Mededeling

Collapse
No announcement yet.

politie virus

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • politie virus

    mijn pc in besmet met het politie virus.

    Ik heb Mbam er al overheen gehaald maar krijg na opstarten nog steeds deze zelfde melding.
    Toen heb AGV en Panda geprobeert met usb scan, de scan was voltooid maar melding is er nog steeds.

    wat kan ik hier aan doen?

  • #2
    Hoi klickklick,

    Voor de procedure die hier beschreven wordt, uit strikt uit.
    Heb je vragen stel ze hier.

    Als je alles hebt uitgevoerd post je de MBAM log in je volgende posting.
    Last edited by Emphyrio; 09-09-13, 16:24. Reden: Link aangepast
    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

    Comment


    • #3
      Ik bij scannen met kaspersky een melding dat de pc niet goed afgesloten was, na 2 maal opnieuw opstarten toch maar doorgegaan.

      krijg nu wel melding bij opstarten:
      a: disk error
      F1 om door te gaan

      Malwarebytes Anti-Malware 1.75.0.1300
      www.malwarebytes.org

      Databaseversie: v2013.09.07.02

      Windows XP Service Pack 3 x86 NTFS
      Internet Explorer 8.0.6001.18702
      Eric :: LOPAR-9655B5273 [administrator]

      9-9-2013 18:01:10
      mbam-log-2013-09-09 (18-01-10).txt

      Scan type: Snelle scan
      Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
      Uitgeschakelde scan opties: P2P
      Objecten gescand: 296701
      Verstreken tijd: 16 minuut/minuten, 26 seconde(n)

      Geheugenprocessen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Geheugenmodulen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registersleutels gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerwaarden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Registerdata gedetecteerd: 4
      HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
      HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
      HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
      HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

      Mappen gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      Bestanden gedetecteerd: 0
      (Geen kwaadaardige objecten gedetecteerd)

      (einde)


      nu even opnieuw opstarten

      Comment


      • #4
        Ok, meldt even als dat is gebeurrt.
        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

        Comment


        • #5
          even wat dingen die me nu opvallen:

          - melding is weg
          - taakbeheer is uitgeschakeld
          - virusscanner start niet meer automatisch op. misschien bij opstarten toevoegen of opnieuw installeren?
          - De melding bij opstarten dat er een drive error is op a: als ik f1 druk dan start hij normaal op

          Comment


          • #6
            Ok, de melding is weg...dat is reeds goed.

            Oorspronkelijk geplaatst door klickklick Bekijk Berichten
            - De melding bij opstarten dat er een drive error is op a: als ik f1 druk dan start hij normaal op
            Dat zou je diskettestation moeten zijn ?

            We gaan de issues één voor één aanpakken .


            Controle op slechte toolbars...

            Download AdwCleaner by Xplode naar je Bureaublad.
            • Sluit alle openstaande vensters
            • Start AdwCleaner
            • Klik op Scan
            • Klik op Clean
            • KLIK HIER voor een vergroting! 

            Alle icoontjes verdwijnen van het Bureaublad,dit is normaal
            Je PC word opnieuw opgestart en er een opent logfile (C:\ AdwCleaner[xx].txt post de inhoud hier op het Forum.

            Enkel de log na de "clean" optie heb ik nodig.

            Vergeet niet om je "smileys" uit te schakelen.

            Als je Startpagina ook gehijackt was,stel dan de zoekmachine opnieuw in,deze word standaard door AdwCleaner terug gezet naar Google.com


            Download DDS.com, DDS.scr of DDS.pif van één van deze locaties en plaats het op je bureaublad:


            DDS is een diagnosetool en maakt gebruik van scripts.
            Is het uitvoeren van scripts uitgeschakeld, dan schakel je dit weer in zodat er geen problemen optreden bij gebruik van DDS.


            Dubbelklik op DDS om de tool te starten. (afhankelijk van de download die je gekozen hebt kan dit het bestand DDS.com, DDS.scr of DDS.pif zijn)
            Wanneer het klaar is openen er twee logfiles: DDS.txt en Attach.txt
            Beide logfiles sla je op je bureaublad.

            Post de inhoud van DDS.txt.

            De inhoud Attach.txt moet je niet posten en Attach.txt moet je niet als bijlage toevoegen aan je post, tenzij ik er om vraag.
            Last edited by Emphyrio; 09-09-13, 18:12.
            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

            Comment


            • #7
              # AdwCleaner v3.003 - Report created 09/09/2013 at 19:18:47
              # Updated 07/09/2013 by Xplode
              # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
              # Username : Eric - LOPAR-9655B5273
              # Running from : C:\Documents and Settings\Eric\Local Settings\Temporary Internet Files\Content.IE5\UZN2BQ6I\adwcleaner[1].exe
              # Option : Clean

              ***** [ Services ] *****


              ***** [ Files / Folders ] *****

              Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
              Folder Deleted : C:\Documents and Settings\Eric\IECompatCache
              Folder Deleted : C:\Documents and Settings\Eric\Application Data\pdfforge
              Folder Deleted : C:\Documents and Settings\Maaike\IECompatCache
              Folder Deleted : C:\Documents and Settings\Gast\IECompatCache
              Folder Deleted : C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\qvcmhbe3.default\SweetPacksToolbarData
              Folder Deleted : C:\Documents and Settings\Maaike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
              File Deleted : C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\qvcmhbe3.default\user.js

              ***** [ Shortcuts ] *****


              ***** [ Registry ] *****

              Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
              Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
              Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
              Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
              Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
              Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
              Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
              Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
              Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
              Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
              Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
              Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
              Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
              Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
              Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
              Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
              Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
              Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
              Key Deleted : HKCU\Software\Grand Virtual
              Key Deleted : HKCU\Software\ilivid
              Key Deleted : HKCU\Software\Softonic
              Key Deleted : HKCU\Software\Uniblue\DriverScanner
              Key Deleted : HKCU\Software\YahooPartnerToolbar
              Key Deleted : HKLM\Software\Uniblue\DriverScanner
              Key Deleted : HKLM\Software\Uniblue\SpeedUpMyPC

              ***** [ Browsers ] *****

              -\\ Internet Explorer v8.0.6001.18702


              -\\ Mozilla Firefox v22.0 (nl)

              [ File : C:\Documents and Settings\Eric\Application Data\Mozilla\Firefox\Profiles\qvcmhbe3.default\prefs.js ]


              [ File : C:\Documents and Settings\Maaike\Application Data\Mozilla\Firefox\Profiles\rfsqeasj.default\prefs.js ]


              [ File : C:\Documents and Settings\Gast\Application Data\Mozilla\Firefox\Profiles\kibbpm5w.default\prefs.js ]


              -\\ Google Chrome v

              [ File : C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


              [ File : C:\Documents and Settings\Maaike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


              *************************

              AdwCleaner[R0].txt - [4166 octets] - [09/09/2013 19:14:00]
              AdwCleaner[S0].txt - [4169 octets] - [09/09/2013 19:18:47]

              ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4229 octets] ##########






              DDS (Ver_2012-11-20.01) - NTFS_x86
              Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
              Run by Eric at 19:24:29 on 2013-09-09
              Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1430 [GMT 2:00]
              .
              AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
              .
              ============== Running Processes ================
              .
              C:\Program Files\Microsoft Security Client\MsMpEng.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
              C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
              C:\Program Files\Bonjour\mDNSResponder.exe
              C:\Program Files\Java\jre7\bin\jqs.exe
              C:\Program Files\Ralink\Common\RaRegistry.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\Program Files\Logitech\SetPoint\SetPoint.exe
              C:\Program Files\3M\PSNLite\PsnLite.exe
              C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
              C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
              C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
              C:\PROGRA~1\3M\PSNLite\PSNGive.exe
              C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
              C:\Program Files\TeamViewer\Version8\TeamViewer.exe
              C:\Program Files\Microsoft Security Client\MpCmdRun.exe
              C:\Program Files\TeamViewer\Version8\tv_w32.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe
              C:\WINDOWS\System32\alg.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\WINDOWS\system32\wbem\wmiprvse.exe
              C:\WINDOWS\system32\svchost.exe -k DcomLaunch
              C:\WINDOWS\system32\svchost.exe -k rpcss
              C:\WINDOWS\System32\svchost.exe -k netsvcs
              C:\WINDOWS\system32\svchost.exe -k NetworkService
              C:\WINDOWS\system32\svchost.exe -k LocalService
              C:\WINDOWS\system32\svchost.exe -k imgsvc
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxps://www.google.nl/
              uSearchAssistant = hxxp://www.google.com/ie
              uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
              mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\axis communications\SbDUgiVR.exe,
              BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
              BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
              TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
              uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
              uRun: [MlDEwRDs] c:\documents and settings\eric\local settings\application data\tomtom\VkyFPzRj.exe
              mRun: [KernelFaultCheck] <no file>
              dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
              StartupFolder: c:\docume~1\eric\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\eric\application data\dropbox\bin\Dropbox.exe
              StartupFolder: c:\documents and settings\eric\menu start\programma's\opstarten\EeGyOmfn.exe
              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
              uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
              uPolicies-Explorer: NoDriveAutoRun = dword:67108863
              uPolicies-Explorer: NoDrives = dword:0
              uPolicies-System: DisableTaskMgr = dword:1
              mPolicies-Explorer: NoDriveAutoRun = dword:67108863
              mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
              mPolicies-Explorer: NoDrives = dword:0
              mPolicies-System: EnableLUA = dword:0
              mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
              mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
              mPolicies-Explorer: NoDriveAutoRun = dword:67108863
              IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
              IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
              IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
              IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
              IE: Toevoegen aan bestaand PDF-bestand - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
              IE: Zoek op het web - <no file>
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
              IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
              DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
              DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
              DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
              DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
              DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} - hxxp://www.constructiebedrijfdegroot.nl/publicweb/dll/zkitlib.dll
              DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v1111/Navigram.cab
              DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
              DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
              DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
              DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.93.241.220:443/activex/AMC.cab
              TCP: NameServer = 212.54.40.25 212.54.35.25
              TCP: Interfaces\{62A72F93-CC87-4F9B-89DE-2EE7A2485D16} : DHCPNameServer = 212.54.40.25 212.54.35.25
              TCP: Interfaces\{DAD965A7-7E2D-45E1-A88F-C3276E813C47} : DHCPNameServer = 8.8.8.8
              Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
              Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
              Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
              Notify: igfxcui - igfxdev.dll
              Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
              SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
              SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
              .
              ================= FIREFOX ===================
              .
              FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\qvcmhbe3.default\
              FF - prefs.js: browser.search.defaulturl -
              FF - prefs.js: browser.startup.homepage - about:home
              FF - plugin: c:\documents and settings\eric\local settings\application data\citrix\plugins\104\npappdetector.dll
              FF - plugin: c:\documents and settings\eric\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
              FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
              FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
              FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
              FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
              FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
              FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
              FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
              FF - plugin: c:\windows\system32\npDeployJava1.dll
              FF - plugin: c:\windows\system32\npptools.dll
              FF - ExtSQL: 2013-07-17 15:31; [email protected]; c:\program files\freemake\freemake video converter\browserplugin\Firefox
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 211560]
              R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-16 10384]
              R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2009-10-16 185632]
              R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2009-10-16 19072]
              R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
              R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-28 4308320]
              R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2009-10-14 698368]
              R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-5-27 28256]
              S1 MpKsl702277ce;MpKsl702277ce;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54bfe8c5-22d0-4ba2-b3b2-ff9b9d0d9b76}\mpksl702277ce.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54bfe8c5-22d0-4ba2-b3b2-ff9b9d0d9b76}\MpKsl702277ce.sys [?]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
              S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]
              S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
              S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-5-27 28256]
              S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2009-10-16 17408]
              S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-11-5 18432]
              S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-10-16 722432]
              S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]
              S3 vfsmrx;vfsmrx;c:\windows\system32\drivers\vfsmrx.sys --> c:\windows\system32\drivers\vfsmrx.sys [?]
              S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
              .
              =============== File Associations ===============
              .
              FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
              ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
              .
              =============== Created Last 30 ================
              .
              2013-09-09 17:48:28 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
              2013-09-09 17:22:31 -------- d-sh--w- c:\documents and settings\eric\IECompatCache
              2013-09-09 17:21:54 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54bfe8c5-22d0-4ba2-b3b2-ff9b9d0d9b76}\offreg.dll
              2013-09-09 17:13:52 -------- d-----w- C:\AdwCleaner
              2013-09-08 13:13:37 -------- d---a-w- C:\panda_poli_utility_samples
              2013-09-07 10:10:08 -------- d-----w- c:\documents and settings\eric\local settings\application data\XClrmpXL
              2013-09-07 10:10:07 -------- d-----w- c:\documents and settings\eric\local settings\application data\PvolEKzd
              2013-09-07 09:13:17 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{54bfe8c5-22d0-4ba2-b3b2-ff9b9d0d9b76}\mpengine.dll
              2013-09-06 09:07:53 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
              2013-08-15 14:41:36 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
              2013-08-14 21:15:14 -------- d-----w- c:\windows\system32\MRT
              .
              ==================== Find3M ====================
              .
              2013-09-08 10:21:02 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
              2013-08-16 11:27:45 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
              2013-08-16 11:27:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
              2013-08-02 23:48:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
              2013-07-26 02:49:00 920064 ----a-w- c:\windows\system32\wininet.dll
              2013-07-26 02:48:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
              2013-07-26 02:48:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
              2013-07-25 15:58:11 385024 ----a-w- c:\windows\system32\html.iec
              2013-07-10 10:37:49 406016 ----a-w- c:\windows\system32\usp10.dll
              2013-07-04 07:33:59 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
              2013-07-04 07:33:59 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
              2013-06-18 19:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
              2012-09-19 02:53:38 2174976 ----a-w- c:\program files\common files\atimpenc.dll
              2007-03-12 16:59:00 299008 ----a-w- c:\program files\navigram_register.exe
              .
              ============= FINISH: 19:25:32,53 ===============
              Last edited by klickklick; 09-09-13, 18:23. Reden: Smileys uitgezet.

              Comment


              • #8
                Mooi zo, we zijn op de goede weg.

                We gaan al eens de onnodige temp's opruimen....

                Download of Update Ccleaner

                Start CCleaner op.
                • Run Ccleaner en klik in de linkse kolom op Opties
                • Selecteer het tabblad Geavanceerd
                • Haal het vinkje weg voor Verwijder alleen bestanden in Windows Temp-systeemmap die ouder zijn dan 24 uur
                • Haal het vinkje weg voor Verwijder alleen bestanden in de Prullenbak die ouder zijn dan 24 uur
                • Selecteer het tabblad Instellingen
                • Haal het vinkje weg bij "Computer automatisch schoonmaken...."
                • Klik in de linkse kolom op Cleaner.
                • Klik dan achtereenvolgens op Analyseer en Schoonmaken.
                • Klik vervolgens in de linkse kolom op Register
                • Klik op Scan naar problemen.
                • Als er fouten gevonden worden klik je op Herstel geselecteerde problemen
                • Hier kan de vraag verschijnen of je je register wil backuppen.Antwoord met Ja en OK



                Download de Emsisoft Emergency Kit naar het bureaublad.
                Klik hier voor de complete / uitgebreide handleiding van de Emsisoft Emergency Kit.
                .
                • Dubbelklik op "EmsisoftEmergencyKit.exe", wanneer u een melding krijgt van het gebruikersaccountbeheer staat u dit toe.
                • Klik vervolgens op de knop "Accept & Extract" en de bestanden worden nu automatisch uitgepakt naar de systeemschijf "C:\EEK".
                • Wanneer het uitpakken gereed is wordt er een snelkoppeling op het bureaublad aangemaakt en zal de Emsisoft Emergency Kit vanzelf openen.
                • Klik nu op de optie "Emergency Kit Scanner" en wanneer u de melding "Wilt u nu updaten?" krijgt klikt u op "Ja".
                • Wanneer de update gereed is klikt u in het linker menu op de optie "Computer Scannen".
                • Kies vervolgens de optie "Diep", deze scan kan geruime tijd in beslag nemen en gebruik bij voorkeur de computer niet voor andere bezigheden tijdens de scan.
                • Wanneer de scan gereed is zorg dat alle items staan aangevinkt en klik op de knop "Quarantaine".
                • Klik vervolgens op de knop "Rapport bekijken" en plaats de inhoud van dit bestand in uw volgende bericht. (Het logbestand is teven terug te vinden op de systeemschijf (C:\EEK\Run\Reports) met de naam a2scan_130711-154142.txt
                Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                Comment


                • #9
                  Emsisoft Emergency Kit - Versie 4.0
                  Laatste Update: 9-9-2013 19:42:51
                  Gebruikersaccount: LOPAR-9655B5273\Eric

                  Scaninstellingen:

                  Scanmodus: Diepe scan
                  Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, E:\

