Forumoverzicht Malware en virusinfectie problemen Hulp bij malware en virusinfectie problemen (HijackThis / RSIT / DDS logs) Opgeloste problemen / logs

Gesloten onderwerpen. Stuur een privé bericht naar een Moderator of de Administrator om het topic weer te laten openen.

mijn logbestanden na infectie live security platinum

Berichtdoor derijp » do 14 jun, 2012 16:24:53

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29-6-2011 16:20:59
System Uptime: 14-6-2012 15:59:43 (1 hours ago)
.
Motherboard: Dell Inc. | | 0YH79Y
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 357,871 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth-randapparaat
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129E\8&145C6171&0&88C66377AEE7_C00000000
Manufacturer:
Name: Bluetooth-randapparaat
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&129E\8&145C6171&0&88C66377AEE7_C00000000
Service:
.
Class GUID:
Description: Bluetooth-randapparaat
Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&145C6171&0&CCFE3C18AF57_C00000000
Manufacturer:
Name: Bluetooth-randapparaat
PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&0000\8&145C6171&0&CCFE3C18AF57_C00000000
Service:
.
==== System Restore Points ===================
.
RP125: 31-5-2012 21:27:10 - Windows Update
RP126: 4-6-2012 7:48:06 - Windows Update
RP127: 4-6-2012 22:03:02 - Windows Update
RP128: 9-6-2012 9:26:42 - Windows Update
RP130: 13-6-2012 14:02:00 - Installed SpyHunter
RP131: 13-6-2012 14:02:00 - Windows Defender Checkpoint
RP132: 13-6-2012 16:28:56 - Installed AVG 2012
RP133: 13-6-2012 16:29:29 - Installed AVG 2012
RP134: 14-6-2012 13:38:23 - Removed SpyHunter
RP135: 14-6-2012 13:43:16 - Removed SpyHunter
.
==== Installed Programs ======================
.
Aangifte inkomstenbelasting 2011
Adobe AIR
Adobe Reader X (10.1.1) MUI
Advanced Audio FX Engine
AMIS 3.1.3 (Nederlands)
Apple Application Support
Apple Software Update
Babylon toolbar on IE
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell PhotoStage
Dell Stage Remote
Dell Webcam Central
DirectX 9 Runtime
FoxTab Video Converter
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hema Fotoalbum
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Malwarebytes Anti-Malware versie 1.61.0.1400
McAfeeSecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Language Pack 2010 - Dutch/Nederlands
Microsoft Office O MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office X MUI (Dutch) 2010
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoShowExpress
Picasa 3
Reader for PC
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Samsung New PC Studio
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sibelius Scorch (ActiveX Only)
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Spotify
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
Visual Studio C++ 10.0 Runtime
WampServer 2.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YouTube Downloader 3.5
.
==== End Of File ===========================



