • Sluit alle openstaande vensters
    • Start AdwCleaner en klik op Verwijderen

    • KLIK HIER voor een vergroting! 
    • Klik bij AdwCleaner – Information op OK
    • Klik bij AdwCleaner – Restart Required op OK

    Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
    Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

    Vergeet niet om je "smileys" uit te schakelen.

    Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com

    ___________________________________________________________

    Stap 3:

    Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


    DDS is een diagnosetool en maakt gebruik van scripts.
    Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


    Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
    Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
    Beide logfiles sla je op je bureaublad.

    Post de inhoud van DDS.txt.

    De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.

    ___________________________________________________________

    Stap 4:

    Controle op updates...

    Download Security Check op je bureaublad via hier of hier

    Start Security Check
    Volg de Instructies in het scherm
    Aan het eind verschijnt een log ( checkup.txt )
    Plaats de inhoud ervan in je volgende antwoord.

    In je volgende posting, had ik graag de volgende logs gezien, gemaakt in de opgestelde volgorde:
    .
    • MBAM
    • AdwCleaner
    • DDS
    • checkup.txt

    .
    Deze logs NIET als bijlage of tussen codetags posten aub.

    Emphyrio
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Malwarebytes Anti-Malware 1.75.0.1300
      Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.


      Databaseversie: v2013.06.08.03

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      Tini :: CP128083-C [administrator]

      8-6-2013 17:00:34
      mbam-log-2013-06-08 (17-00-34).txt

      Scan type: Volledige scan (C:\|)
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 283173
      Verstreken tijd: 38 minuut/minuten, 54 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)

      # AdwCleaner v2.302 - Verslag gemaakt op 08/06/2013 om 17:42:03
      # Geactualiseerd op 06/06/2013 door Xplode
      # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
      # Gebruiker : Tini - CP128083-C
      # Opstarten Modus : Normale modus
      # Gelanceerd vanaf : C:\Documents and Settings\Tini\Mijn documenten\Downloads\AdwCleaner (1).exe
      # Optie [Zoeken]


      ***** [Diensten] *****


      ***** [Files / Mappen] *****


      ***** [Register] *****


      ***** [Browsers] *****

      -\\ Internet Explorer v8.0.6001.18702

      [OK] Het register bevat geen enkele ongeoorloofde invoer.

      -\\ Mozilla Firefox v21.0 (nl)

      File : C:\Documents and Settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\prefs.js

      [OK] De file bevat geen enkele ongeoorloofde invoer.

      File : C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\vj59kepf.default\prefs.js

      [OK] De file bevat geen enkele ongeoorloofde invoer.

      -\\ Google Chrome v27.0.1453.110

      File : C:\Documents and Settings\Tini\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

      [OK] De file bevat geen enkele ongeoorloofde invoer.

      *************************

      AdwCleaner[R1].txt - [2205 octets] - [07/06/2013 17:47:25]
      AdwCleaner[R2].txt - [1247 octets] - [08/06/2013 17:42:03]
      AdwCleaner[S1].txt - [10450 octets] - [31/05/2013 21:20:05]
      AdwCleaner[S2].txt - [2286 octets] - [07/06/2013 17:48:04]

      ########## EOF - C:\AdwCleaner[R2].txt - [1428 octets] ##########

      # AdwCleaner v2.302 - Verslag gemaakt op 08/06/2013 om 17:42:32
      # Geactualiseerd op 06/06/2013 door Xplode
      # Besturingssysteem : Microsoft Windows XP Service Pack 3 (32 bits)
      # Gebruiker : Tini - CP128083-C
      # Opstarten Modus : Normale modus
      # Gelanceerd vanaf : C:\Documents and Settings\Tini\Mijn documenten\Downloads\AdwCleaner (1).exe
      # Optie [Verwijderen]


      ***** [Diensten] *****


      ***** [Files / Mappen] *****


      ***** [Register] *****


      ***** [Browsers] *****

      -\\ Internet Explorer v8.0.6001.18702

      [OK] Het register bevat geen enkele ongeoorloofde invoer.

      -\\ Mozilla Firefox v21.0 (nl)

      File : C:\Documents and Settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\prefs.js

      [OK] De file bevat geen enkele ongeoorloofde invoer.

      File : C:\Documents and Settings\Roger\Application Data\Mozilla\Firefox\Profiles\vj59kepf.default\prefs.js

      [OK] De file bevat geen enkele ongeoorloofde invoer.

      -\\ Google Chrome v27.0.1453.110

      File : C:\Documents and Settings\Tini\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

      [OK] De file bevat geen enkele ongeoorloofde invoer.

      *************************

      AdwCleaner[R1].txt - [2205 octets] - [07/06/2013 17:47:25]
      AdwCleaner[R2].txt - [1497 octets] - [08/06/2013 17:42:03]
      AdwCleaner[S1].txt - [10450 octets] - [31/05/2013 21:20:05]
      AdwCleaner[S2].txt - [2286 octets] - [07/06/2013 17:48:04]
      AdwCleaner[S3].txt - [1433 octets] - [08/06/2013 17:42:32]

      ########## EOF - C:\AdwCleaner[S3].txt - [1493 octets] ##########




      DDS (Ver_2012-11-20.01) - NTFS_x86
      Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
      Run by Tini at 17:47:04 on 2013-06-08
      Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.678 [GMT 2:00]
      .
      AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      FW: AVG Internet Security 2012 *Enabled*
      .
      ============== Running Processes ================
      .
      C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\SCardSvr.exe
      C:\WINDOWS\system32\agrsmsvc.exe
      C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
      C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
      C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
      C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
      C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\IObit\Advanced SystemCare 6\DelayLoad.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\WINDOWS\system32\svchost.exe -k DcomLaunch
      C:\WINDOWS\system32\svchost.exe -k rpcss
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
      C:\WINDOWS\system32\svchost.exe -k NetworkService
      C:\WINDOWS\System32\svchost.exe -k netsvcs
      C:\WINDOWS\system32\svchost.exe -k imgsvc
      C:\WINDOWS\system32\svchost.exe -k LocalService
      .
      ============== Pseudo HJT Report ===============
      .
      uStart Page = hxxp://www.google.com/
      BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
      BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
      BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
      BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
      BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
      BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
      mRun: [Persistence] c:\windows\system32\igfxpers.exe
      mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
      mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
      mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
      mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
      dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
      dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
      uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
      uPolicies-Explorer: NoDriveAutoRun = dword:67108863
      uPolicies-Explorer: NoDrives = dword:0
      mPolicies-Explorer: NoDriveAutoRun = dword:67108863
      mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
      mPolicies-Explorer: NoDrives = dword:0
      mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
      mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
      mPolicies-Explorer: NoDriveAutoRun = dword:67108863
      IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
      IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
      IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
      .
      INFO: HKCU has more than 50 listed domains.
      If you wish to scan all of them, select the 'Force scan all domains' option.
      .
      DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
      DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
      DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
      DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
      DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
      DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
      DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
      DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
      DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
      DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
      DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
      DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
      TCP: NameServer = 212.54.40.25 212.54.35.25
      TCP: Interfaces\{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062} : DHCPNameServer = 212.54.40.25 212.54.35.25
      Handler: livecall - <Clsid value has no data>
      Handler: msnim - <Clsid value has no data>
      Handler: skype-ie-addon-data - <Clsid value has no data>
      Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
      Notify: igfxcui - igfxdev.dll
      SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
      mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
      .
      ================= FIREFOX ===================
      .
      FF - ProfilePath - c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\
      FF - plugin: c:\documents and settings\tini\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
      FF - plugin: c:\documents and settings\tini\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
      FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
      FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
      FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
      FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
      FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
      FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
      FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
      FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
      FF - plugin: c:\windows\system32\npdeployJava1.dll
      FF - plugin: c:\windows\system32\npptools.dll
      FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
      FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\extensions\[email protected]
      .
      ============= SERVICES / DRIVERS ===============
      .
      R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-10 13560]
      R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
      R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-11-20 464256]
      R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
      R3 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
      R3 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
      S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
      S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
      S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
      S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
      S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
      S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2012-8-9 21888]
      S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-1-10 33616]
      S3 GPU-Z;GPU-Z;\??\c:\docume~1\tini\locals~1\temp\gpu-z.sys --> c:\docume~1\tini\locals~1\temp\GPU-Z.sys [?]
      S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-23 27064]
      S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
      .
      =============== Created Last 30 ================
      .
      2013-06-08 14:56:22 -------- d--h--w- c:\windows\PIF
      2013-06-08 14:47:15 -------- d-----w- c:\documents and settings\tini\application data\Malwarebytes
      2013-06-08 14:47:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
      2013-06-08 14:47:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
      2013-06-08 14:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
      2013-06-08 13:11:45 388096 ----a-r- c:\documents and settings\tini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
      2013-06-06 19:03:29 -------- d-----w- C:\ComboFix
      2013-06-06 18:41:45 -------- d-----w- c:\program files\Perfect Uninstaller
      2013-06-06 18:17:41 -------- d--h--r- c:\documents and settings\tini\Onlangs geopend
      2013-06-06 18:01:14 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
      2013-06-03 21:57:30 -------- d-----w- c:\documents and settings\all users\application data\BlueStacksSetup
      2013-06-03 21:57:27 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
      2013-05-30 20:28:43 -------- d-----w- c:\program files\AVAST Software
      2013-05-30 20:26:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
      .
      ==================== Find3M ====================
      .
      2013-05-30 21:19:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
      2013-05-30 21:19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
      2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
      2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
      2013-04-16 22:26:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
      2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
      2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
      .
      ============= FINISH: 17:47:44,31 ===============