                  Detecteer PUPs: Aan
                  Scan archieven: Aan
                  ADS Scan: Aan
                  Bestandsextensiefilter: Uit
                  Geavanceerde cache: Aan
                  Directe schijftoegang: Uit

                  Scan gestart: 9-9-2013 19:43:07
                  C:\Program Files\Driver Checker\ Ontdekt: Trace.File.DriverChecker (A)
                  C:\Program Files\Driver Checker\LiveUpdate\ Ontdekt: Trace.File.DriverChecker (A)
                  C:\Program Files\Everest Poker\ Ontdekt: Trace.File.EverestPoker (A)
                  C:\Program Files\Driver Checker\LiveUpdate\Update.ini Ontdekt: Trace.File.DriverChecker (A)
                  C:\Program Files\Everest Poker\cstart.exe Ontdekt: Trace.File.EverestPoker (A)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{186D37E2-4079-8257-4313-9EBC90B6CEF0}-aMWvXisS.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3CA92E67-19A4-A3EC-CE5C-6B9B385513E1}-SbDUgiVR.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{44FE7F44-0C19-6A17-B392-52FD14D79A5C}-SbDUgiVR.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4F8C9E39-8656-6BB2-90AC-A7B3998A78DE}-aMWvXisS.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{503B199A-C1CF-9623-5EC1-5A46FEFFCD38}-aMWvXisS.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9284181A-D39B-088F-2DEF-65CF5DFC4143}-aMWvXisS.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{97C7C4C5-A3C2-A80C-6608-8CFBB29D407D}-aMWvXisS.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9F5DE031-A910-4384-0716-856573625DF9}-aMWvXisS.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B74FA0CE-3308-C3ED-2DFE-10DF59EB531C}-aMWvXisS.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B989992F-6879-41DF-ACC9-2D1F5D6BEC18}-SbDUgiVR.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CD593BA2-62BA-70B8-5BDD-A94F25D607B6}-EeGyOmfn.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F45A8389-E95F-0605-58EF-D8BD97FFAD95}-aMWvXisS.exe -> (Quarantine-PE) Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\Eric\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\47\39ec6aef-6610fe11 Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\Eric\Local Settings\Application Data\TomTom\VkyFPzRj.exe Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\Eric\Menu Start\Programma's\Opstarten\EeGyOmfn.exe Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\Maaike\Local Settings\Temporary Internet Files\Content.IE5\HV7N7IJK\en[1].jpg Ontdekt: Trojan.PHP.Agent.FY (B)
                  C:\Program Files\Axis Communications\SbDUgiVR.exe Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\System Volume Information\_restore{22EA8DB0-6B35-4C1A-A128-C817708AF84F}\RP1\A0000009.exe Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\System Volume Information\_restore{22EA8DB0-6B35-4C1A-A128-C817708AF84F}\RP1\A0000022.exe Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\System Volume Information\_restore{22EA8DB0-6B35-4C1A-A128-C817708AF84F}\RP2\A0002029.exe Ontdekt: Trojan.GenericKDV.1247229 (B)
                  C:\System Volume Information\_restore{22EA8DB0-6B35-4C1A-A128-C817708AF84F}\RP2\A0002038.exe Ontdekt: Trojan.GenericKDV.1247229 (B)
                  D:\Download\Adobe Master Suite CS5 Keygen For win By team-sol.rar_setup.exe Ontdekt: Gen:Variant.Adware.Strictor.416 (B)
                  D:\Download\video_hd.zip -> video_hd.zip -> video_hd.exe Ontdekt: Trojan.VIZ.Gen.1 (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066353.exe Ontdekt: Trojan.Generic.238059 (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066359.exe Ontdekt: Packer.FSG.A (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066361.exe Ontdekt: Packer.FSG.A (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066362.exe Ontdekt: Trojan.Generic.238059 (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066364.exe Ontdekt: Packer.FSG.A (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP284\A0072983.exe -> (Instyler o) -> (Instyler Module 8) Ontdekt: Gen:[email protected] (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP316\A0072514.exe -> (Instyler o) -> (Instyler Module 8) Ontdekt: Gen:[email protected] (B)

                  Gescand: 538745
                  Gevonden: 35

                  Scan geëindigd: 9-9-2013 22:08:03
                  Scantijd: 2:24:56

                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP284\A0072983.exe In quarantaine geplaatst Gen:[email protected] (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP316\A0072514.exe In quarantaine geplaatst Gen:[email protected] (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066359.exe In quarantaine geplaatst Packer.FSG.A (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066361.exe In quarantaine geplaatst Packer.FSG.A (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066364.exe In quarantaine geplaatst Packer.FSG.A (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066353.exe In quarantaine geplaatst Trojan.Generic.238059 (B)
                  D:\System Volume Information\_restore{3F9C7924-BA50-46B7-9704-A90267515D5C}\RP278\A0066362.exe In quarantaine geplaatst Trojan.Generic.238059 (B)
                  D:\Download\video_hd.zip In quarantaine geplaatst Trojan.VIZ.Gen.1 (B)
                  D:\Download\Adobe Master Suite CS5 Keygen For win By team-sol.rar_setup.exe In quarantaine geplaatst Gen:Variant.Adware.Strictor.416 (B)
                  C:\Documents and Settings\Maaike\Local Settings\Temporary Internet Files\Content.IE5\HV7N7IJK\en[1].jpg In quarantaine geplaatst Trojan.PHP.Agent.FY (B)
                  C:\Program Files\Everest Poker\cstart.exe In quarantaine geplaatst Trace.File.EverestPoker (A)
                  C:\Program Files\Driver Checker\LiveUpdate\Update.ini In quarantaine geplaatst Trace.File.DriverChecker (A)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{186D37E2-4079-8257-4313-9EBC90B6CEF0}-aMWvXisS.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{3CA92E67-19A4-A3EC-CE5C-6B9B385513E1}-SbDUgiVR.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{44FE7F44-0C19-6A17-B392-52FD14D79A5C}-SbDUgiVR.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{4F8C9E39-8656-6BB2-90AC-A7B3998A78DE}-aMWvXisS.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{503B199A-C1CF-9623-5EC1-5A46FEFFCD38}-aMWvXisS.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9284181A-D39B-088F-2DEF-65CF5DFC4143}-aMWvXisS.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{97C7C4C5-A3C2-A80C-6608-8CFBB29D407D}-aMWvXisS.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{9F5DE031-A910-4384-0716-856573625DF9}-aMWvXisS.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B74FA0CE-3308-C3ED-2DFE-10DF59EB531C}-aMWvXisS.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{B989992F-6879-41DF-ACC9-2D1F5D6BEC18}-SbDUgiVR.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{CD593BA2-62BA-70B8-5BDD-A94F25D607B6}-EeGyOmfn.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\LocalCopy\{F45A8389-E95F-0605-58EF-D8BD97FFAD95}-aMWvXisS.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\Eric\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\47\39ec6aef-6610fe11 In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\Eric\Local Settings\Application Data\TomTom\VkyFPzRj.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Documents and Settings\Eric\Menu Start\Programma's\Opstarten\EeGyOmfn.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\Program Files\Axis Communications\SbDUgiVR.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\System Volume Information\_restore{22EA8DB0-6B35-4C1A-A128-C817708AF84F}\RP1\A0000009.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\System Volume Information\_restore{22EA8DB0-6B35-4C1A-A128-C817708AF84F}\RP1\A0000022.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\System Volume Information\_restore{22EA8DB0-6B35-4C1A-A128-C817708AF84F}\RP2\A0002029.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)
                  C:\System Volume Information\_restore{22EA8DB0-6B35-4C1A-A128-C817708AF84F}\RP2\A0002038.exe In quarantaine geplaatst Trojan.GenericKDV.1247229 (B)

                  In quarantaine geplaatst 32

                  Comment


                  • #10
                    Prima

                    Download Combofix en plaats het op je bureaublad.

                    Extra nota... Zorg ervoor dat je Security software uitschakeld is tijdens het gebruik van Combofix.
                    Dit omdat deze scanners bepaalde componenten die Combofix gebruikt, onterecht zien als geïnfecteerd en Combofix zullen blokkeren.


                    Kijk hier indien je niet weet hoe je je Antivirus, Firewall en/of Antispywarescanner moet uitschakelen.


                    Sluit ALLE vensters, ook je browser en laat Combofix rustig zijn werk doen.
                    Open dus geen andere applicaties totdat Combofix de log heeft gepresenteert.

                    Als Combofix vraagt om een update, dan staat je dit toe.

                    Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                    Deze kan je vinden als C:\combofix.txt.