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Pascal at 16:19:08 on 2012-06-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.2040 [GMT 2:00]
.
AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: AVG Anti-Virus 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uDefault_Page_URL = hxxp://www1.euro.dell.com/content/defau ... l=nl&s=gen
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120501103522.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
uRun: [Google Update] "C:\Users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify] "C:\Users\Pascal\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [NPSStartup]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [<NO NAME>]
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\Pascal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: triversum.nl\thuiswerken
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{69E56362-91B6-4839-868C-5294F3B68935} : DhcpNameServer = 13.35.0.1 13.35.0.2
TCP: Interfaces\{837A96CD-6DAF-4C18-85FD-2BD670DAB2CD} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{837A96CD-6DAF-4C18-85FD-2BD670DAB2CD}\A5967676F63364635434 : DhcpNameServer = 212.54.40.25 212.54.35.25
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: amisie - {183A003A-3D01-4E94-A2C5-AD0108C68370} - C:\Program Files (x86)\AMIS\IeDtbPlugin.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{2EECD738-5844-4a99-B4B6-146BF802613B}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{98889811-442D-49dd-99D7-DC866BE87DBC}
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [NPSStartup]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [(standaard)]
mRun-x64: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-9-5 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-25 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-1 5265248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-13 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-13 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-13 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-13 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-6-25 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-6-25 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-25 1692480]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-25 2656280]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-5 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 257696]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys --> C:\Windows\system32\drivers\btmaud.sys [?]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-5 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-6-25 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-9-14 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-11-13 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-14 14:04:31 -------- d-----w- C:\Users\Pascal\AppData\Local\{93E810CC-E12C-4C4E-A433-6FA2F795AB08}
2012-06-14 14:04:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{B8D7C28B-8058-4C44-842D-EC7489EE8B90}
2012-06-14 12:01:06 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-14 11:52:48 -------- d-----w- C:\Users\Pascal\AppData\Roaming\Malwarebytes