      Results of screen317's Security Check version 0.99.64
      Windows XP Service Pack 3 x86
      ``````````````Antivirus/Firewall Check:``````````````
      AVG Internet Security 2012
      Antivirus up to date!
      `````````Anti-malware/Other Utilities Check:`````````
      Out of date HijackThis installed!
      Malwarebytes Anti-Malware versie 1.75.0.1300
      HijackThis 1.99.1
      CCleaner
      JavaFX 2.1.1
      Java(TM) 6 Update 32
      Java(TM) 7 Update 5
      Java version out of Date!
      Adobe Flash Player 11.7.700.202
      Adobe Reader 10.1.4 Adobe Reader out of Date!
      Mozilla Firefox (21.0)
      Google Chrome 27.0.1453.110
      Google Chrome 27.0.1453.94
      ````````Process Check: objlist.exe by Laurent````````
      Common Files Authentium AntiVirus5 vsedsps.exe
      Common Files Authentium AntiVirus5 vseamps.exe
      Common Files Authentium AntiVirus5 vseqrts.exe
      `````````````````System Health check`````````````````
      Total Fragmentation on Drive C::
      ````````````````````End of Log``````````````````````

      Comment


      • #4
        verwijder volgende tools van je pc:
        • Advanced SystemCare 6 (IOBit)
        • Java(TM) 6 Update 32
        • Java(TM) 7 Update 5
        • Adobe Reader 10.1.4

        PC herstarten daarna.
        Post een verse DDS log.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          DDS (Ver_2012-11-20.01) - NTFS_x86
          Internet Explorer: 8.0.6001.18702
          Run by Tini at 19:09:22 on 2013-06-08
          Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.690 [GMT 2:00]
          .
          AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
          FW: AVG Internet Security 2012 *Enabled*
          .
          ============== Running Processes ================
          .
          C:\WINDOWS\System32\WLTRYSVC.EXE
          C:\WINDOWS\System32\bcmwltry.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\System32\SCardSvr.exe
          C:\WINDOWS\system32\agrsmsvc.exe
          C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
          C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
          C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
          C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\system32\WLTRAY.exe
          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\WINDOWS\system32\svchost.exe -k DcomLaunch
          C:\WINDOWS\system32\svchost.exe -k rpcss
          C:\WINDOWS\System32\svchost.exe -k netsvcs
          C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
          C:\WINDOWS\system32\svchost.exe -k NetworkService
          C:\WINDOWS\System32\svchost.exe -k netsvcs
          C:\WINDOWS\system32\svchost.exe -k imgsvc
          C:\WINDOWS\system32\svchost.exe -k LocalService
          .
          ============== Pseudo HJT Report ===============
          .
          uStart Page = hxxp://www.google.com/
          BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
          BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
          BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
          mRun: [Persistence] c:\windows\system32\igfxpers.exe
          mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
          mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
          mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
          mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
          dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
          dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
          uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
          uPolicies-Explorer: NoDriveAutoRun = dword:67108863
          uPolicies-Explorer: NoDrives = dword:0
          mPolicies-Explorer: NoDriveAutoRun = dword:67108863
          mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
          mPolicies-Explorer: NoDrives = dword:0
          mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
          mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
          mPolicies-Explorer: NoDriveAutoRun = dword:67108863
          IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
          IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
          IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
          .
          INFO: HKCU has more than 50 listed domains.
          If you wish to scan all of them, select the 'Force scan all domains' option.
          .
          DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
          DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
          DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
          DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
          DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
          DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
          DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
          DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
          DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
          DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
          DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
          DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
          DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
          TCP: NameServer = 212.54.40.25 212.54.35.25
          TCP: Interfaces\{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062} : DHCPNameServer = 212.54.40.25 212.54.35.25
          Handler: livecall - <Clsid value has no data>
          Handler: msnim - <Clsid value has no data>
          Handler: skype-ie-addon-data - <Clsid value has no data>
          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
          Notify: igfxcui - igfxdev.dll
          SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
          mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
          .
          ================= FIREFOX ===================
          .
          FF - ProfilePath - c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\
          FF - plugin: c:\documents and settings\tini\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
          FF - plugin: c:\documents and settings\tini\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
          FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
          FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
          FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
          FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
          FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
          FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
          FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
          FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
          FF - plugin: c:\windows\system32\npdeployJava1.dll
          FF - plugin: c:\windows\system32\npptools.dll
          FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
          FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\extensions\[email protected]
          .
          ============= SERVICES / DRIVERS ===============
          .
          R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-10 13560]
          R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
          R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
          R3 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
          R3 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
          S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
          S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
          S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
          S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
          S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
          S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2012-8-9 21888]
          S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-1-10 33616]
          S3 GPU-Z;GPU-Z;\??\c:\docume~1\tini\locals~1\temp\gpu-z.sys --> c:\docume~1\tini\locals~1\temp\GPU-Z.sys [?]
          S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-23 27064]
          S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
          .
          =============== Created Last 30 ================
          .
          2013-06-08 14:56:22 -------- d--h--w- c:\windows\PIF
          2013-06-08 14:47:15 -------- d-----w- c:\documents and settings\tini\application data\Malwarebytes
          2013-06-08 14:47:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
          2013-06-08 14:47:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
          2013-06-08 14:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
          2013-06-08 13:11:45 388096 ----a-r- c:\documents and settings\tini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
          2013-06-06 19:03:29 -------- d-----w- C:\ComboFix
          2013-06-06 18:41:45 -------- d-----w- c:\program files\Perfect Uninstaller
          2013-06-06 18:17:41 -------- d--h--r- c:\documents and settings\tini\Onlangs geopend
          2013-06-06 18:01:14 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
          2013-06-03 21:57:30 -------- d-----w- c:\documents and settings\all users\application data\BlueStacksSetup
          2013-06-03 21:57:27 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
          2013-05-30 20:28:43 -------- d-----w- c:\program files\AVAST Software
          2013-05-30 20:26:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
          .
          ==================== Find3M ====================
          .
          2013-05-30 21:19:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
          2013-05-30 21:19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
          2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
          2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
          2013-04-16 22:26:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
          2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
          2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
          .
          ============= FINISH: 19:10:02,26 ===============

          Comment


          • #6
            Ik merk dat je Combofix reeds gebruikt hebt?
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              Klopt, let wel: die heb ik gebruikt voor deze hulp. Op wat kleine dingen na, gaat het al beter. Ik had een supertrage internetverbinding. Downloadsnelheid van 30 kb/sec. Dit probleem la bij de provider is inmiddels gestegen naar 400k draadloos volgens speedtest. Nog niet wat het moet zijn (ik heb de 160 mb van ziggo) maar goed het is werkbaar. Aan je reactie te zien zijn er geen grote problemen gevonden. Rest mij nog 1 vraag. Volgens die scans heb ik AVG, AVAST en Athenium (of zoiets) op mij systeem staan. Echter kan Revo uninstallers, windows uninstaller of die van Obit ze niet vinden. Kom er toch telkens bestanden van tegen. Ook staan er overal mappen van programmas die ik al lang niet meer gebruik. Is hier een snelle manier voor om ze weg te krijgen of moet ik deze vraag weer verplaatsen naar algemene pc problemen?

              Alvast dank!

              Comment


              • #8
                Uit je posting maak ik uit dat IOBit nog steeds op je pc staat?
                Ik had graag gezien dat je mijn instructies volgt.

                Oorspronkelijk geplaatst door Emphyrio Bekijk Berichten
                verwijder volgende tools van je pc:
                • Advanced SystemCare 6 (IOBit)
                • Java(TM) 6 Update 32
                • Java(TM) 7 Update 5
                • Adobe Reader 10.1.4

                PC herstarten daarna.
                Post een verse DDS log.


                Waarom zou jij je Anitvirus en Firewall (AVG) willen verwijderen?
                AVAST en Athenium mogen iddd verwijderdt worden. Dat gaan we hierna ook doen.


                Ga naar start > uitvoeren en kopieer en plak volgende command in het veld:

                ComboFix /Uninstall

                Zorg ervoor dat er dus een spatie is tussen Combofix en /
                Daarna klik je op Enter.


                Klik op de afbeelding om te vergroten....

                • Download PC Info naar je bureaublad.
                • Unzip en klik op SetupPC Info.
                • Doorloop het installatieproces.

                .
                Dubbelklik op PC Info.
                De scanning wordt nu ingezet...
                Na de scanning selecteer je de tab: Logs
                Vervolgens check je uitsluitend deze items:
                .
                • Software
                • Hardware
                • Software Installed List
                • Startup List
                • Running Processes
                • Expert Mode
                • Registry Scan
                • Services

                .
                Klik nu op 'Create a log' kopieer en plak deze in je volgende posting.
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Ik wil ze niet persé verwijderen, maar ik heb liever dat ik weet wat ik heb draaien. IObit is niet aan te raden? Heb deze met Revo verwijderd, incl grondige verwijdering. Deze laptop is maar een oud beestje, kan er niet een al te zware antivirus op hebben dan wordt het onwerkbaar. Daarbij ga ik uiterst voorzichtig om met mijn handelingen online om potentiele infecties te vermijden. Hieronder pc info log, dank voor je snelle reacties.