                    Post het Combofixlogje samen met een nieuw DDS logje in je volgende antwoord.

                    * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                    • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                    • Illegal operation attempted on a registry key that has been marked for deletion.
                    Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                    E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                    Comment


                    • #11
                      ComboFix 13-09-10.01 - Eric 10-09-2013 17:01:24.2.2 - x86
                      Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1488 [GMT 2:00]
                      Gestart vanuit: c:\documents and settings\Eric\Bureaublad\ComboFix.exe
                      AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
                      .
                      .
                      (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      c:\documents and settings\Eric\g2mdlhlpx.exe
                      c:\documents and settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      -------\Legacy_NPF
                      .
                      .
                      (((((((((((((((((((( Bestanden Gemaakt van 2013-08-10 to 2013-09-10 ))))))))))))))))))))))))))))))
                      .
                      .
                      2013-09-09 17:48 . 2013-09-09 17:57 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
                      2013-09-09 17:40 . 2013-09-09 17:40 -------- d-----w- C:\EEK
                      2013-09-09 17:22 . 2013-09-09 17:22 -------- d-sh--w- c:\documents and settings\Eric\IECompatCache
                      2013-09-09 17:13 . 2013-09-09 17:19 -------- d-----w- C:\AdwCleaner
                      2013-09-08 13:13 . 2013-09-08 14:12 -------- d---a-w- C:\panda_poli_utility_samples
                      2013-09-07 10:10 . 2013-09-07 10:10 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\XClrmpXL
                      2013-09-07 10:10 . 2013-09-07 10:10 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\PvolEKzd
                      2013-09-07 09:13 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{54BFE8C5-22D0-4BA2-B3B2-FF9B9D0D9B76}\mpengine.dll
                      2013-09-06 09:07 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                      2013-08-15 14:41 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
                      2013-08-14 21:15 . 2013-08-14 21:21 -------- d-----w- c:\windows\system32\MRT
                      .
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2013-09-08 10:21 . 2009-10-16 09:35 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
                      2013-08-16 11:27 . 2012-04-04 14:14 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                      2013-08-16 11:27 . 2011-05-15 08:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                      2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
                      2013-07-26 02:49 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
                      2013-07-26 02:48 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
                      2013-07-26 02:48 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
                      2013-07-25 15:58 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
                      2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
                      2013-07-04 07:33 . 2006-03-02 12:00 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
                      2013-07-04 07:33 . 2004-08-04 00:58 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
                      2013-06-18 19:50 . 2011-04-18 12:18 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
                      2012-09-19 02:53 . 2012-09-19 02:53 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
                      2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
                      .
                      .
                      ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                      REGEDIT4
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                      @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                      @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                      @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                      @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                      [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                      2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                      .
                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                      .
                      c:\documents and settings\Eric\Menu Start\Programma's\Opstarten\
                      Dropbox.lnk - c:\documents and settings\Eric\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
                      .
                      c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
                      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-16 813584]
                      Post-it® Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe -RegRun [2004-10-15 2080768]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
                      2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
                      .
                      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
                      BootExecute REG_MULTI_SZ autocheck autochk /r \??\N:\0autocheck autochk *
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                      @="Service"
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                      @="Driver"
                      .
                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
                      @=""
                      .
                      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]
                      .
                      [HKLM\~\startupfolder\C:^Documents and Settings^Eric^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
                      HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\backup]
                      c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup [X]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installed]
                      1 [X]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\item]
                      OneNote 2007 Schermopname en Snel starten [X]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\location]
                      Startup [X]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoChange]
                      1 [X]
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
                      2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
                      2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
                      2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirVideoServer]
                      2012-07-19 23:25 4935112 ----a-w- c:\program files\AirVideoServer\AirVideoServer.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
                      2011-11-02 06:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
                      2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\command]
                      2009-02-26 13:24 97680 ----a-w- c:\progra~1\MICROS~2\Office12\ONENOTEM.EXE
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
                      2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragTaskBar]
                      2008-10-09 07:18 173408 ----a-w- c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
                      2004-07-20 16:18 90112 ----a-w- c:\windows\Dit.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
                      2007-12-17 04:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
                      2012-01-11 20:54 136176 ----atw- c:\documents and settings\Maaike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
                      2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
                      2009-10-23 12:36 166424 ----a-w- c:\windows\system32\hkcmd.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
                      2009-10-23 12:36 141848 ----a-w- c:\windows\system32\igfxtray.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                      2013-05-31 09:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
                      2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
                      2013-06-20 15:25 995176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
                      2013-05-23 11:53 455608 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
                      2009-10-23 12:36 137752 ----a-w- c:\windows\system32\igfxpers.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                      2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
                      2009-10-23 12:34 17881600 ----a-w- c:\windows\RTHDCPL.EXE
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
                      2013-02-28 16:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
                      2013-08-18 09:38 1104384 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                      2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
                      .
                      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                      "AntiVirusOverride"=dword:00000001
                      "FirewallOverride"=dword:00000001
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                      "EnableFirewall"= 0 (0x0)
                      "DisableNotifications"= 1 (0x1)
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
                      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
                      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
                      "c:\\Program Files\\Spotify\\spotify.exe"=
                      "c:\\Program Files\\Messenger\\msmsgs.exe"=
                      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                      "c:\\WINDOWS\\system32\\msiexec.exe"=
                      "c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
                      "c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
                      "c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
                      "c:\\Documents and Settings\\Eric\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
                      "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
                      "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
                      "c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
                      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
                      "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
                      "c:\\Program Files\\iTunes\\iTunes.exe"=
                      "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
                      "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
                      .
                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                      "5353:TCP"= 5353:TCP:Adobe CSI CS4
                      .
                      R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16-10-2009 10:59 10384]
                      R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [16-10-2009 10:23 19072]
                      R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2-10-2012 13:13 3064000]
                      R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [28-12-2012 23:54 4308320]
                      R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [14-10-2009 20:35 698368]
                      R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [27-5-2012 12:10 28256]
                      R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11-4-2011 22:11 47360]
                      S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2-3-2012 18:00 25504]
                      S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28-2-2013 18:45 161384]
                      S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [27-5-2012 12:10 28256]
                      S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [16-10-2009 11:35 17408]
                      S3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [9-9-2013 19:40 50200]
                      S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [5-11-2012 19:03 18432]
                      S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2-3-2012 18:00 27584]
                      S3 vfsmrx;vfsmrx;c:\windows\system32\Drivers\vfsmrx.sys --> c:\windows\system32\Drivers\vfsmrx.sys [?]
                      .
                      Inhoud van de 'Gedeelde Taken' map
                      .
                      2013-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
                      - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 11:27]
                      .
                      2013-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
                      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
                      .
                      2013-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-725345543-1003Core.job
                      - c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-21 20:02]
                      .
                      2013-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-725345543-1003UA.job
                      - c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-21 20:02]
                      .
                      2013-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-725345543-1004Core.job
                      - c:\documents and settings\Maaike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-11 20:54]
                      .
                      2013-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-725345543-1004UA.job
                      - c:\documents and settings\Maaike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-11 20:54]
                      .
                      2013-09-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
                      - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 16:05]
                      .
                      2013-09-09 c:\windows\Tasks\User_Feed_Synchronization-{3F721D7D-C958-4373-A152-B93ECE90BE36}.job
                      - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
                      .
                      2013-09-10 c:\windows\Tasks\User_Feed_Synchronization-{56D66038-8957-42D0-9FA2-1D2D1F287FB0}.job
                      - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
                      .
                      .
                      ------- Bijkomende Scan -------
                      .
                      uStart Page = https://www.google.nl/
                      uInternet Settings,ProxyOverride = *.local
                      uSearchAssistant = hxxp://www.google.com/ie
                      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                      IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                      IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
                      IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                      IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                      IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
                      IE: Zoek op het web
                      Trusted Zone: com.tw\asia.msi
                      Trusted Zone: com.tw\global.msi
                      Trusted Zone: com.tw\www.msi
                      Trusted Zone: homeserver.com\dezaan
                      Trusted Zone: homeserver.com\podotherapiedezaan
                      TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                      DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
                      DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} - hxxp://www.constructiebedrijfdegroot.nl/publicweb/dll/zkitlib.dll
                      DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.93.241.220:443/activex/AMC.cab
                      FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\qvcmhbe3.default\
                      FF - prefs.js: browser.search.defaulturl -
                      FF - prefs.js: browser.startup.homepage - about:home
                      FF - ExtSQL: 2013-07-17 15:31; [email protected]; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
                      .
                      .
                      ------- Bestandsassociaties -------
                      .
                      .scr=AutoCADScriptFile
                      .
                      - - - - ORPHANS VERWIJDERD - - - -
                      .
                      Toolbar-Locked - (no file)
                      SafeBoot-CleanHlp
                      SafeBoot-CleanHlp.sys
                      MSConfigStartUp-MlDEwRDs - c:\documents and settings\Eric\Local Settings\Application Data\TomTom\VkyFPzRj.exe
                      MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
                      .
                      .
                      .
                      **************************************************************************
                      .
                      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2013-09-10 17:12
                      Windows 5.1.2600 Service Pack 3 NTFS
                      .
                      scannen van verborgen processen ...
                      .
                      scannen van verborgen autostart items ...
                      .
                      scannen van verborgen bestanden ...
                      .
                      Scan succesvol afgerond
                      verborgen bestanden: 0
                      .
                      **************************************************************************
                      .
                      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysAppsEvents]
                      "ImagePath"=""
                      .
                      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSamSs]
                      "ImagePath"=""
                      .
                      --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="FlashBroker"
                      "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                      "Enabled"=dword:00000001
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                      @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                      @Denied: (A 2) (Everyone)
                      @="IFlashBroker5"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                      @="{00020424-0000-0000-C000-000000000046}"
                      .
                      [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                      @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                      "Version"="1.0"
                      .
                      --------------------- DLLs Geladen Onder Lopende Processen ---------------------
                      .
                      - - - - - - - > 'winlogon.exe'(1696)
                      c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
                      c:\program files\common files\logishrd\bluetooth\LBTServ.dll
                      c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
                      .
                      - - - - - - - > 'explorer.exe'(812)
                      c:\program files\Logitech\SetPoint\lgscroll.dll
                      c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                      c:\windows\system32\msi.dll
                      c:\windows\system32\webcheck.dll
                      c:\windows\system32\WPDShServiceObj.dll
                      c:\windows\system32\PortableDeviceTypes.dll
                      c:\windows\system32\PortableDeviceApi.dll
                      c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
                      .
                      ------------------------ Andere Aktieve Processen ------------------------
                      .
                      c:\program files\Microsoft Security Client\MsMpEng.exe
                      c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                      c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
                      c:\program files\Bonjour\mDNSResponder.exe
                      c:\program files\Java\jre7\bin\jqs.exe
                      c:\program files\Ralink\Common\RaRegistry.exe
                      c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
                      c:\program files\TeamViewer\Version8\TeamViewer.exe
                      c:\program files\3M\PSNLite\PsnLite.exe
                      c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
                      c:\progra~1\3M\PSNLite\PSNGive.exe
                      c:\program files\TeamViewer\Version8\tv_w32.exe
                      c:\windows\system32\msiexec.exe
                      c:\windows\system32\MsiExec.exe
                      .
                      **************************************************************************
                      .
                      Voltooingstijd: 2013-09-10 17:17:37 - machine werd herstart
                      ComboFix-quarantined-files.txt 2013-09-10 15:17
                      .
                      Pre-Run: 74.062.336.000 bytes beschikbaar
                      Post-Run: 74.167.758.848 bytes beschikbaar
                      .
                      - - End Of File - - 52D975DDC6AF8819E2507A0DEDB3BD40
                      3051207086651214E435112E51817DC5