2012-06-14 11:52:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-14 11:51:57 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-14 11:51:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 11:37:57 -------- d-----w- C:\Program Files (x86)\DVD SHRINK
2012-06-14 10:56:40 -------- d-----w- C:\Users\Pascal\AppData\Local\{2E2E4F10-ADDA-471E-BFE0-94C8ED9E010C}
2012-06-14 10:56:26 -------- d-----w- C:\Users\Pascal\AppData\Local\{A18DA7A4-53D7-4E5D-A6B9-EDCDEA5A4D31}
2012-06-13 18:00:19 -------- d-----w- C:\Users\Pascal\AppData\Local\{7DA6D6C1-3FE9-4A57-9A11-7CF511AEF677}
2012-06-13 18:00:08 -------- d-----w- C:\Users\Pascal\AppData\Local\{8FF60F1D-2743-40D3-871F-5C7912A982AD}
2012-06-13 15:45:28 -------- d--h--w- C:\$AVG
2012-06-13 14:33:22 -------- d-----w- C:\Users\Pascal\AppData\Roaming\AVG2012
2012-06-13 14:32:04 -------- d-----w- C:\Users\Pascal\AppData\Local\{3EC71012-405F-404F-99BF-B43BB30F230A}
2012-06-13 14:31:50 -------- d--h--w- C:\ProgramData\Common Files
2012-06-13 14:31:49 -------- d-----w- C:\Users\Pascal\AppData\Local\{3A391FFC-3746-47C3-86E4-713F0229C25C}
2012-06-13 14:31:15 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-13 14:30:07 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-13 14:30:07 -------- d-----w- C:\ProgramData\AVG2012
2012-06-13 14:29:20 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-13 13:55:41 -------- d-----w- C:\ProgramData\MFAData
2012-06-13 12:03:27 -------- d-----w- C:\sh4ldr
2012-06-13 12:03:27 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-13 12:01:47 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-13 12:01:36 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-13 11:18:43 -------- d-----w- C:\ProgramData\B7E858A700045A2C00226AC4B4EB2367
2012-06-13 07:47:19 -------- d-----w- C:\Users\Pascal\AppData\Local\{87D95148-BB0B-4D35-AAC5-BAE2279B743A}
2012-06-13 07:47:02 -------- d-----w- C:\Users\Pascal\AppData\Local\{737FAA5D-1290-4682-AEAF-45DDDB121C74}
2012-06-12 06:23:52 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BE25F690-EB0C-45C6-9B61-EC879E0C9359}\mpengine.dll
2012-06-12 06:17:46 -------- d-----w- C:\Users\Pascal\AppData\Local\{959308C4-D047-4591-AB48-2AE6FE272354}
2012-06-12 06:17:32 -------- d-----w- C:\Users\Pascal\AppData\Local\{A3E76E9B-6960-4B0D-B977-A4A8653BEF24}
2012-06-11 14:22:42 -------- d-----w- C:\Users\Pascal\AppData\Local\{8B4F7346-ECE5-4D7A-ACA4-DE07E743FB96}
2012-06-11 14:22:33 -------- d-----w- C:\Users\Pascal\AppData\Local\{C5900B42-C3DD-4894-B2B4-75AC91737AE9}
2012-06-11 12:10:33 -------- d-----w- C:\Users\Pascal\AppData\Local\{F90AEBB1-8617-4111-97DE-FD4F1DF20D9C}
2012-06-11 12:10:23 -------- d-----w- C:\Users\Pascal\AppData\Local\{35C7B31F-F4FA-43CF-A166-5069C35DE867}
2012-06-11 11:48:39 -------- d-----w- C:\Users\Pascal\AppData\Local\{782A8684-1C33-42C3-9EDC-BFB9047C92DF}
2012-06-11 11:48:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{3F696E6A-8245-4B38-ABCE-D8D27334E892}
2012-06-11 10:50:37 -------- d-----w- C:\Users\Pascal\AppData\Local\{4690A7CF-8F2D-49DC-88E5-60B88518034B}