                  PC Info vs 2.0.1.5 © 2011-2013 Onsia Patrick (Emphyrio)
                  9-6-2013 10:42:02
                  Boot Status: Normal boot

                  ==================== OS INFO ====================================

                  OS version : Windows XP
                  Edition : Professional
                  Service Pack : 3
                  Build version : 5.1.2600.196608
                  Windows OS Bits : 32 *

                  Update detected : 2013-06-09 06:59:13
                  Update downloaded : 2013-05-15 07:48:14
                  Update installed : 2013-05-16 07:10:13

                  ==================== GENERAL INFO ===============================

                  Windows Directory : C:\WINDOWS
                  User Profile : C:\Documents and Settings\Tini
                  Java Version : N/A
                  Antivirus : AVG Internet Security 2012 2012.0 [Enabled]
                  Anti Spam : n/a
                  Firewall : AVG Internet Security 2012 2012.0 [Running]

                  ==================== HARDWARE ===================================

                  GenuineIntel x86 Family 6 Model 15 Stepping 10
                  Intel(R) Celeron(R) M CPU 530 @ 1.73GHz

                  Mainboard : Hewlett-Packard

                  Model : HP Compaq 6720s

                  Bios Version : 68MDU Ver. F.09 (Hewlett-Packard)

                  RAM Present : 1015 MB / 1 GB
                  RAM Free : 399 Mb ( 39 % Free )

                  Videocard : Mobile Intel(R) 965 Express Chipset Family
                  Memory : 384Mb
                  Driver version : 6.14.10.4873

                  ==================== APP LIST ===================================

                  C:\ Fixed - - NTFS - 111 Gb (Free : 88746 Mb / 86 Gb )

                  ==================== INSTALLED SOFTWARE LIST ====================


                  Acrobat.com 1.6.65
                  Adobe AIR 2.5.1.17730
                  Adobe Flash Player 11 ActiveX 11.7.700.202
                  Adobe Flash Player 11 Plugin 11.7.700.202
                  Agere Systems HDA Modem
                  AVSDK5 5.2.9
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2544521) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2675157) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2699988) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2722913) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2744842) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2761465) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2792100) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2797052) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2799329) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2809289) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2817183) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2829530) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB2847204) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332) 1
                  Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381) 1
                  Beveiligingsupdate voor Windows XP (KB2655992) 1
                  Beveiligingsupdate voor Windows XP (KB2691442) 1
                  Beveiligingsupdate voor Windows XP (KB2698365) 1
                  Beveiligingsupdate voor Windows XP (KB2705219) 1
                  Beveiligingsupdate voor Windows XP (KB2712808) 1
                  Beveiligingsupdate voor Windows XP (KB2718523) 1
                  Beveiligingsupdate voor Windows XP (KB2719985) 1
                  Beveiligingsupdate voor Windows XP (KB2723135) 1
                  Beveiligingsupdate voor Windows XP (KB2724197) 1
                  Beveiligingsupdate voor Windows XP (KB2727528) 1
                  Beveiligingsupdate voor Windows XP (KB2731847) 1
                  Beveiligingsupdate voor Windows XP (KB2753842-v2) 2
                  Beveiligingsupdate voor Windows XP (KB2753842) 1
                  Beveiligingsupdate voor Windows XP (KB2758857) 1
                  Beveiligingsupdate voor Windows XP (KB2761226) 1
                  Beveiligingsupdate voor Windows XP (KB2770660) 1
                  Beveiligingsupdate voor Windows XP (KB2779030) 1
                  Broadcom 802.11 WLAN-adapter 4.170.25.12
                  Canon MP210 series
                  Canon My Printer
                  Catan Online World 3.926
                  CCleaner 4.02
                  Cheat Engine 6.2
                  Digital Photo Resizer
                  DivX Setup 2.6.1.8
                  Facebook Video Calling 1.2.0.287 1.2.287
                  Google Chrome 27.0.1453.110
                  Google Drive 1.9.4536.8202
                  Google Earth Plug-in 7.0.3.8542
                  Google Toolbar for Internet Explorer 1.0.0
                  Google Toolbar for Internet Explorer 7.4.3607.2246
                  Google Update Helper 1.3.21.145
                  HiJackThis 1.0.0
                  HijackThis 1.99.1 1.99.1
                  Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) 1
                  Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) 1
                  Hotfix for Windows XP (KB954550-v5) 5
                  Hotfix for Windows XP (KB976002-v5) 5
                  Hotfix voor Windows XP (KB2756822) 1
                  Hotfix voor Windows XP (KB2779562) 1
                  HP ProtectTools Security Manager 3.00 A10
                  HP Quick Launch Buttons 6.40 B2 6.40 B2
                  Intel(R) Graphics Media Accelerator Driver
                  Intel(R) PRO Network Connections Drivers
                  IrfanView (remove only)
                  JavaFX 2.1.1 2.1.1
                  JPG to PDF Converter 1.0 1.0
                  Malwarebytes Anti-Malware versie 1.75.0.1300 1.75.0.1300
                  Microsoft .NET Framework 2.0 Service Pack 2 2.2.30729
                  Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD 2.2.30729
                  Microsoft .NET Framework 3.0 Service Pack 2 3.2.30729
                  Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD 3.2.30729
                  Microsoft .NET Framework 3.5 Language Pack SP1 - nld 3.5.30729
                  Microsoft .NET Framework 3.5 SP1
                  Microsoft .NET Framework 3.5 SP1 3.5.30729
                  Microsoft Antimalware Service NL-NL Language Pack 3.0.8402.2
                  Microsoft Application Error Reporting 12.0.6012.5000
                  Microsoft Choice Guard 2.0.48.0
                  Microsoft Compression Client Pack 1.0 for Windows XP 1
                  Microsoft Internationalized Domain Names Mitigation APIs
                  Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
                  Microsoft National Language Support Downlevel APIs
                  Microsoft Security Client NL-NL Language Pack 2.1.1116.0
                  Microsoft Silverlight 5.1.20125.0
                  Microsoft User-Mode Driver Framework Feature Pack 1.0
                  Microsoft Visual C++ 2005 Redistributable 8.0.56336
                  Microsoft Visual C++ 2005 Redistributable 8.0.61001
                  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 9.0.30729
                  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148
                  Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 9.0.30729.6161
                  Mozilla Firefox 21.0 (x86 nl) 21.0
                  Mozilla Maintenance Service 21.0
                  MSVCRT 14.0.1468.721
                  MSXML 6 Service Pack 2 (KB973686) 6.20.2003.0
                  MWSnap 3 3.0.0.74
                  OpenOffice.org 3.1 3.1.9420
                  Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
                  PC Info 2.0.15
                  PDF Creator Plus 5.0 5.0.000
                  Perfect Uninstaller v6.3.3.9
                  PowerDVD
                  Revo Uninstaller Pro 3.0.5 3.0.5
                  Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) 1
                  Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) 1
                  Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) 1
                  Segoe UI 14.0.4327.805
                  SelectionLinks 1.0
                  Skype™ 6.3 6.3.107
                  SoundMAX 5.10.01.5220
                  Synaptics Pointing Device Driver 9.1.11.3
                  System Requirements Lab for Intel 4.5.5.0
                  Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
                  TechPowerUp GPU-Z
                  Update for Microsoft .NET Framework 3.5 SP1 (KB963707) 1
                  Update voor Windows Internet Explorer 8 (KB2598845) 1
                  Update voor Windows Internet Explorer 8 (KB2632503) 1
                  Update voor Windows Internet Explorer 8 (KB976662) 1
                  Update voor Windows XP (KB2661254-v2) 2
                  Update voor Windows XP (KB2718704) 1
                  Update voor Windows XP (KB2736233) 1
                  Update voor Windows XP (KB2749655) 1
                  VC80CRTRedist - 8.0.50727.6195 1.2.0
                  VLC media player 1.0.5 1.0.5
                  VobSub v2.23 (Remove Only)
                  WebFldrs XP 9.50.7523
                  Windows Genuine Advantage Notifications (KB905474) 1.9.0040.0
                  Windows Imaging Component 3.0.0.0
                  Windows Installer Clean Up 3.00.00.0000
                  Windows Internet Explorer 7 20070813.185237
                  Windows Internet Explorer 8 20090308.140743
                  Windows Live - Hulpprogramma voor uploaden 14.0.8014.1029
                  Windows Live aanmeldhulp 5.000.818.5
                  Windows Live Call 14.0.8117.0416
                  Windows Live Communications Platform 14.0.8117.416
                  Windows Live Essentials 14.0.8117.0416
                  Windows Live Essentials 14.0.8117.416
                  Windows Live Messenger 14.0.8117.0416
                  Windows Live OneCare safety scanner
                  Windows Management Framework Core
                  Windows Media Format 11 runtime
                  Windows Media Player 11
                  Windows Media Player Firefox Plugin 1.0.0.8
                  Windows XP Service Pack 3 20080414.175804
                  WinRAR
                  XML Paper Specification Shared Components Language Pack 1.0

                  ==================== STARTUP LIST Enabled========================

                  ------- Local [HKLM] Tini------------

                  Persistence : C:\WINDOWS\system32\igfxpers.exe
                  Broadcom Wireless Manager UI : C:\WINDOWS\system32\WLTRAY.exe
                  SynTPEnh : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  IgfxTray : C:\WINDOWS\system32\igfxtray.exe
                  HotKeysCmds : C:\WINDOWS\system32\hkcmd.exe