                      Comment


                      • #12
                        Mag ik tevens de DDS log aub.
                        En een "stand van zaken" ?
                        Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                        E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                        Comment


                        • #13
                          stand van zaken:

                          - taak beheer werk weer
                          - virusscanner lijkt actief te zijn maar start niet op in de balk rechtsonder
                          - melding bij opstarten is gebleven A:drive error F1 om door te gaan
                          - rechtermuisknop fuctioneert raar. al ik op een bestand druk gaat hij naar een schijf zoeken (g daarna werkt de rechtermuis wel gewoon


                          DDS (Ver_2012-11-20.01) - NTFS_x86
                          Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
                          Run by Eric at 18:53:28 on 2013-09-10
                          Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1361 [GMT 2:00]
                          .
                          AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
                          .
                          ============== Running Processes ================
                          .
                          C:\Program Files\Microsoft Security Client\MsMpEng.exe
                          C:\WINDOWS\system32\spoolsv.exe
                          C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                          C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
                          C:\Program Files\Bonjour\mDNSResponder.exe
                          C:\Program Files\Java\jre7\bin\jqs.exe
                          C:\Program Files\Ralink\Common\RaRegistry.exe
                          C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
                          C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
                          C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
                          C:\Program Files\TeamViewer\Version8\TeamViewer.exe
                          C:\Program Files\Logitech\SetPoint\SetPoint.exe
                          C:\Program Files\3M\PSNLite\PsnLite.exe
                          C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
                          C:\PROGRA~1\3M\PSNLite\PSNGive.exe
                          C:\Program Files\TeamViewer\Version8\tv_w32.exe
                          C:\WINDOWS\system32\wbem\wmiprvse.exe
                          C:\WINDOWS\System32\alg.exe
                          C:\WINDOWS\system32\msiexec.exe
                          C:\WINDOWS\system32\MsiExec.exe
                          C:\WINDOWS\explorer.exe
                          C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
                          C:\Documents and Settings\Eric\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
                          C:\Program Files\TeamViewer\Version8\TeamViewer.exe
                          C:\WINDOWS\Explorer.EXE
                          C:\Program Files\TeamViewer\Version8\tv_w32.exe
                          C:\Program Files\Logitech\SetPoint\SetPoint.exe
                          C:\Program Files\3M\PSNLite\PsnLite.exe
                          C:\PROGRA~1\3M\PSNLite\PSNGive.exe
                          C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
                          C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
                          C:\WINDOWS\system32\ctfmon.exe
                          C:\WINDOWS\system32\wuauclt.exe
                          C:\WINDOWS\system32\wbem\wmiprvse.exe
                          C:\WINDOWS\system32\svchost.exe -k DcomLaunch
                          C:\WINDOWS\system32\svchost.exe -k rpcss
                          C:\WINDOWS\System32\svchost.exe -k netsvcs
                          C:\WINDOWS\system32\svchost.exe -k NetworkService
                          C:\WINDOWS\system32\svchost.exe -k LocalService
                          C:\WINDOWS\system32\svchost.exe -k imgsvc
                          C:\WINDOWS\system32\svchost.exe -k netsvcs
                          .
                          ============== Pseudo HJT Report ===============
                          .
                          uStart Page = hxxps://www.google.nl/
                          uSearchAssistant = hxxp://www.google.com/ie
                          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                          BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
                          BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
                          BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
                          BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
                          TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                          dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                          StartupFolder: c:\docume~1\eric\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\eric\application data\dropbox\bin\Dropbox.exe
                          StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
                          StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
                          uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                          uPolicies-Explorer: NoDriveAutoRun = dword:67108863
                          uPolicies-Explorer: NoDrives = dword:0
                          mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                          mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                          mPolicies-Explorer: NoDrives = dword:0
                          mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
                          mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                          mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                          IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                          IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
                          IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                          IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                          IE: Toevoegen aan bestaand PDF-bestand - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
                          IE: Zoek op het web - <no file>
                          IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
                          IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                          IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                          IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                          DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
                          DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                          DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
                          DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
                          DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} - hxxp://www.constructiebedrijfdegroot.nl/publicweb/dll/zkitlib.dll
                          DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v1111/Navigram.cab
                          DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
                          DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                          DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                          DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                          DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
                          DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.93.241.220:443/activex/AMC.cab
                          TCP: NameServer = 212.54.40.25 212.54.35.25
                          TCP: Interfaces\{62A72F93-CC87-4F9B-89DE-2EE7A2485D16} : DHCPNameServer = 212.54.40.25 212.54.35.25
                          TCP: Interfaces\{DAD965A7-7E2D-45E1-A88F-C3276E813C47} : DHCPNameServer = 8.8.8.8
                          Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
                          Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
                          Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
                          Notify: igfxcui - igfxdev.dll
                          Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
                          SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
                          SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
                          .
                          ================= FIREFOX ===================
                          .
                          FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\qvcmhbe3.default\
                          FF - prefs.js: browser.search.defaulturl -
                          FF - prefs.js: browser.startup.homepage - about:home
                          FF - plugin: c:\documents and settings\eric\local settings\application data\citrix\plugins\104\npappdetector.dll
                          FF - plugin: c:\documents and settings\eric\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
                          FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
                          FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
                          FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
                          FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
                          FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
                          FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
                          FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
                          FF - plugin: c:\windows\system32\npDeployJava1.dll
                          FF - plugin: c:\windows\system32\npptools.dll
                          FF - ExtSQL: 2013-07-17 15:31; [email protected]; c:\program files\freemake\freemake video converter\browserplugin\Firefox
                          .
                          ============= SERVICES / DRIVERS ===============
                          .
                          R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 211560]
                          R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-16 10384]
                          R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2009-10-16 185632]
                          R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2009-10-16 19072]
                          R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
                          R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-28 4308320]
                          R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2009-10-14 698368]
                          R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-5-27 28256]
                          S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                          S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]
                          S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
                          S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-5-27 28256]
                          S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2009-10-16 17408]
                          S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-9-9 50200]
                          S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-11-5 18432]
                          S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-10-16 722432]
                          S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]
                          S3 vfsmrx;vfsmrx;c:\windows\system32\drivers\vfsmrx.sys --> c:\windows\system32\drivers\vfsmrx.sys [?]
                          S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
                          .
                          =============== File Associations ===============
                          .
                          FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
                          ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
                          .
                          =============== Created Last 30 ================
                          .
                          2013-09-10 15:22:02 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{993e2e11-4f75-42e5-8de3-37795723c2d3}\mpengine.dll
                          2013-09-10 14:58:18 98816 ----a-w- c:\windows\sed.exe
                          2013-09-10 14:58:18 256000 ----a-w- c:\windows\PEV.exe
                          2013-09-10 14:58:18 208896 ----a-w- c:\windows\MBR.exe
                          2013-09-09 17:48:28 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
                          2013-09-09 17:40:18 -------- d-----w- C:\EEK
                          2013-09-09 17:22:31 -------- d-sh--w- c:\documents and settings\eric\IECompatCache
                          2013-09-09 17:13:52 -------- d-----w- C:\AdwCleaner
                          2013-09-08 13:13:37 -------- d---a-w- C:\panda_poli_utility_samples
                          2013-09-07 10:10:08 -------- d-----w- c:\documents and settings\eric\local settings\application data\XClrmpXL
                          2013-09-07 10:10:07 -------- d-----w- c:\documents and settings\eric\local settings\application data\PvolEKzd
                          2013-09-07 09:13:17 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
                          2013-08-15 14:41:36 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
                          2013-08-14 21:15:14 -------- d-----w- c:\windows\system32\MRT
                          .
                          ==================== Find3M ====================
                          .
                          2013-09-10 16:33:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                          2013-09-10 16:33:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                          2013-09-08 10:21:02 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
                          2013-08-02 23:48:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
                          2013-07-26 02:49:00 920064 ----a-w- c:\windows\system32\wininet.dll
                          2013-07-26 02:48:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
                          2013-07-26 02:48:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
                          2013-07-25 15:58:11 385024 ----a-w- c:\windows\system32\html.iec
                          2013-07-10 10:37:49 406016 ----a-w- c:\windows\system32\usp10.dll
                          2013-07-04 07:33:59 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
                          2013-07-04 07:33:59 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
                          2013-06-18 19:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
                          2012-09-19 02:53:38 2174976 ----a-w- c:\program files\common files\atimpenc.dll
                          2007-03-12 16:59:00 299008 ----a-w- c:\program files\navigram_register.exe
                          .
                          ============= FINISH: 18:53:57,75 ===============