2012-06-11 10:50:28 -------- d-----w- C:\Users\Pascal\AppData\Local\{3207A748-79CE-4086-8680-BB94E7BCB44A}
2012-06-11 10:42:39 -------- d-----w- C:\Users\Pascal\AppData\Local\{745706FF-5E84-4482-B66B-49B1D24B05E4}
2012-06-11 10:42:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{8B445014-AC7E-4921-BB11-879BAF059586}
2012-06-11 09:52:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{CC8D4ABE-0994-47F8-B9C6-89C779621752}
2012-06-11 05:26:55 -------- d-----w- C:\Users\Pascal\AppData\Local\{CC8C8F65-EA2E-44DB-A1B7-F9FB3BF0FFB4}
2012-06-11 05:26:43 -------- d-----w- C:\Users\Pascal\AppData\Local\{8C380E43-E22D-4EDB-835E-D7E8EACC62B2}
2012-06-10 08:07:03 -------- d-----w- C:\Users\Pascal\AppData\Local\{4185FB2D-3A7B-4908-B41B-DADD526F9E90}
2012-06-10 08:06:52 -------- d-----w- C:\Users\Pascal\AppData\Local\{EB769AF4-BEF7-4793-84FF-BB4003353F49}
2012-06-09 18:57:25 -------- d-----w- C:\Users\Pascal\AppData\Local\{69DD250F-C660-4FB6-9BD5-6037E91C8D04}
2012-06-09 18:57:14 -------- d-----w- C:\Users\Pascal\AppData\Local\{BA05277E-1E4E-4728-A95B-5892F7180698}
2012-06-09 07:17:15 -------- d-----w- C:\Users\Pascal\AppData\Local\{8DE495CF-9F2D-4714-89B0-7C2C0DA143B5}
2012-06-09 07:17:05 -------- d-----w- C:\Users\Pascal\AppData\Local\{823091C1-128B-4E2F-8053-AA46B155759B}
2012-06-08 09:14:50 -------- d-----w- C:\Program Files\iPod
2012-06-08 09:14:49 -------- d-----w- C:\Program Files\iTunes
2012-06-08 09:14:49 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-08 09:03:57 -------- d-----w- C:\Users\Pascal\AppData\Local\{7B2F6E61-E583-45AD-9A1E-9795D7C25987}
2012-06-08 09:03:45 -------- d-----w- C:\Users\Pascal\AppData\Local\{A9B83331-4CA0-45E2-AFDC-B06ED1191E92}
2012-06-08 05:25:30 -------- d-----w- C:\Users\Pascal\AppData\Local\{11ECBF8C-AB9B-4213-A1EF-D2EE8C15C672}
2012-06-08 05:25:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{A7EBCD85-AD53-477A-9270-F18E3D6F2A16}
2012-06-07 19:50:42 -------- d-----w- C:\Users\Pascal\AppData\Local\{A91F3E7C-F2EF-4AF8-866E-DFCAE27535A8}
2012-06-07 19:50:31 -------- d-----w- C:\Users\Pascal\AppData\Local\{EF5E8590-A46D-4AED-825C-331327FB5CB1}
2012-06-07 15:36:55 -------- d-----w- C:\Users\Pascal\AppData\Local\{6858E648-466B-4EC4-A478-DE618C3076AB}
2012-06-07 15:36:45 -------- d-----w- C:\Users\Pascal\AppData\Local\{512C952E-3910-451F-B00D-5AD11B05C3C1}
2012-06-07 05:43:04 -------- d-----w- C:\Users\Pascal\AppData\Local\{B1527652-D389-47B0-917E-6597FAC39528}
2012-06-07 05:42:52 -------- d-----w- C:\Users\Pascal\AppData\Local\{04D76988-EB58-42A8-8CB0-A5501BCBAD05}
2012-06-06 15:21:11 -------- d-----w- C:\Users\Pascal\AppData\Local\{2A2744C7-9C9D-400E-AEC9-790DF081D0C5}
2012-06-06 15:21:00 -------- d-----w- C:\Users\Pascal\AppData\Local\{1204D788-DBFC-428A-9EE5-0315F83FF5C0}
2012-06-06 11:49:47 -------- d-----w- C:\Users\Pascal\AppData\Local\{83A86905-820D-4E2D-96DF-9E17982C6B8D}
2012-06-06 11:49:37 -------- d-----w- C:\Users\Pascal\AppData\Local\{859AFBAA-EF2E-4540-BACB-E878AB77DED9}
2012-06-06 11:46:20 -------- d-----w- C:\Users\Pascal\AppData\Local\{8BB8227F-6ECA-4CCB-BE8D-CA2EE5CDC508}
2012-06-06 11:46:10 -------- d-----w- C:\Users\Pascal\AppData\Local\{41721B6B-8530-4C79-A5B1-30D842032980}