                  ------- Current User [HKCU] Tini------------



                  ==================== RUNNING PROCESSES ==========================

                  WinRAR ID = 2676 Path: C:\Program Files\WinRAR\WinRAR.exe
                  svchost ID = 600 Path: C:\WINDOWS\system32\svchost.exe
                  services ID = 972 Path: C:\WINDOWS\system32\services.exe
                  wmiprvse ID = 3552 Path: C:\WINDOWS\system32\wbem\wmiprvse.exe
                  GoogleCrashHandler ID = 248 Path: C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
                  chrome ID = 1796 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
                  spoolsv ID = 1672 Path: C:\WINDOWS\system32\spoolsv.exe
                  svchost ID = 1136 Path: C:\WINDOWS\system32\svchost.exe
                  svchost ID = 1312 Path: C:\WINDOWS\system32\svchost.exe
                  svchost ID = 1400 Path: C:\WINDOWS\system32\svchost.exe
                  WLTRAY ID = 1528 Path: C:\WINDOWS\system32\WLTRAY.exe
                  igfxsrvc ID = 2560 Path: C:\WINDOWS\system32\igfxsrvc.exe
                  scardsvr ID = 1840 Path: C:\WINDOWS\System32\SCardSvr.exe
                  svchost ID = 1216 Path: C:\WINDOWS\system32\svchost.exe
                  SynTPEnh ID = 1476 Path: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                  PC Info ID = 2804 Path: C:\Program Files\E Dev\PC Info\PC Info.exe
                  chrome ID = 3960 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
                  svchost ID = 2024 Path: C:\WINDOWS\system32\svchost.exe
                  chrome ID = 2884 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
                  winlogon ID = 928 Path: C:\WINDOWS\system32\winlogon.exe
                  chrome ID = 3464 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
                  alg ID = 1816 Path: C:\WINDOWS\System32\alg.exe
                  chrome ID = 3684 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
                  vseamps ID = 300 Path: C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
                  smss ID = 832 Path: C:\WINDOWS\system32\smss.exe
                  BCMWLTRY ID = 1632 Path: C:\WINDOWS\System32\bcmwltry.exe
                  chrome ID = 3500 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
                  WLTRYSVC ID = 1620 Path: C:\WINDOWS\System32\WLTRYSVC.EXE
                  chrome ID = 3932 Path: C:\Program Files\Google\Chrome\Application\chrome.exe
                  agrsmsvc ID = 1884 Path: C:\WINDOWS\system32\agrsmsvc.exe
                  csrss ID = 904 Path: C:\WINDOWS\system32\csrss.exe
                  vseqrts ID = 356 Path: C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
                  explorer ID = 1432 Path: C:\WINDOWS\Explorer.EXE
                  msiexec ID = 1520 Path: C:\WINDOWS\system32\msiexec.exe
                  svchost ID = 1252 Path: C:\WINDOWS\System32\svchost.exe
                  lsass ID = 984 Path: C:\WINDOWS\system32\lsass.exe

                  ==================== REG SCAN ===================================

                  Empthy keys and/or values aren't logged !


                  ==================== SESSION MANAGER ============================

                  HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
                  BootExecute = autocheck autochk *


                  ==================== WINLOGON ===================================

                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

                  Userinit = C:\WINDOWS\system32\userinit.exe,
                  Shell = Explorer.exe


                  ==================== ShellServiceObjectDelayLoad ================

                  HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

                  CDBurn = {fbeb8a05-beee-4442-804e-409d6c4515e9}
                  PostBootReminder = {7849596a-48ea-486e-8937-a2a3009f31a9}
                  SysTray = {35CEC8A3-2BE6-11D2-8773-92E220524153}
                  WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
                  WPDShServiceObj = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
                  File in HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32\ = C:\WINDOWS\system32\webcheck.dll


                  ==================== Shell Extensions\Approved ==================

                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

                  {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = WebCheck
                  {08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
                  File in HKCR\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}\InProcServer32\ = C:\WINDOWS\system32\webcheck.dll


                  ==================== Shell Extensions\Approved WOW 6432 =========

                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\


                  ==================== SharedTaskScheduler ========================

                  HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

                  {8C7461EF-2B13-11d2-BE35-3078302C2030} = Cache-daemon voor onderdeelcategorieën

                  File in HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32\ = C:\WINDOWS\system32\browseui.dll


                  ==================== RUN KEYS====================================

                  HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                  HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
                  HKCU\Software\Microsoft\Windows\CurrentVersion\Run

                  HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
                  HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
                  HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
                  HKLM\Software\Microsoft\Windows\CurrentVersion\Run

                  Broadcom Wireless Manager UI = C:\WINDOWS\system32\WLTRAY.exe
                  HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
                  IgfxTray = C:\WINDOWS\system32\igfxtray.exe
                  Persistence = C:\WINDOWS\system32\igfxpers.exe
                  SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
                  HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce


                  ==================== vVv Krepper Trojan Pointers vVv ============

                  HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run


                  ==================== RUN SERVICES ===============================

                  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
                  HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
                  HKU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
                  HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

                  CTFMON.EXE = C:\WINDOWS\system32\CTFMON.EXE
                  DWQueuedReporting = "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -tHKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
                  HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


                  ==================== Shell Folder ===============================

                  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
                  Startup = C:\Documents and Settings\Tini\Menu Start\Programma's\Opstarten

                  HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run


                  ==================== DLL Loaded =================================

                  HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows

                  RequireSignedAppInit_DLLs = 0x00000001
                  ( 0x0 – Load any DLLs. 0x1 – Load only code-signed DLLs.)

                  -------------- NOTIFY (HKLM)--------------

                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy
                  DllName = C:\WINDOWS\System32\dimsntfy.dll
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
                  DllName = igfxdev.dll
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
                  DllName = sclgntfy.dll
                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
                  DllName = WgaLogon.dll


                  HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load



                  ==================== ShellExecuteHooks ==========================

                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks



                  ==================== Command Processor ==========================

                  HKLM\Software\Microsoft\Command Processor
                  HKCU\Software\Microsoft\Command Processor


                  ==================== BROWSER HELPER OBJECTS =====================

                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

                  {AA58ED58-01DD-4d91-8333-CF10577473F7} = Google Toolbar Helper
                  File in HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\InProcServer32\
                  = C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
                  --------------------------------------------------------------------
                  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} = Google Toolbar Notifier BHO
                  AppID = {96FBC13C-8214-4100-88E0-FF74D7A1CB4D}
                  File in HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InProcServer32\
                  = C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
                  --------------------------------------------------------------------

                  ==================== BHO - CLSID Wow6432Node ====================

                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects

                  # Not exist #


                  ==================== TOOLBAR ====================================

                  HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

                  # Not exist #


                  ==================== TOOLBAR - Wow6432Node ======================

                  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar

                  # Not exist #


                  ==================== URL SEARCH HOOKS ===========================

                  HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks

                  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks

                  HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks


                  ==================== SAFE BOOT ==================================

                  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

                  AlternateShell = cmd.exe
                  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

                  {533C5B84-EC70-11D2-9505-00C04F79DEAF}
                  = Volume shadow copy{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}{D48179BE-EC20-11D1-B6B8-00C04FA372A7}{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}

                  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network

                  {50DD5230-BA8A-11D1-BF5D-0000F805F530}{533C5B84-EC70-11D2-9505-00C04F79DEAF}{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}{D48179BE-EC20-11D1-B6B8-00C04FA372A7}{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}DnsCache
                  = ServiceWudfPfWudfRdWudfSvcWudfUsbccidDriver

                  ==================== DESKTOP ====================================

                  HKCU\Control Panel\Desktop

                  ScreenSaveActive = 0
                  HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE

                  ==================== SECURITYPROVIDERS ==========================

                  HKLM\system\currentcontrolset\control\securityproviders

                  SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
                  File in C:\WINDOWS\System32\credssp.dll 12800 bytes [ 14-4-2008 19:02:23 ]

                  ==================== SERVICES ===================================

                  Service without a value in ImagePath or 'svchost.exe -k' aren't logged !

                  HKLM\SYSTEM\CurrentControlSet\Services

                  *** Win32OwnProcess ***

                  S3 - AdobeFlashPlayerUpdateSvc - Adobe Flash Player Update Service - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
                  R2 - AgereModemAudio - Agere Modem Call Progress Audio - C:\WINDOWS\system32\agrsmsvc.exe
                  R3 - ALG - Application Layer Gateway-service - C:\WINDOWS\System32\alg.exe
                  S3 - aspnet_state - ASP.NET-statusservice - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
                  S3 - ClipSrv - ClipBook - C:\WINDOWS\system32\clipsrv.exe
                  S3 - clr_optimization_v2.0.50727_32 - .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
                  S3 - COMSysApp - COM+-systeemtoepassing - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
                  S2 - gupdate - Google Updateservice (gupdate) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
                  S3 - gupdatem - Google Update-service (gupdatem) - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc
                  S3 - gusvc - Google Software Updater - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
                  S3 - hpqwmiex - hpqwmiex - "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"
                  S3 - ImapiService - COM-service voor IMAPI cd-branders - C:\WINDOWS\system32\imapi.exe
                  S3 - MozillaMaintenance - Mozilla Maintenance Service - "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe"
                  S3 - MSDTC - Distributed Transaction Coordinator - C:\WINDOWS\system32\msdtc.exe
                  S4 - RDSessMgr - Helpsessiebeheer voor Extern bureaublad - C:\WINDOWS\system32\sessmgr.exe
                  S3 - RpcLocator - Remote Procedure Call (RPC) Locator - C:\WINDOWS\system32\locator.exe
                  S4 - RSVP - QoS RSVP - C:\WINDOWS\system32\rsvp.exe
                  S2 - SkypeUpdate - Skype Updater - "C:\Program Files\Skype\Updater\Updater.exe"
                  S3 - SwPrv - MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe /Processid:{1F8B584F-F9D3-4F33-B616-C9850F219087}
                  S3 - SysmonLog - Performance Logs and Alerts - C:\WINDOWS\system32\smlogsvc.exe
                  S3 - TlntSvr - Telnet - C:\WINDOWS\system32\tlntsvr.exe
                  S3 - UPS - Uninterruptible Power Supply - C:\WINDOWS\System32\ups.exe
                  R3 - vseamps - vseamps - "C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe"
                  R3 - vsedsps - vsedsps - "C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe"
                  R2 - vseqrts - vseqrts - "C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe"
                  S3 - VSS - Volume Shadow Copy - C:\WINDOWS\System32\vssvc.exe
                  S3 - WmiApSrv - WMI-prestatieadapter - C:\WINDOWS\system32\wbem\wmiapsrv.exe
                  S3 - WMPNetworkSvc - Windows Media Player Network Sharing-service - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