                          Comment


                          • #14
                            Schakel je beveiligingssoftware uit.

                            Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

                            Open een kladblokbestand.
                            Kopieer het onderstaande en plak dit in het kladblokbestand.
                            Sla het kladblokbestand op als CFScript.txt
                            Code:
                            KillAll::
                            ClearJavaCache::
                            REGISTRY::
                            [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
                            "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
                            [HKEY_LOCAL_MACHINE\software\microsoft\security center]
                            "AntiVirusOverride"=dword:00000000
                            "FirewallOverride"=dword:00000000
                            [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                            "EnableFirewall"=dword:00000001
                            "DisableNotifications"=dword:00000000
                            Sleep nu het bestand CFScript.txt in het bestand ComboFix.exe



                            ComboFix zal opnieuw starten.
                            Als Combofix vraagt om een update, dan staat je dit toe.

                            Wanneer ComboFix klaar is, dit kan na een herstart zijn, opent er een logfile. Post de inhoud van de logfile.
                            Maak een nieuwe DDS log en post deze ook.

                            * OPMERKING: Indien je één van de onderstaande meldingen krijgt na het gebruik van ComboFix, herstart dan de computer.
                            • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
                            • Illegal operation attempted on a registry key that has been marked for deletion.
                            Malware Research [email protected] (MBAM) ..... ASAP & Unite Member
                            E Dev * McAfee verwijderen. * Ccleaner * E-Peek