2012-06-06 11:41:08 -------- d-----w- C:\Users\Pascal\AppData\Local\{D94D2CE6-BB99-4024-9E1E-771B7C1905F2}
2012-06-06 11:40:58 -------- d-----w- C:\Users\Pascal\AppData\Local\{15FCDFF3-C127-4948-A67B-07C306ACB90F}
2012-06-06 07:24:33 -------- d-----w- C:\Users\Pascal\AppData\Local\{C41DAF5A-AFA3-4F5A-9DEB-98288B069F2C}
2012-06-06 07:24:22 -------- d-----w- C:\Users\Pascal\AppData\Local\{F4EE1AE4-475F-4FB9-8BBE-3E0A3F87B4D3}
2012-06-06 07:13:30 -------- d-----w- C:\Users\Pascal\AppData\Local\{F8A28B17-EEDA-4128-987B-3941E4C254F6}
2012-06-06 07:13:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{B2B694D6-22B7-40ED-A459-8795AA434C22}
2012-06-05 12:49:19 -------- d-----w- C:\Users\Pascal\AppData\Local\{E4968597-E5CC-4816-A1CD-8998CF0C53E9}
2012-06-05 12:49:09 -------- d-----w- C:\Users\Pascal\AppData\Local\{894C4291-C6B1-4999-8A8B-5E2F8ACF5832}
2012-06-05 12:37:56 -------- d-----w- C:\Users\Pascal\AppData\Local\{3A6278D6-829E-4CBA-AF65-0435FFEF1824}
2012-06-05 12:37:46 -------- d-----w- C:\Users\Pascal\AppData\Local\{5E99F215-5F03-4BB7-AC25-3F217235132E}
2012-06-05 07:55:06 -------- d-----w- C:\Users\Pascal\AppData\Local\{55E318EE-4022-4AC6-A91D-3DAC943D505E}
2012-06-05 07:54:55 -------- d-----w- C:\Users\Pascal\AppData\Local\{F9195794-35B1-41FD-822E-0E80A09B3871}
2012-06-04 06:23:06 -------- d-----w- C:\Users\Pascal\AppData\Local\{525DE2E6-DFE6-417A-8567-1BB852E93454}
2012-06-04 06:22:56 -------- d-----w- C:\Users\Pascal\AppData\Local\{216BC800-16CE-4C87-B05F-D1EF48DF94B4}
2012-06-04 06:03:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{A54A94BD-86B9-40EA-BBC3-094F1CA995DE}
2012-06-04 05:55:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{302A464A-E01F-4926-AA92-714CB8CA3C56}
2012-06-04 05:55:08 -------- d-----w- C:\Users\Pascal\AppData\Local\{70B06810-1D62-4DB2-87FB-6755B276DA9E}
2012-06-04 05:41:41 -------- d-----w- C:\Users\Pascal\AppData\Local\{AF932825-3128-48D1-B921-189D96941DC0}
2012-06-04 05:41:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{DCD68FE9-99FA-4E82-81F8-127E7FD763AE}
2012-06-03 18:48:03 -------- d-----w- C:\Users\Pascal\AppData\Local\{F6DFDDBC-EEBA-45E3-8F66-843B995266EE}
2012-06-03 18:47:46 -------- d-----w- C:\Users\Pascal\AppData\Local\{3EEA0638-7D41-4CA6-AC04-422B794569EF}
2012-06-03 15:23:17 -------- d-----w- C:\Users\Pascal\AppData\Local\{B23C528D-D8F8-4FAE-8FF5-7FCED2F2DF64}
2012-06-01 18:17:28 -------- d-----w- C:\Users\Pascal\AppData\Local\{5913A72B-1CC1-4CBC-93C5-A47667134EC1}
2012-06-01 08:21:40 -------- d-----w- C:\Users\Pascal\AppData\Local\{FEF0F297-8D35-4BBA-9776-0B81CA4A9880}
2012-05-31 19:23:25 -------- d-----w- C:\Users\Pascal\AppData\Local\{6BC1C09F-6FE5-47D5-9BBA-EF5237B735FC}
2012-05-27 19:37:39 -------- d-----w- C:\Users\Pascal\AppData\Local\{3443E971-4596-4571-A25D-59C515444EC3}
2012-05-26 20:20:31 -------- d-----w- C:\Users\Pascal\AppData\Local\{889AC332-646C-46E7-862D-635BA706E081}
2012-05-26 20:20:20 -------- d-----w- C:\Users\Pascal\AppData\Local\{3831F509-D557-44DE-BBDD-3169558594E5}
2012-05-25 05:06:30 -------- d-----w- C:\Users\Pascal\AppData\Local\{FA301A04-A2A3-4709-AFB7-1CC18AF56851}