                  *** Win32ShareProcess ***

                  S3 - dmadmin - Logical Disk Manager Administrative-service - C:\WINDOWS\System32\dmadmin.exe /com
                  R2 - Eventlog - Event Log - C:\WINDOWS\system32\services.exe
                  S3 - idsvc - Windows CardSpace - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
                  R3 - MSIServer - Windows Installer - C:\WINDOWS\system32\msiexec.exe /V
                  S4 - NetDDE - Network DDE - C:\WINDOWS\system32\netdde.exe
                  S4 - NetDDEdsdm - Network DDE DSDM - C:\WINDOWS\system32\netdde.exe
                  S4 - Netlogon - Net Logon - C:\WINDOWS\system32\lsass.exe
                  S4 - NetTcpPortSharing - Net.Tcp Port Sharing Service - "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
                  S3 - NtLmSsp - NT LM Security Support Provider - C:\WINDOWS\system32\lsass.exe
                  R2 - PlugPlay - Plug and Play - C:\WINDOWS\system32\services.exe
                  R2 - PolicyAgent - IPSEC-services - C:\WINDOWS\system32\lsass.exe
                  R2 - SamSs - Security Accounts Manager - C:\WINDOWS\system32\lsass.exe
                  R2 - SCardSvr - Smart Card - C:\WINDOWS\System32\SCardSvr.exe

                  *** Other ***

                  S3 - CiSvc - Indexing-service - C:\WINDOWS\system32\cisvc.exe
                  R0 - FltMgr - FltMgr - \SystemRoot\system32\drivers\fltmgr.sys
                  R1 - HMFAxCore23f14cc2704814471a284145846ada24 - HMFAxCore23f14cc2704814471a284145846ada24 - HMFAxCore23f14cc2704814471a284145846ada24.sys
                  S4 - mnmsrvc - Delen van Extern bureaublad met NetMeeting - C:\WINDOWS\system32\mnmsrvc.exe
                  S3 - MRxDAV - WebDav-client-redirector - system32\DRIVERS\mrxdav.sys
                  R1 - MRxSmb - MRxSmb - system32\DRIVERS\mrxsmb.sys
                  R1 - NetBIOS - NetBIOS-interface - system32\DRIVERS\netbios.sys
                  R2 - ProtectedStorage - Protected Storage - C:\WINDOWS\system32\lsass.exe
                  R1 - Rdbss - Rdbss - system32\DRIVERS\rdbss.sys
                  S3 - Revoflt - Revoflt - system32\DRIVERS\revoflt.sys
                  R2 - Spooler - Print Spooler - C:\WINDOWS\system32\spoolsv.exe
                  R4 - sr - Stuurprogramma voor systeemherstelfilter - \SystemRoot\system32\DRIVERS\sr.sys
                  S3 - Srv - Srv - system32\DRIVERS\srv.sys
                  R2 - wltrysvc - Broadcom Wireless LAN Tray Service - C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe


                  ==================== WOW-CMDLINE ================================

                  HKLM\SYSTEM\CurrentControlSet\Control\WOW
                  cmdline = C:\WINDOWS\system32\ntvdm.exe
                  wowcmdline = C:\WINDOWS\system32\ntvdm.exe -a C:\WINDOWS\system32\krnl386

                  ==================== SVCHOST (White Listed) ==================

                  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

                  WINRM => WINRM
                  SYSTEM\CurrentControlSet\Services\WINRM\Parameters
                  ServiceDll = C:\WINDOWS\system32\WsmSvc.dll


                  ==================== INTERFACES =================================

                  HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces

                  {54F8173A-2AB3-46BE-BFDE-35E9ADE8E062}
                  ====================*============================================

                  {67D2E3D8-9709-41D8-A684-11F94CC0B65B}
                  ====================*============================================

                  {A2A7DD0C-0C49-4200-8E27-6667746948FE}
                  ====================*============================================

                  {ACBDC1A9-91EF-4AAB-9CE8-F518D2BA9633}
                  ====================*============================================

                  {EFB3A29E-2103-40FC-9F4D-1A8F0ED4F6A5}
                  ====================*============================================


                  ==================== SEARCHSCOPES ===============================

                  HKCU\Software\Microsoft\Internet Explorer\SearchScopes

                  DefaultScope :

                  {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                  URL : http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
                  ====================*============================================

                  {31DB4886-7A53-4BEC-ADDA-04A8294B65AA}
                  URL : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7ADFA_nlNL487
                  ====================*============================================

                  {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
                  URL : http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
                  ====================*============================================

                  {B8CEC1DD-F6CE-41DA-A7E5-EE8FD65CE9EE}
                  URL : http://searchya.com/?chnl=dcom-100&s=1&cr=914423506&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDtC&q={searchTerms}
                  ====================*============================================


                  HKLM\Software\Microsoft\Internet Explorer\SearchScopes

                  DefaultScope :

                  {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
                  URL : http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
                  --------------------------------------------------------------------
                  {31DB4886-7A53-4BEC-ADDA-04A8294B65AA}
                  URL : http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7
                  --------------------------------------------------------------------


                  ==================== Job files ==================================

                  There are no .job files found.
                  =================================================================

                  Log finished at 9-6-2013 10:42:09
                  Thanks for using PC Info...

                  ==================== END ========================================

                  Comment


                  • #10
                    IOBit is niet aan te raden.
                    Met AVG Internet Security 2012 heb je een actieve Antivirus én firewall in huis. Dat is goed.
                    Zonder AV en Firewall is het niet verantwoord om op het Web te gaan.

                    Ook betekend dit voor ons (de Helpers) een beetje dweilen met de kraan open dan.

                    Ik merk idd nog sporen van Authentium, we gaan deze direct verwijderen.

                    Eerst gaan we Combofix downloaden en runnen...


                    Download TFC en sla deze op je Bureaublad op.
                    • Dubbelklik op TFC.exe om het programma te openen.
                    • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
                    • Klik op de knop Start om het programma te starten.
                    • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
                      Als dit niet gebeurt, start dan je computer handmatig opnieuw op.


                    _____________________________________________________________

                    Download Combofix en plaats het op je bureaublad.

                    KLIK HIER voor een vergroting! 

                    Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                    Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


                    Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


                    Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                    Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                    Als Combofix vraagt om een update, dan staat je dit toe.

                    Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                    Deze kan je vinden als C:\combofix.txt.