                            Comment


                            • #15
                              ComboFix 13-09-10.03 - Eric 11-09-2013 16:24:39.3.2 - x86
                              Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1485 [GMT 2:00]
                              Gestart vanuit: c:\documents and settings\Eric\Bureaublad\ComboFix.exe
                              gebruikte Opdracht switches :: c:\documents and settings\Eric\Bureaublad\CFScript.txt
                              AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
                              .
                              .
                              (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              c:\documents and settings\Eric\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
                              .
                              .
                              (((((((((((((((((((( Bestanden Gemaakt van 2013-08-11 to 2013-09-11 ))))))))))))))))))))))))))))))
                              .
                              .
                              2013-09-11 14:39 . 2013-09-11 14:39 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F479D010-077B-433A-9AA1-64C4BB10F052}\MpKsl916b1932.sys
                              2013-09-11 14:22 . 2013-09-11 14:22 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F479D010-077B-433A-9AA1-64C4BB10F052}\MpKsl4844552e.sys
                              2013-09-10 18:22 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F479D010-077B-433A-9AA1-64C4BB10F052}\mpengine.dll
                              2013-09-10 15:25 . 2013-09-10 15:25 -------- d-sh--w- c:\documents and settings\Maaike\IECompatCache
                              2013-09-09 17:48 . 2013-09-09 17:57 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
                              2013-09-09 17:40 . 2013-09-09 17:40 -------- d-----w- C:\EEK
                              2013-09-09 17:22 . 2013-09-09 17:22 -------- d-sh--w- c:\documents and settings\Eric\IECompatCache
                              2013-09-09 17:13 . 2013-09-09 17:19 -------- d-----w- C:\AdwCleaner
                              2013-09-08 13:13 . 2013-09-08 14:12 -------- d---a-w- C:\panda_poli_utility_samples
                              2013-09-07 10:10 . 2013-09-07 10:10 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\XClrmpXL
                              2013-09-07 10:10 . 2013-09-07 10:10 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\PvolEKzd
                              2013-09-07 09:13 . 2013-08-06 07:28 7166848 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                              2013-08-15 14:41 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
                              2013-08-14 21:15 . 2013-08-14 21:21 -------- d-----w- c:\windows\system32\MRT
                              .
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2013-09-10 17:33 . 2012-04-04 14:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                              2013-09-10 17:33 . 2011-05-15 08:05 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                              2013-09-08 10:21 . 2009-10-16 09:35 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
                              2013-08-02 23:48 . 2006-10-18 19:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
                              2013-07-26 02:49 . 2006-03-02 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
                              2013-07-26 02:48 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
                              2013-07-26 02:48 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
                              2013-07-25 15:58 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
                              2013-07-10 10:37 . 2006-03-02 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
                              2013-07-04 07:33 . 2006-03-02 12:00 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
                              2013-07-04 07:33 . 2004-08-04 00:58 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
                              2013-06-18 19:50 . 2011-04-18 12:18 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
                              2012-09-19 02:53 . 2012-09-19 02:53 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll
                              2007-03-12 16:59 . 2007-03-12 16:59 299008 ----a-w- c:\program files\navigram_register.exe
                              .
                              .
                              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                              REGEDIT4
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
                              @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
                              2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
                              @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
                              2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
                              @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
                              2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
                              @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
                              [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
                              2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                              .
                              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                              .
                              c:\documents and settings\Eric\Menu Start\Programma's\Opstarten\
                              Dropbox.lnk - c:\documents and settings\Eric\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
                              .
                              c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
                              Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-10-16 813584]
                              Post-it® Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe -RegRun [2004-10-15 2080768]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
                              2009-07-20 10:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                              @="Service"
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                              @="Driver"
                              .
                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
                              @=""
                              .
                              [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Ralink Wireless Utility.lnk]
                              .
                              [HKLM\~\startupfolder\C:^Documents and Settings^Eric^Menu Start^Programma's^Opstarten^OneNote 2007 Schermopname en Snel starten.lnk]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\backup]
                              c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnkStartup [X]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Installed]
                              1 [X]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\item]
                              OneNote 2007 Schermopname en Snel starten [X]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\location]
                              Startup [X]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoChange]
                              1 [X]
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
                              2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
                              2012-04-04 05:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
                              2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirVideoServer]
                              2012-07-19 23:25 4935112 ----a-w- c:\program files\AirVideoServer\AirVideoServer.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
                              2011-11-02 06:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
                              2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\command]
                              2009-02-26 13:24 97680 ----a-w- c:\progra~1\MICROS~2\Office12\ONENOTEM.EXE
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
                              2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragTaskBar]
                              2008-10-09 07:18 173408 ----a-w- c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragTaskBar.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dit]
                              2004-07-20 16:18 90112 ----a-w- c:\windows\Dit.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX400 Series]
                              2007-12-17 04:00 188928 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
                              2012-01-11 20:54 136176 ----atw- c:\documents and settings\Maaike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
                              2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
                              2009-10-23 12:36 166424 ----a-w- c:\windows\system32\hkcmd.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
                              2009-10-23 12:36 141848 ----a-w- c:\windows\system32\igfxtray.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
                              2013-05-31 09:56 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
                              2009-06-17 16:55 55824 ----a-w- c:\windows\KHALMNPR.Exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
                              2013-06-20 15:25 995176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
                              2013-05-23 11:53 455608 ----a-w- c:\program files\MyTomTom 3\MyTomTomSA.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
                              2009-10-23 12:36 137752 ----a-w- c:\windows\system32\igfxpers.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
                              2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
                              2009-10-23 12:34 17881600 ----a-w- c:\windows\RTHDCPL.EXE
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
                              2013-02-28 16:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
                              2013-08-18 09:38 1104384 ----a-w- c:\program files\Spotify\Data\SpotifyWebHelper.exe
                              .
                              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
                              2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
                              .
                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                              "%windir%\\system32\\sessmgr.exe"=
                              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                              "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
                              "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
                              "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
                              "c:\\Program Files\\Spotify\\spotify.exe"=
                              "c:\\Program Files\\Messenger\\msmsgs.exe"=
                              "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                              "c:\\WINDOWS\\system32\\msiexec.exe"=
                              "c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
                              "c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
                              "c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
                              "c:\\Documents and Settings\\Eric\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
                              "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
                              "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
                              "c:\\Program Files\\AirVideoServer\\AirVideoServer.exe"=
                              "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
                              "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
                              "c:\\Program Files\\iTunes\\iTunes.exe"=
                              "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
                              "c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
                              .
                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                              "5353:TCP"= 5353:TCP:Adobe CSI CS4
                              .
                              R1 MpKsl916b1932;MpKsl916b1932;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F479D010-077B-433A-9AA1-64C4BB10F052}\MpKsl916b1932.sys [11-9-2013 16:39 29904]
                              R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16-10-2009 10:59 10384]
                              R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [16-10-2009 10:23 19072]
                              R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2-10-2012 13:13 3064000]
                              R2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [28-12-2012 23:54 4308320]
                              R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [14-10-2009 20:35 698368]
                              R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [27-5-2012 12:10 28256]
                              R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11-4-2011 22:11 47360]
                              S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2-3-2012 18:00 25504]
                              S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28-2-2013 18:45 161384]
                              S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [27-5-2012 12:10 28256]
                              S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [16-10-2009 11:35 17408]
                              S3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [9-9-2013 19:40 50200]
                              S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [5-11-2012 19:03 18432]
                              S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [2-3-2012 18:00 27584]
                              S3 vfsmrx;vfsmrx;c:\windows\system32\Drivers\vfsmrx.sys --> c:\windows\system32\Drivers\vfsmrx.sys [?]
                              .
                              --- Andere Services/Drivers In Geheugen ---
                              .
                              *NewlyCreated* - MPKSL916B1932
                              .
                              Inhoud van de 'Gedeelde Taken' map
                              .
                              2013-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
                              - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 17:33]
                              .
                              2013-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
                              - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
                              .
                              2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-725345543-1003Core.job
                              - c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-21 20:02]
                              .
                              2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-725345543-1003UA.job
                              - c:\documents and settings\Eric\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-09-21 20:02]
                              .
                              2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-725345543-1004Core.job
                              - c:\documents and settings\Maaike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-11 20:54]
                              .
                              2013-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1645522239-725345543-1004UA.job
                              - c:\documents and settings\Maaike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-11 20:54]
                              .
                              2013-09-11 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
                              - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 16:05]
                              .
                              2013-09-10 c:\windows\Tasks\User_Feed_Synchronization-{3F721D7D-C958-4373-A152-B93ECE90BE36}.job
                              - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
                              .
                              2013-09-11 c:\windows\Tasks\User_Feed_Synchronization-{56D66038-8957-42D0-9FA2-1D2D1F287FB0}.job
                              - c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
                              .
                              .
                              ------- Bijkomende Scan -------
                              .
                              uStart Page = https://www.google.nl/
                              uInternet Settings,ProxyOverride = *.local
                              uSearchAssistant = hxxp://www.google.com/ie
                              uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                              IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                              IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
                              IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                              IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                              IE: Toevoegen aan bestaand PDF-bestand - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
                              IE: Zoek op het web
                              Trusted Zone: com.tw\asia.msi
                              Trusted Zone: com.tw\global.msi
                              Trusted Zone: com.tw\www.msi
                              Trusted Zone: homeserver.com\dezaan
                              Trusted Zone: homeserver.com\podotherapiedezaan
                              TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
                              DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
                              DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} - hxxp://www.constructiebedrijfdegroot.nl/publicweb/dll/zkitlib.dll
                              DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.93.241.220:443/activex/AMC.cab
                              FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\qvcmhbe3.default\
                              FF - prefs.js: browser.search.defaulturl -
                              FF - prefs.js: browser.startup.homepage - about:home
                              FF - ExtSQL: 2013-07-17 15:31; [email protected]; c:\program files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
                              .
                              .
                              **************************************************************************
                              .
                              catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2013-09-11 16:40
                              Windows 5.1.2600 Service Pack 3 NTFS
                              .
                              scannen van verborgen processen ...
                              .
                              scannen van verborgen autostart items ...
                              .
                              scannen van verborgen bestanden ...
                              .
                              Scan succesvol afgerond
                              verborgen bestanden: 0
                              .
                              **************************************************************************
                              .
                              [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysAppsEvents]
                              "ImagePath"=""
                              .
                              [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSamSs]
                              "ImagePath"=""
                              .
                              --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
                              @Denied: (A 2) (Everyone)
                              @="FlashBroker"
                              "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe ,-101"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
                              "Enabled"=dword:00000001
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
                              @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_168_ActiveX.exe"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
                              @Denied: (A 2) (Everyone)
                              @="IFlashBroker5"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
                              @="{00020424-0000-0000-C000-000000000046}"
                              .
                              [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
                              @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
                              "Version"="1.0"
                              .
                              --------------------- DLLs Geladen Onder Lopende Processen ---------------------
                              .
                              - - - - - - - > 'winlogon.exe'(1688)
                              c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
                              c:\program files\common files\logishrd\bluetooth\LBTServ.dll
                              c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
                              .
                              - - - - - - - > 'explorer.exe'(3764)
                              c:\program files\Logitech\SetPoint\lgscroll.dll
                              c:\documents and settings\Eric\Application Data\Dropbox\bin\DropboxExt.19.dll
                              c:\windows\system32\msi.dll
                              c:\windows\system32\webcheck.dll
                              c:\windows\system32\WPDShServiceObj.dll
                              c:\windows\system32\PortableDeviceTypes.dll
                              c:\windows\system32\PortableDeviceApi.dll
                              .
                              ------------------------ Andere Aktieve Processen ------------------------
                              .
                              c:\program files\Microsoft Security Client\MsMpEng.exe
                              c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                              c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
                              c:\program files\Bonjour\mDNSResponder.exe
                              c:\program files\Java\jre7\bin\jqs.exe
                              c:\program files\Ralink\Common\RaRegistry.exe
                              c:\program files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
                              c:\program files\TeamViewer\Version8\TeamViewer.exe
                              c:\program files\3M\PSNLite\PsnLite.exe
                              c:\progra~1\3M\PSNLite\PSNGive.exe
                              c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
                              c:\program files\TeamViewer\Version8\tv_w32.exe
                              .
                              **************************************************************************
                              .
                              Voltooingstijd: 2013-09-11 16:45:01 - machine werd herstart
                              ComboFix-quarantined-files.txt 2013-09-11 14:44
                              ComboFix2.txt 2013-09-10 15:17
                              .
                              Pre-Run: 73.688.125.440 bytes beschikbaar
                              Post-Run: 73.707.438.080 bytes beschikbaar
                              .
                              - - End Of File - - AF9934C405178181DD55ADF701CCCC9E
                              3051207086651214E435112E51817DC5