2012-05-24 14:11:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{9F04B264-9AAB-4E58-980F-5515834CE714}
2012-05-24 14:11:19 -------- d-----w- C:\Users\Pascal\AppData\Local\{7CA2D69E-1CE3-410F-B2B5-EA7453540BFA}
2012-05-23 12:21:31 -------- d-----w- C:\Users\Pascal\AppData\Local\{00AE5C61-3999-4A96-ACFF-D9553F2470DD}
2012-05-23 12:21:21 -------- d-----w- C:\Users\Pascal\AppData\Local\{1A2242EB-AFC2-452C-8BAA-2245C8C9F9D1}
2012-05-23 12:08:22 -------- d-----w- C:\Program Files (x86)\Sibelius Software
2012-05-23 11:44:22 -------- d-----w- C:\Users\Pascal\AppData\Local\{3A4A15E3-D283-4D63-AED7-52B827AFAB7F}
2012-05-23 11:44:12 -------- d-----w- C:\Users\Pascal\AppData\Local\{C112A0DC-0F3A-4F15-8986-A4159F0AF4AB}
2012-05-23 05:37:59 -------- d-----w- C:\Users\Pascal\AppData\Local\{FB6F827A-D0B0-4AD3-9B59-A0618DA5C1D1}
2012-05-23 05:37:35 -------- d-----w- C:\Users\Pascal\AppData\Local\{73209C2A-F7C3-4254-9826-9FD89DE0685C}
2012-05-22 08:06:17 -------- d-----w- C:\Users\Pascal\AppData\Local\{6682DF4D-B782-4C60-877A-FBDBD0AA4A4A}
2012-05-22 08:06:06 -------- d-----w- C:\Users\Pascal\AppData\Local\{81E3D76C-2783-45D9-9C14-752E093E96E2}
2012-05-21 11:44:25 -------- d-----w- C:\Users\Pascal\AppData\Local\{06A954E0-8CD5-4EF1-AE73-478200E997BE}
2012-05-21 11:44:15 -------- d-----w- C:\Users\Pascal\AppData\Local\{859A4A15-DF70-4DDF-B47C-E6C82EBD76F5}
2012-05-19 13:10:27 -------- d-----w- C:\Users\Pascal\AppData\Local\{ADC11896-D717-49DA-B612-E1437CD92CFC}
2012-05-19 13:10:17 -------- d-----w- C:\Users\Pascal\AppData\Local\{F9D0EF84-DBC4-4509-A4CB-98007E9EF434}
2012-05-19 12:57:04 -------- d-----w- C:\Users\Pascal\AppData\Local\{BF972A26-A052-4EF5-9F5B-734E765470F7}
2012-05-19 07:01:48 -------- d-----w- C:\Users\Pascal\AppData\Local\{1475994E-0407-4287-9322-AA7FC6E6801D}
2012-05-19 07:01:37 -------- d-----w- C:\Users\Pascal\AppData\Local\{14C1EE51-9018-4BC1-B42E-AC619C6324C1}
2012-05-18 07:42:47 -------- d-----w- C:\Users\Pascal\AppData\Local\{974481FD-D4B0-4246-939D-26E398D40C46}
2012-05-18 07:42:35 -------- d-----w- C:\Users\Pascal\AppData\Local\{149390C4-A99F-4D6A-8F4D-5B3D774A57B6}
2012-05-17 07:01:44 -------- d-----w- C:\Users\Pascal\AppData\Local\{0244A03D-4189-48A6-94B7-C34BD588ADA8}
2012-05-17 07:01:31 -------- d-----w- C:\Users\Pascal\AppData\Local\{150D1F1F-3D9C-4FB2-9EB8-DB7C94660586}
2012-05-16 09:02:44 -------- d-----w- C:\Users\Pascal\AppData\Local\{59FD7F7E-7BE9-48C2-AE3C-17ED84237091}
2012-05-16 09:02:32 -------- d-----w- C:\Users\Pascal\AppData\Local\{623A54E6-B365-4FF7-B31F-24E9345B9485}
.
==================== Find3M ====================
.
2012-05-05 10:27:43 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:27:42 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:27:19 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-20 11:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe
2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
.
============= FINISH: 16:20:51,90 ===============
derijp
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 8
Geregistreerd: do 14 jun, 2012 13:44:18
Kennisniveau: (1) Beginner
AV: Mcafee