                    Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                    Emphyrio
                    Last edited by Emphyrio; 09-06-13, 11:48.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      ComboFix 13-06-08.02 - Tini 09-06-2013 12:00:16.4.1 - x86
                      Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.730 [GMT 2:00]
                      Gestart vanuit: c:\documents and settings\Tini\Mijn documenten\Downloads\ComboFix.exe
                      AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
                      FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
                      .
                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))))
                      .
                      .
                      2013-06-09 08:40 . 2013-06-09 08:40 -------- d-----w- c:\program files\E Dev
                      2013-06-08 14:56 . 2013-06-08 14:56 -------- d--h--w- c:\windows\PIF
                      2013-06-08 14:47 . 2013-06-08 14:47 -------- d-----w- c:\documents and settings\Tini\Application Data\Malwarebytes
                      2013-06-08 14:47 . 2013-06-08 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
                      2013-06-08 14:47 . 2013-06-08 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                      2013-06-08 14:47 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                      2013-06-08 13:11 . 2013-06-08 13:11 388096 ----a-r- c:\documents and settings\Tini\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                      2013-06-06 18:41 . 2013-06-06 18:41 -------- d-----w- c:\program files\Perfect Uninstaller
                      2013-06-06 18:17 . 2013-06-08 15:46 -------- d--h--r- c:\documents and settings\Tini\Onlangs geopend
                      2013-06-06 18:01 . 2013-06-06 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
                      2013-06-03 21:57 . 2013-06-03 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
                      2013-05-30 20:28 . 2013-06-06 18:33 -------- d-----w- c:\program files\AVAST Software
                      2013-05-30 20:26 . 2013-06-06 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
                      .
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2013-05-30 21:19 . 2012-05-23 18:30 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                      2013-05-30 21:19 . 2011-08-13 18:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                      2013-04-16 22:26 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
                      2013-04-16 22:26 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
                      2013-04-16 22:26 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
                      2013-04-12 23:30 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
                      2013-04-12 14:01 . 2006-03-02 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                      REGEDIT4
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                      2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
                      2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                      2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
                      2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
                      @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
                      [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
                      2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
                      .
                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
                      "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-09 1839104]
                      "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
                      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
                      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
                      .
                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                      "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                      @="Driver"
                      .
                      [HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^CaptureWiz.lnk]
                      path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\CaptureWiz.lnk
                      backup=c:\windows\pss\CaptureWiz.lnkStartup
                      .
                      [HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^Dropbox.lnk]
                      path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\Dropbox.lnk
                      backup=c:\windows\pss\Dropbox.lnkStartup
                      .
                      [HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^OpenOffice.org 3.1 .lnk]
                      path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk
                      backup=c:\windows\pss\OpenOffice.org 3.1 .lnkStartup
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
                      2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
                      2013-01-29 17:22 138096 ----atw- c:\documents and settings\Tini\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_419160B8BAE8A281612C898CF12F9EE3]
                      2013-05-29 05:27 825808 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCACheck]
                      2012-10-11 15:01 36336 ----a-w- c:\program files\Common Files\WinOfficeca\OCACheck.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeCyberAlert]
                      2012-10-13 14:09 1687024 ----a-w- c:\program files\Common Files\WinOfficeca\Sysmsgr.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
                      2007-01-09 14:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
                      2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
                      2012-11-20 21:43 136336 ----atw- c:\documents and settings\Tini\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
                      2013-05-08 16:27 18680424 ----a-r- c:\program files\Skype\Phone\Skype.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
                      2006-07-13 06:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
                      2007-01-05 15:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
                      2012-06-29 20:05 4011184 ----a-w- c:\documents and settings\Tini\Application Data\Spotify\spotify.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                      2012-06-06 18:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "c:\\Program Files\\Messenger\\msmsgs.exe"=
                      "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
                      "c:\\Documents and Settings\\Tini\\Application Data\\Spotify\\spotify.exe"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      "c:\\Documents and Settings\\Tini\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
                      "c:\\Documents and Settings\\Tini\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
                      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                      "5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
                      .
                      R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [10-1-2013 19:32 13560]
                      R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
                      S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
                      S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
                      S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1-3-2013 12:11 161384]
                      S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [8-4-2010 16:46 154152]
                      S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2-6-2011 11:08 11336]
                      S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
                      S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [9-8-2012 13:06 21888]
                      S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [10-1-2013 21:50 33616]
                      S3 GPU-Z;GPU-Z;\??\c:\docume~1\Tini\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Tini\LOCALS~1\Temp\GPU-Z.sys [?]
                      S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23-5-2012 20:37 27064]
                      S3 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [8-4-2010 16:46 117288]
                      S3 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [8-4-2010 16:46 117288]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                      2013-06-07 08:57 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      .
                      2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
                      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 21:19]
                      .
                      2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1563985344-2147246695-1003Core.job
                      - c:\documents and settings\Tini\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-29 17:22]
                      .
                      2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4a74390bd8a4.job
                      - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 21:40]
                      .
                      2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                      - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 21:40]
                      .
                      2013-06-06 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-682003330-1563985344-2147246695-1003Core.job
                      - c:\documents and settings\Tini\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-11-20 21:43]
                      .
                      2013-06-08 c:\windows\Tasks\User_Feed_Synchronization-{09D0AA6A-F6D7-42E5-A0C5-5E327A8C3CF7}.job
                      - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
                      .
                      .
                      ------- Bijkomende Scan -------
                      .
                      uStart Page = hxxp://www.google.com/
                      uInternet Settings,ProxyOverride = *.local
                      TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                      DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
                      DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                      FF - ProfilePath - c:\documents and settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\
                      FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\extensions\[email protected]
                      .
                      - - - - ORPHANS VERWIJDERD - - - -
                      .
                      MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
                      MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
                      .
                      .
                      .
                      **************************************************************************
                      .
                      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2013-06-09 12:06
                      Windows 5.1.2600 Service Pack 3 NTFS
                      .
                      scannen van verborgen processen ...
                      .
                      scannen van verborgen autostart items ...
                      .
                      scannen van verborgen bestanden ...
                      .
                      Scan succesvol afgerond
                      verborgen bestanden: 0
                      .
                      **************************************************************************
                      .
                      --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="FlashBroker"
                      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe ,-101"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                      "Enabled"=dword:00000001
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="IFlashBroker5"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                      @="{00020424-0000-0000-C000-000000000046}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      "Version"="1.0"
                      .
                      --------------------- DLLs Geladen Onder Lopende Processen ---------------------
                      .
                      - - - - - - - > 'explorer.exe'(2716)
                      c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                      c:\program files\Google\Drive\googledrivesync32.dll
                      c:\windows\system32\webcheck.dll
                      c:\windows\system32\WPDShServiceObj.dll
                      c:\windows\system32\PortableDeviceTypes.dll
                      c:\windows\system32\PortableDeviceApi.dll
                      .
                      Voltooingstijd: 2013-06-09 12:08:04
                      ComboFix-quarantined-files.txt 2013-06-09 10:07
                      ComboFix2.txt 2013-06-06 19:18
                      .
                      Pre-Run: 93.234.184.192 bytes beschikbaar
                      Post-Run: 93.224.947.712 bytes beschikbaar
                      .
                      - - End Of File - - 2176E3230AE84930B8C003F8C75BDA04
                      3051207086651214E435112E51817DC5


                      dds komt eraan

                      Comment


                      • #12
                        DDS (Ver_2012-11-20.01) - NTFS_x86
                        Internet Explorer: 8.0.6001.18702
                        Run by Tini at 12:09:51 on 2013-06-09
                        Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.572 [GMT 2:00]
                        .
                        AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
                        FW: AVG Internet Security 2012 *Enabled*
                        .
                        ============== Running Processes ================
                        .
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\WINDOWS\System32\SCardSvr.exe
                        C:\WINDOWS\System32\alg.exe
                        C:\WINDOWS\explorer.exe
                        C:\WINDOWS\system32\notepad.exe
                        C:\WINDOWS\system32\wbem\wmiprvse.exe
                        C:\WINDOWS\system32\svchost.exe -k DcomLaunch
                        C:\WINDOWS\system32\svchost.exe -k rpcss
                        C:\WINDOWS\System32\svchost.exe -k netsvcs
                        C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
                        C:\WINDOWS\system32\svchost.exe -k NetworkService
                        C:\WINDOWS\system32\svchost.exe -k imgsvc
                        C:\WINDOWS\system32\svchost.exe -k LocalService
                        C:\WINDOWS\System32\svchost.exe -k netsvcs
                        .
                        ============== Pseudo HJT Report ===============
                        .
                        uStart Page = hxxp://www.google.com/
                        BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
                        BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
                        BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
                        mRun: [Persistence] c:\windows\system32\igfxpers.exe
                        mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
                        mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
                        mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
                        mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
                        dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                        dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
                        uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                        uPolicies-Explorer: NoDriveAutoRun = dword:67108863
                        uPolicies-Explorer: NoDrives = dword:0
                        mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                        mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                        mPolicies-Explorer: NoDrives = dword:0
                        mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
                        mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                        mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                        IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
                        IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                        IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                        .
                        INFO: HKCU has more than 50 listed domains.
                        If you wish to scan all of them, select the 'Force scan all domains' option.
                        .
                        DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
                        DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
                        DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
                        DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                        DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
                        DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                        DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                        DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                        DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
                        DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
                        DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
                        DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                        TCP: NameServer = 212.54.40.25 212.54.35.25
                        TCP: Interfaces\{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062} : DHCPNameServer = 212.54.40.25 212.54.35.25
                        Handler: livecall - <Clsid value has no data>
                        Handler: msnim - <Clsid value has no data>
                        Handler: skype-ie-addon-data - <Clsid value has no data>
                        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
                        Notify: igfxcui - igfxdev.dll
                        SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
                        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                        .
                        ================= FIREFOX ===================
                        .
                        FF - ProfilePath - c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\
                        FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\extensions\[email protected]
                        .
                        ============= SERVICES / DRIVERS ===============
                        .
                        R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-10 13560]
                        R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
                        S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
                        S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
                        S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
                        S2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-4-8 154152]
                        S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
                        S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
                        S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2012-8-9 21888]
                        S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-1-10 33616]
                        S3 GPU-Z;GPU-Z;\??\c:\docume~1\tini\locals~1\temp\gpu-z.sys --> c:\docume~1\tini\locals~1\temp\GPU-Z.sys [?]
                        S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-23 27064]
                        S3 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-4-8 117288]
                        S3 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-4-8 117288]
                        S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
                        .
                        =============== Created Last 30 ================
                        .
                        2013-06-09 09:58:26 98816 ----a-w- c:\windows\sed.exe
                        2013-06-09 09:58:26 256000 ----a-w- c:\windows\PEV.exe
                        2013-06-09 09:58:26 208896 ----a-w- c:\windows\MBR.exe
                        2013-06-09 08:40:33 -------- d-----w- c:\program files\E Dev
                        2013-06-08 14:56:22 -------- d--h--w- c:\windows\PIF
                        2013-06-08 14:47:15 -------- d-----w- c:\documents and settings\tini\application data\Malwarebytes
                        2013-06-08 14:47:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
                        2013-06-08 14:47:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                        2013-06-08 14:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                        2013-06-08 13:11:45 388096 ----a-r- c:\documents and settings\tini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
                        2013-06-06 18:41:45 -------- d-----w- c:\program files\Perfect Uninstaller
                        2013-06-06 18:17:41 -------- d--h--r- c:\documents and settings\tini\Onlangs geopend
                        2013-06-06 18:01:14 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
                        2013-06-03 21:57:30 -------- d-----w- c:\documents and settings\all users\application data\BlueStacksSetup
                        2013-06-03 21:57:27 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
                        2013-05-30 20:28:43 -------- d-----w- c:\program files\AVAST Software
                        2013-05-30 20:26:46 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
                        .
                        ==================== Find3M ====================
                        .
                        2013-05-30 21:19:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                        2013-05-30 21:19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                        2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
                        2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
                        2013-04-16 22:26:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
                        2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
                        2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
                        .
                        ============= FINISH: 12:09:59,29 ===============

                        Comment


                        • #13
                          Je hebt Combofix niet op je bureaublad gedownload niettegenstaand dit duidelijk gevraagd geweest is.
                          Laat het nu maar staan waar het staat, maar ik heb graag dat je mijn instructies in het vervolg correct opvolgd.
                          Kwestie van calamiteiten te vermijden.