                              DDS (Ver_2012-11-20.01) - NTFS_x86
                              Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
                              Run by Eric at 16:52:34 on 2013-09-11
                              Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.2039.1472 [GMT 2:00]
                              .
                              AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
                              .
                              ============== Running Processes ================
                              .
                              C:\Program Files\Microsoft Security Client\MsMpEng.exe
                              C:\WINDOWS\system32\spoolsv.exe
                              C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
                              C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\aDefragService.exe
                              C:\Program Files\Bonjour\mDNSResponder.exe
                              C:\Program Files\Java\jre7\bin\jqs.exe
                              C:\Program Files\Ralink\Common\RaRegistry.exe
                              C:\Program Files\Ashampoo\Ashampoo Magical Defrag 2\bin\defragActivityMonitor.exe
                              C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
                              C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
                              C:\Program Files\TeamViewer\Version8\TeamViewer.exe
                              C:\Program Files\Logitech\SetPoint\SetPoint.exe
                              C:\Program Files\3M\PSNLite\PsnLite.exe
                              C:\PROGRA~1\3M\PSNLite\PSNGive.exe
                              C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
                              C:\Program Files\TeamViewer\Version8\tv_w32.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe
                              C:\WINDOWS\System32\alg.exe
                              C:\WINDOWS\explorer.exe
                              C:\WINDOWS\system32\wbem\wmiprvse.exe
                              C:\WINDOWS\system32\svchost.exe -k DcomLaunch
                              C:\WINDOWS\system32\svchost.exe -k rpcss
                              C:\WINDOWS\System32\svchost.exe -k netsvcs
                              C:\WINDOWS\system32\svchost.exe -k NetworkService
                              C:\WINDOWS\system32\svchost.exe -k LocalService
                              C:\WINDOWS\system32\svchost.exe -k imgsvc
                              C:\WINDOWS\system32\svchost.exe -k netsvcs
                              .
                              ============== Pseudo HJT Report ===============
                              .
                              uStart Page = hxxps://www.google.nl/
                              uSearchAssistant = hxxp://www.google.com/ie
                              uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                              BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
                              BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
                              BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
                              BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
                              TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
                              dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
                              StartupFolder: c:\docume~1\eric\menust~1\progra~1\opstar~1\dropbox.lnk - c:\documents and settings\eric\application data\dropbox\bin\Dropbox.exe
                              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
                              StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\post-i~1.lnk - c:\program files\3m\psnlite\PsnLite.exe
                              uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                              uPolicies-Explorer: NoDriveAutoRun = dword:67108863
                              uPolicies-Explorer: NoDrives = dword:0
                              mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                              mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                              mPolicies-Explorer: NoDrives = dword:0
                              mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
                              mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
                              mPolicies-Explorer: NoDriveAutoRun = dword:67108863
                              IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                              IE: Converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
                              IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
                              IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
                              IE: Toevoegen aan bestaand PDF-bestand - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
                              IE: Zoek op het web - <no file>
                              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
                              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
                              IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
                              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
                              DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
                              DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                              DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
                              DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
                              DPF: {640373B0-6978-4FA5-A9FC-420ECBBC61C7} - hxxp://www.constructiebedrijfdegroot.nl/publicweb/dll/zkitlib.dll
                              DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v1111/Navigram.cab
                              DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
                              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                              DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
                              DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
                              DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://82.93.241.220:443/activex/AMC.cab
                              TCP: NameServer = 212.54.40.25 212.54.35.25
                              TCP: Interfaces\{62A72F93-CC87-4F9B-89DE-2EE7A2485D16} : DHCPNameServer = 212.54.40.25 212.54.35.25
                              TCP: Interfaces\{DAD965A7-7E2D-45E1-A88F-C3276E813C47} : DHCPNameServer = 8.8.8.8
                              Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
                              Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
                              Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
                              Notify: igfxcui - igfxdev.dll
                              Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
                              SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
                              SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
                              .
                              ================= FIREFOX ===================
                              .
                              FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\qvcmhbe3.default\
                              FF - prefs.js: browser.search.defaulturl -
                              FF - prefs.js: browser.startup.homepage - about:home
                              FF - ExtSQL: 2013-07-17 15:31; [email protected]; c:\program files\freemake\freemake video converter\browserplugin\Firefox
                              .
                              ============= SERVICES / DRIVERS ===============
                              .
                              R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 211560]
                              R1 MpKsl916b1932;MpKsl916b1932;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f479d010-077b-433a-9aa1-64c4bb10f052}\MpKsl916b1932.sys [2013-9-11 29904]
                              R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-16 10384]
                              R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\ralink\common\RaRegistry.exe [2009-10-16 185632]
                              R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [2009-10-16 19072]
                              R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
                              R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2012-12-28 4308320]
                              R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2009-10-14 698368]
                              R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2012-5-27 28256]
                              RUnknown MpKsl4844552e;MpKsl4844552e; [x]
                              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                              S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]
                              S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
                              S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2012-5-27 28256]
                              S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [2009-10-16 17408]
                              S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-9-9 50200]
                              S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-11-5 18432]
                              S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-10-16 722432]
                              S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]
                              S3 vfsmrx;vfsmrx;c:\windows\system32\drivers\vfsmrx.sys --> c:\windows\system32\drivers\vfsmrx.sys [?]
                              S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
                              .
                              =============== File Associations ===============
                              .
                              FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
                              ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
                              .
                              =============== Created Last 30 ================
                              .
                              2013-09-11 14:39:59 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f479d010-077b-433a-9aa1-64c4bb10f052}\MpKsl916b1932.sys
                              2013-09-11 14:22:47 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f479d010-077b-433a-9aa1-64c4bb10f052}\MpKsl4844552e.sys
                              2013-09-10 18:22:30 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f479d010-077b-433a-9aa1-64c4bb10f052}\mpengine.dll
                              2013-09-10 14:58:18 98816 ----a-w- c:\windows\sed.exe
                              2013-09-10 14:58:18 256000 ----a-w- c:\windows\PEV.exe
                              2013-09-10 14:58:18 208896 ----a-w- c:\windows\MBR.exe
                              2013-09-09 17:48:28 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
                              2013-09-09 17:40:18 -------- d-----w- C:\EEK
                              2013-09-09 17:22:31 -------- d-sh--w- c:\documents and settings\eric\IECompatCache
                              2013-09-09 17:13:52 -------- d-----w- C:\AdwCleaner
                              2013-09-08 13:13:37 -------- d---a-w- C:\panda_poli_utility_samples
                              2013-09-07 10:10:08 -------- d-----w- c:\documents and settings\eric\local settings\application data\XClrmpXL
                              2013-09-07 10:10:07 -------- d-----w- c:\documents and settings\eric\local settings\application data\PvolEKzd
                              2013-09-07 09:13:17 7166848 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
                              2013-08-15 14:41:36 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
                              2013-08-14 21:15:14 -------- d-----w- c:\windows\system32\MRT
                              .
                              ==================== Find3M ====================
                              .
                              2013-09-10 17:33:06 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                              2013-09-10 17:33:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                              2013-09-08 10:21:02 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
                              2013-08-02 23:48:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
                              2013-07-26 02:49:00 920064 ----a-w- c:\windows\system32\wininet.dll
                              2013-07-26 02:48:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
                              2013-07-26 02:48:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
                              2013-07-25 15:58:11 385024 ----a-w- c:\windows\system32\html.iec
                              2013-07-10 10:37:49 406016 ----a-w- c:\windows\system32\usp10.dll
                              2013-07-04 07:33:59 2154496 ----a-w- c:\windows\system32\ntoskrnl.exe
                              2013-07-04 07:33:59 2033152 ----a-w- c:\windows\system32\ntkrnlpa.exe
                              2013-06-18 19:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
                              2012-09-19 02:53:38 2174976 ----a-w- c:\program files\common files\atimpenc.dll
                              2007-03-12 16:59:00 299008 ----a-w- c:\program files\navigram_register.exe
                              .
                              ============= FINISH: 16:52:45,90 ===============

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X