Re: mijn logbestanden na infectie live security platinum

Berichtdoor Maxstar » do 14 jun, 2012 17:05:09

Hoi en welkom op het forum,

Je gebruikt zowel AVG als McAfee, verwijder één van de twee virusscanners aangezien deze elkaar in de weg kunnen zitten.

1. Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar het onderstaande indien aanwezig.
McAfee of AVG
Babylon Toolbar



2. Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op, maar start deze nog niet.


Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


DDS::
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} -
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} -
mRun: [<NO NAME>]

File::
C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP

Folder::
C:\Program Files (x86)\BabylonToolbar
C:\ProgramData\B7E858A700045A2C00226AC4B4EB2367


Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Afbeelding

Dit zal ComboFix laten starten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33369
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: mijn logbestanden na infectie live security platinum

Berichtdoor derijp » do 14 jun, 2012 21:05:14

Nou, daar komt ie hoor....bedankt tot zover

ComboFix 12-06-14.01 - Pascal 14-06-2012 20:05:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.2385 [GMT 2:00]
Gestart vanuit: c:\users\Pascal\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Pascal\Desktop\CFScript.txt
AV: McAfeeAntivirus en antispyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfeeFirewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfeeAntivirus en antispyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BabylonToolbar
c:\programdata\B7E858A700045A2C00226AC4B4EB2367
c:\programdata\B7E858A700045A2C00226AC4B4EB2367\B7E858A700045A2C00226AC4B4EB2367
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\programdata\Roaming
c:\users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{27D0A90F-7C1A-4F4E-9C06-5CA775229790}.xps
c:\users\Pascal\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9BCB2CC3-18A7-48BB-ACF5-65FB55650FB7}.xps
c:\users\Pascal\Documents\~WRL0001.tmp
c:\users\Pascal\Documents\~WRL2839.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-14 to 2012-06-14 ))))))))))))))))))))))))))))))
.
.
2012-06-14 18:22 . 2012-06-14 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-14 17:58 . 2012-06-14 17:58 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE25F690-EB0C-45C6-9B61-EC879E0C9359}\offreg.dll
2012-06-14 17:49 . 2012-06-14 17:49 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5dc4011cd4a5602\MeshBetaRemover.exe
2012-06-14 17:49 . 2012-06-14 17:49 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ff9f55eb1cd4a5501\DSETUP.dll
2012-06-14 17:49 . 2012-06-14 17:49 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ff9f55eb1cd4a5501\DXSETUP.exe
2012-06-14 17:49 . 2012-06-14 17:49 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ff9f55eb1cd4a5501\dsetup32.dll
2012-06-14 12:01 . 2012-06-14 14:09 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-14 11:52 . 2012-06-14 11:52 -------- d-----w- c:\users\Pascal\AppData\Roaming\Malwarebytes
2012-06-14 11:52 . 2012-06-14 11:52 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 11:51 . 2012-06-14 11:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-14 11:51 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 11:37 . 2012-06-14 11:38 -------- d-----w- c:\program files (x86)\DVD SHRINK
2012-06-13 14:33 . 2012-06-13 14:33 -------- d-----w- c:\users\Pascal\AppData\Roaming\AVG2012
2012-06-13 14:31 . 2012-06-13 14:31 -------- d--h--w- c:\programdata\Common Files
2012-06-13 14:30 . 2012-06-14 17:44 -------- d-----w- c:\programdata\AVG2012
2012-06-13 14:29 . 2012-06-13 14:29 -------- d-----w- c:\program files (x86)\AVG
2012-06-13 13:55 . 2012-06-14 17:43 -------- d-----w- c:\programdata\MFAData
2012-06-13 12:03 . 2012-06-14 11:47 -------- d-----w- C:\sh4ldr
2012-06-13 12:03 . 2012-06-13 12:03 -------- d-----w- c:\program files\Enigma Software Group
2012-06-13 12:01 . 2012-06-14 11:46 -------- d-----w- c:\windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-13 12:01 . 2012-06-13 12:01 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-12 06:23 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE25F690-EB0C-45C6-9B61-EC879E0C9359}\mpengine.dll
2012-06-08 09:14 . 2012-06-08 09:14 -------- d-----w- c:\program files\iPod
2012-06-08 09:14 . 2012-06-08 09:15 -------- d-----w- c:\program files\iTunes
2012-06-08 09:14 . 2012-06-08 09:15 -------- d-----w- c:\program files (x86)\iTunes
2012-05-23 12:08 . 2012-05-23 12:08 -------- d-----w- c:\program files (x86)\Sibelius Software
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 05:49 . 2011-07-16 12:58 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRSTITL.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRSTEXT.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRSSTMP.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRSSPEC.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRSSCRP.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRSREH_.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRSMET_.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRSCHOR.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\RPRS____.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSTEXT.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSSE__.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSS___.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSROMC.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSPC__.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSP___.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSO___.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSNN__.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSM___.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSFS__.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSFBE_.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSFB__.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSCSC_.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSCS__.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUSC___.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\OPUS____.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\INKPEN2_.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\INK2TEXT.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\INK2SPEC.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\INK2SCRI.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\INK2METR.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\INK2CHOR.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\HELST___.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\HELSS___.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\HELSM___.FOT
2012-05-23 12:08 . 2012-05-23 12:08 1409 ----a-w- c:\windows\Fonts\HELSINKI.FOT
2012-05-05 10:27 . 2012-05-04 09:29 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 10:27 . 2011-07-16 12:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 10:27 . 2012-05-05 10:27 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-21 16:28 . 2011-09-11 16:17 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-04-12 10:37 . 2011-07-16 12:58 882512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-31 06:05 . 2012-05-11 22:07 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-11 22:07 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-11 22:07 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-11 22:07 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-11 22:04 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 11:11 . 2011-06-25 15:44 162192 ----a-w- c:\windows\system32\mfevtps.exe
2012-03-17 07:58 . 2012-05-11 22:06 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-04 95576]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-05 39408]
"Spotify"="c:\users\Pascal\AppData\Roaming\Spotify\Spotify.exe" [2012-05-05 9478320]
"Spotify Web Helper"="c:\users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-05 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Reader Application Helper"="c:\program files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/nl.special-uninstall ... 7513a8d6fc" [?]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-20 559616]
.
c:\users\Pascal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05 136176]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - mfeavfk01
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 10:27]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05 19:37]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-05 19:37]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131625625-121992527-2250984173-1000Core.job
- c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-11 12:57]
.
2012-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1131625625-121992527-2250984173-1000UA.job
- c:\users\Pascal\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-11 12:57]
.
2012-05-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-14 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-11 4500640]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-08-08 2034752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: triversum.nl\thuiswerken
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
Handler: amisie - {183A003A-3D01-4E94-A2C5-AD0108C68370} - c:\program files (x86)\AMIS\IeDtbPlugin.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-06-14 21:01:30
ComboFix-quarantined-files.txt 2012-06-14 19:01
.
Pre-Run: 383.494.082.560 bytes beschikbaar
Post-Run: 387.332.145.152 bytes beschikbaar
.
- - End Of File - - D3D53DBA3F3CFCD760FF46FA984D4D7B
derijp
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 8
Geregistreerd: do 14 jun, 2012 13:44:18
Kennisniveau: (1) Beginner
AV: Mcafee