                          Schakel je beveiligingssoftware uit.

                          Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

                          Open een kladblokbestand.
                          Kopieer het onderstaande en plak dit in het kladblokbestand.
                          Sla het kladblokbestand op als CFScript.txt
                          Code:
                          KillAll::
                          ClearJavaCache::
                          AtJob::
                          DDS::
                          BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
                          Folder::
                          c:\program files\Common Files\Authentium
                          c:\program files\AVAST Software
                          c:\documents and settings\All Users\Application Data\AVAST Software
                          Driver::
                          vseqrts
                          vseamps
                          vsedsps
                          Registry::
                          [-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B8CEC1DD-F6CE-41DA-A7E5-EE8FD65CE9EE}]
                          Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



                          ComboFix zal opnieuw starten.
                          Als Combofix vraagt om een update, dan staat je dit toe.

                          Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.

                          Maak een nieuwe DDS log en post deze ook.
                          Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                          E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                          Comment


                          • #14
                            Dat deed ik niet met opzet. Ik weet niet hoe ik die AVG realscanner uitzet, want ik zie m nergens staan. Combifix wel laten lopen, hieronder de logs incl dds:

                            ComboFix 13-06-08.02 - Tini 09-06-2013 23:07:49.5.1 - x86
                            Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.704 [GMT 2:00]
                            Gestart vanuit: c:\documents and settings\Tini\Mijn documenten\Downloads\ComboFix.exe
                            gebruikte Opdracht switches :: c:\documents and settings\Tini\Bureaublad\CFScript.txt
                            AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
                            FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
                            .
                            .
                            (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            c:\documents and settings\All Users\Application Data\AVAST Software
                            c:\program files\AVAST Software
                            c:\program files\Common Files\Authentium
                            c:\program files\Common Files\Authentium\AntiVirus5\aicam.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\aidef.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\aiio.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\aimsg.msg
                            c:\program files\Common Files\Authentium\AntiVirus5\aiscan.exe
                            c:\program files\Common Files\Authentium\AntiVirus5\aise.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\aivse000.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\aivsec.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\aivsecon.def
                            c:\program files\Common Files\Authentium\AntiVirus5\ampmf\amp.cat
                            c:\program files\Common Files\Authentium\AntiVirus5\ampmf\amp.inf
                            c:\program files\Common Files\Authentium\AntiVirus5\ampmf\amp.sys
                            c:\program files\Common Files\Authentium\AntiVirus5\ampse\ampse.cat
                            c:\program files\Common Files\Authentium\AntiVirus5\ampse\ampse.inf
                            c:\program files\Common Files\Authentium\AntiVirus5\ampse\AMPSE.sys
                            c:\program files\Common Files\Authentium\AntiVirus5\AmpVseApi.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\antivir.def
                            c:\program files\Common Files\Authentium\AntiVirus5\antiviri.def
                            c:\program files\Common Files\Authentium\AntiVirus5\antivirv.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\DPInst.exe
                            c:\program files\Common Files\Authentium\AntiVirus5\vseampc.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe
                            c:\program files\Common Files\Authentium\AntiVirus5\vseapi.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\vsecapi.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\vsecdspc.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\vsecqrt.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\vsedspc.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe
                            c:\program files\Common Files\Authentium\AntiVirus5\vseqrt.dll
                            c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe
                            c:\program files\Common Files\Authentium\AntiVirus5\vsestmio.dll
                            .
                            .
                            ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            -------\Legacy_VSEAMPS
                            -------\Legacy_VSEDSPS
                            -------\Legacy_VSEQRTS
                            -------\Service_vseamps
                            -------\Service_vsedsps
                            -------\Service_vseqrts
                            .
                            .
                            (((((((((((((((((((( Bestanden Gemaakt van 2013-05-09 to 2013-06-09 ))))))))))))))))))))))))))))))
                            .
                            .
                            2013-06-09 08:40 . 2013-06-09 08:40 -------- d-----w- c:\program files\E Dev
                            2013-06-08 14:56 . 2013-06-08 14:56 -------- d--h--w- c:\windows\PIF
                            2013-06-08 14:47 . 2013-06-08 14:47 -------- d-----w- c:\documents and settings\Tini\Application Data\Malwarebytes
                            2013-06-08 14:47 . 2013-06-08 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
                            2013-06-08 14:47 . 2013-06-08 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                            2013-06-08 14:47 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                            2013-06-08 13:11 . 2013-06-08 13:11 388096 ----a-r- c:\documents and settings\Tini\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
                            2013-06-06 18:41 . 2013-06-06 18:41 -------- d-----w- c:\program files\Perfect Uninstaller
                            2013-06-06 18:17 . 2013-06-09 21:04 -------- d--h--r- c:\documents and settings\Tini\Onlangs geopend
                            2013-06-06 18:01 . 2013-06-06 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
                            2013-06-03 21:57 . 2013-06-03 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacks
                            .
                            .
                            .
                            ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            2013-05-30 21:19 . 2012-05-23 18:30 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                            2013-05-30 21:19 . 2011-08-13 18:31 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                            2013-04-16 22:26 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
                            2013-04-16 22:26 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
                            2013-04-16 22:26 . 2006-03-02 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
                            2013-04-12 23:30 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
                            2013-04-12 14:01 . 2006-03-02 12:00 1876480 ----a-w- c:\windows\system32\win32k.sys
                            .
                            .
                            ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                            .
                            .
                            *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                            REGEDIT4
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                            @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                            2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                            @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                            2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                            @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                            2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                            @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                            [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                            2012-06-30 04:19 94208 ----a-w- c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveBlacklistedOverlay]
                            @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
                            [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
                            2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSharedOverlay]
                            @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
                            [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
                            2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncedOverlay]
                            @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
                            [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
                            2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GD riveSyncingOverlay]
                            @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
                            [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
                            2013-04-16 14:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
                            .
                            [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                            "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-24 137752]
                            "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-09 1839104]
                            "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
                            "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-24 141848]
                            "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-24 166424]
                            .
                            [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                            "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                            "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
                            .
                            [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                            @="Driver"
                            .
                            [HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^CaptureWiz.lnk]
                            path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\CaptureWiz.lnk
                            backup=c:\windows\pss\CaptureWiz.lnkStartup
                            .
                            [HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^Dropbox.lnk]
                            path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\Dropbox.lnk
                            backup=c:\windows\pss\Dropbox.lnkStartup
                            .
                            [HKLM\~\startupfolder\C:^Documents and Settings^Tini^Menu Start^Programma's^Opstarten^OpenOffice.org 3.1 .lnk]
                            path=c:\documents and settings\Tini\Menu Start\Programma's\Opstarten\OpenOffice.org 3.1 .lnk
                            backup=c:\windows\pss\OpenOffice.org 3.1 .lnkStartup
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
                            2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
                            2013-01-29 17:22 138096 ----atw- c:\documents and settings\Tini\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_419160B8BAE8A281612C898CF12F9EE3]
                            2013-05-29 05:27 825808 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OCACheck]
                            2012-10-11 15:01 36336 ----a-w- c:\program files\Common Files\WinOfficeca\OCACheck.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeCyberAlert]
                            2012-10-13 14:09 1687024 ----a-w- c:\program files\Common Files\WinOfficeca\Sysmsgr.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
                            2007-01-09 14:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
                            2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RockMelt Update]
                            2012-11-20 21:43 136336 ----atw- c:\documents and settings\Tini\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
                            2013-05-08 16:27 18680424 ----a-r- c:\program files\Skype\Phone\Skype.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
                            2006-07-13 06:12 729088 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
                            2007-01-05 15:36 872448 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
                            2012-06-29 20:05 4011184 ----a-w- c:\documents and settings\Tini\Application Data\Spotify\spotify.exe
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
                            2012-06-06 18:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                            .
                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                            "%windir%\\system32\\sessmgr.exe"=
                            "c:\\Program Files\\Messenger\\msmsgs.exe"=
                            "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
                            "c:\\Documents and Settings\\Tini\\Application Data\\Spotify\\spotify.exe"=
                            "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                            "c:\\Documents and Settings\\Tini\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
                            "c:\\Documents and Settings\\Tini\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
                            "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
                            .
                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                            "5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
                            .
                            R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [10-1-2013 19:32 13560]
                            R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
                            S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
                            S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
                            S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1-3-2013 12:11 161384]
                            S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2-6-2011 11:08 11336]
                            S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
                            S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [9-8-2012 13:06 21888]
                            S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [10-1-2013 21:50 33616]
                            S3 GPU-Z;GPU-Z;\??\c:\docume~1\Tini\LOCALS~1\Temp\GPU-Z.sys --> c:\docume~1\Tini\LOCALS~1\Temp\GPU-Z.sys [?]
                            S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [23-5-2012 20:37 27064]
                            .
                            [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
                            2013-06-07 08:57 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
                            .
                            Inhoud van de 'Gedeelde Taken' map
                            .
                            2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
                            - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-23 21:19]
                            .
                            2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-682003330-1563985344-2147246695-1003Core.job
                            - c:\documents and settings\Tini\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-29 17:22]
                            .
                            2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce4a74390bd8a4.job
                            - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 21:40]
                            .
                            2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
                            - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-04 21:40]
                            .
                            2013-06-09 c:\windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-682003330-1563985344-2147246695-1003Core.job
                            - c:\documents and settings\Tini\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2012-11-20 21:43]
                            .
                            2013-06-09 c:\windows\Tasks\User_Feed_Synchronization-{09D0AA6A-F6D7-42E5-A0C5-5E327A8C3CF7}.job
                            - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
                            .
                            .
                            ------- Bijkomende Scan -------
                            .
                            uStart Page = hxxp://www.google.com/
                            uInternet Settings,ProxyOverride = *.local
                            TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                            DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
                            DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                            FF - ProfilePath - c:\documents and settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\
                            FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\Tini\Application Data\Mozilla\Firefox\Profiles\8qi98qtf.default\extensions\[email protected]
                            .
                            .
                            **************************************************************************
                            .
                            catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                            Rootkit scan 2013-06-09 23:18
                            Windows 5.1.2600 Service Pack 3 NTFS
                            .
                            scannen van verborgen processen ...
                            .
                            scannen van verborgen autostart items ...
                            .
                            scannen van verborgen bestanden ...
                            .
                            Scan succesvol afgerond
                            verborgen bestanden: 0
                            .
                            **************************************************************************
                            .
                            --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                            @Denied: (A 2) (Everyone)
                            @="FlashBroker"
                            "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe ,-101"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                            "Enabled"=dword:00000001
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                            @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                            @Denied: (A 2) (Everyone)
                            @="IFlashBroker5"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                            @="{00020424-0000-0000-C000-000000000046}"
                            .
                            [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                            @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                            "Version"="1.0"
                            .
                            --------------------- DLLs Geladen Onder Lopende Processen ---------------------
                            .
                            - - - - - - - > 'explorer.exe'(2796)
                            c:\documents and settings\Tini\Application Data\Dropbox\bin\DropboxExt.14.dll
                            c:\program files\Google\Drive\googledrivesync32.dll
                            c:\windows\system32\webcheck.dll
                            c:\windows\system32\WPDShServiceObj.dll
                            c:\windows\system32\PortableDeviceTypes.dll
                            c:\windows\system32\PortableDeviceApi.dll
                            .
                            ------------------------ Andere Aktieve Processen ------------------------
                            .
                            c:\windows\System32\WLTRYSVC.EXE
                            c:\windows\System32\bcmwltry.exe
                            c:\windows\System32\SCardSvr.exe
                            c:\windows\system32\agrsmsvc.exe
                            c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
                            .
                            **************************************************************************
                            .
                            Voltooingstijd: 2013-06-09 23:19:52 - machine werd herstart
                            ComboFix-quarantined-files.txt 2013-06-09 21:19
                            ComboFix2.txt 2013-06-09 10:08
                            ComboFix3.txt 2013-06-06 19:18
                            .
                            Pre-Run: 93.134.938.112 bytes beschikbaar
                            Post-Run: 93.075.619.840 bytes beschikbaar
                            .
                            - - End Of File - - CB69DE34FFC4330674E5CA5C66B91924
                            3051207086651214E435112E51817DC5


                            DDS (Ver_2012-11-20.01) - NTFS_x86
                            Internet Explorer: 8.0.6001.18702
                            Run by Tini at 23:21:14 on 2013-06-09
                            Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1015.693 [GMT 2:00]
                            .
                            AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
                            FW: AVG Internet Security 2012 *Enabled*
                            .
                            ============== Running Processes ================
                            .
                            C:\WINDOWS\System32\WLTRYSVC.EXE
                            C:\WINDOWS\System32\bcmwltry.exe
                            C:\WINDOWS\system32\spoolsv.exe
                            C:\WINDOWS\System32\SCardSvr.exe
                            C:\WINDOWS\system32\agrsmsvc.exe
                            C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
                            C:\WINDOWS\system32\wuauclt.exe
                            C:\WINDOWS\System32\alg.exe
                            C:\WINDOWS\system32\WLTRAY.exe
                            C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
                            C:\WINDOWS\explorer.exe
                            C:\WINDOWS\system32\wbem\wmiprvse.exe
                            C:\WINDOWS\system32\svchost.exe -k DcomLaunch
                            C:\WINDOWS\system32\svchost.exe -k rpcss
                            C:\WINDOWS\System32\svchost.exe -k netsvcs
                            C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
                            C:\WINDOWS\system32\svchost.exe -k NetworkService
                            C:\WINDOWS\System32\svchost.exe -k netsvcs
                            C:\WINDOWS\system32\svchost.exe -k imgsvc
                            C:\WINDOWS\system32\svchost.exe -k LocalService
                            .
                            ============== Pseudo HJT Report ===============
                            .
                            uStart Page = hxxp://www.google.com/
                            BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
                            BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
                            mRun: [Persistence] c:\windows\system32\igfxpers.exe
                            mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
                            mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
                            mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
                            mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
                            dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                            dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
                            uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                            uPolicies-Explorer: NoDriveAutoRun = dword:67108863
                            uPolicies-Explorer: NoDrives = dword:0
                            mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                            mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                            mPolicies-Explorer: NoDrives = dword:0
                            mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
                            mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                            mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                            IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
                            IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                            IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                            .
                            INFO: HKCU has more than 50 listed domains.
                            If you wish to scan all of them, select the 'Force scan all domains' option.
                            .
                            DPF: {0DBF2423-33D3-4084-B83E-6A3661F2CD46} - hxxp://www.mijnalbum.nl/v3/skinsrc/core/system/6.5.6/ImageUploader6.cab
                            DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
                            DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
                            DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                            DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
                            DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
                            DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                            DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                            DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                            DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab
                            DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://yahoouk.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
                            DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
                            DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
                            TCP: NameServer = 212.54.40.25 212.54.35.25
                            TCP: Interfaces\{54F8173A-2AB3-46BE-BFDE-35E9ADE8E062} : DHCPNameServer = 212.54.40.25 212.54.35.25
                            Handler: livecall - <Clsid value has no data>
                            Handler: msnim - <Clsid value has no data>
                            Handler: skype-ie-addon-data - <Clsid value has no data>
                            Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
                            Notify: igfxcui - igfxdev.dll
                            SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
                            mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                            .
                            ================= FIREFOX ===================
                            .
                            FF - ProfilePath - c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\
                            FF - ExtSQL: 2013-04-16 01:00; [email protected]; c:\documents and settings\tini\application data\mozilla\firefox\profiles\8qi98qtf.default\extensions\[email protected]
                            .
                            ============= SERVICES / DRIVERS ===============
                            .
                            R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-1-10 13560]
                            R1 HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc2704814471a284145846ada24;HMFAxCore23f14cc 2704814471a284145846ada24.sys --> HMFAxCore23f14cc2704814471a284145846ada24.sys [?]
                            S0 nchofyu;nchofyu;c:\windows\system32\drivers\pgnxrriw.sys --> c:\windows\system32\drivers\pgnxrriw.sys [?]
                            S1 SBRE;SBRE;c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
                            S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-3-1 161384]
                            S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
                            S3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
                            S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2012-8-9 21888]
                            S3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-1-10 33616]
                            S3 GPU-Z;GPU-Z;\??\c:\docume~1\tini\locals~1\temp\gpu-z.sys --> c:\docume~1\tini\locals~1\temp\GPU-Z.sys [?]
                            S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-23 27064]
                            S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2006-3-2 14336]
                            .
                            =============== Created Last 30 ================
                            .
                            2013-06-09 09:58:26 98816 ----a-w- c:\windows\sed.exe
                            2013-06-09 09:58:26 256000 ----a-w- c:\windows\PEV.exe
                            2013-06-09 09:58:26 208896 ----a-w- c:\windows\MBR.exe
                            2013-06-09 08:40:33 -------- d-----w- c:\program files\E Dev
                            2013-06-08 14:56:22 -------- d--h--w- c:\windows\PIF
                            2013-06-08 14:47:15 -------- d-----w- c:\documents and settings\tini\application data\Malwarebytes
                            2013-06-08 14:47:07 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
                            2013-06-08 14:47:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
                            2013-06-08 14:47:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
                            2013-06-08 13:11:45 388096 ----a-r- c:\documents and settings\tini\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
                            2013-06-06 18:41:45 -------- d-----w- c:\program files\Perfect Uninstaller
                            2013-06-06 18:17:41 -------- d--h--r- c:\documents and settings\tini\Onlangs geopend
                            2013-06-06 18:01:14 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
                            2013-06-03 21:57:30 -------- d-----w- c:\documents and settings\all users\application data\BlueStacksSetup
                            2013-06-03 21:57:27 -------- d-----w- c:\documents and settings\all users\application data\BlueStacks
                            .
                            ==================== Find3M ====================
                            .
                            2013-05-30 21:19:03 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                            2013-05-30 21:19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                            2013-04-16 22:26:44 920064 ----a-w- c:\windows\system32\wininet.dll
                            2013-04-16 22:26:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
                            2013-04-16 22:26:19 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
                            2013-04-12 23:30:29 385024 ----a-w- c:\windows\system32\html.iec
                            2013-04-12 14:01:38 1876480 ----a-w- c:\windows\system32\win32k.sys
                            .
                            ============= FINISH: 23:21:21,70 ===============

                            Comment


                            • #15
                              Hoe je AVG realtime scanner uitzet kan je hier vinden: http://www.avg.com/nl-nl/faq.num-4498

                              Hoe is het nu?
                              Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                              E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X