Re: mijn logbestanden na infectie live security platinum

Berichtdoor Maxstar » vr 15 jun, 2012 10:10:23

Hoi,

Zijn er nu momenteel nog problemen merkbaar?
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33369
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: mijn logbestanden na infectie live security platinum

Berichtdoor derijp » vr 15 jun, 2012 10:50:01

Nee, niet dat ik zie. Krijg geen meldingen meer.
Ziet het er weer gezond uit?
derijp
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 8
Geregistreerd: do 14 jun, 2012 13:44:18
Kennisniveau: (1) Beginner
AV: Mcafee

Re: mijn logbestanden na infectie live security platinum

Berichtdoor Maxstar » vr 15 jun, 2012 11:16:24

Hoi,

De logjes zien er verder prima uit.

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).
  • DDS
  • ComboFix via de onderstaande instructies.

Verwijderen ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)

Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Afbeelding


Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
  • Hoe u de herstelpunten verwijderd leest u hier
  • Hoe u zelf snel een nieuw systeemherstelpunt aan kunt maken leest u hier

2.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

3.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier

4.) Gebruikersaccounts
Met dit account heeft u dus het volledige beheer van de computer in handen, het is dan ook niet aan te raden om dit account als primair account voor het dagelijkse gebruik in te stellen.
Meer informatie hierover leest u hier

5.) Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.
Hier en hier staat informatie hoe u een infectie kunt voorkomen, lees dit eens op uw gemak door.

Meer informatie over het gebruik van "beveiligings software" en "valse (nep) software" (rogueware) leest u hier
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33369
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: mijn logbestanden na infectie live security platinum

Berichtdoor derijp » vr 15 jun, 2012 13:12:39

Heel hartelijk dank voor je hulp.
Een hoop leesvoer heb je meegegeven, maar dat is wel eens goed om te bekijken
Dank!
derijp
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 8
Geregistreerd: do 14 jun, 2012 13:44:18
Kennisniveau: (1) Beginner
AV: Mcafee

Re: mijn logbestanden na infectie live security platinum

Berichtdoor derijp » zo 24 jun, 2012 09:56:03

help....hij is terug...zelfde geval....live security platinum
ik keek op een website die ik beheer en toen floepte hij zo weer op mijn computer
en nu????
derijp
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 8
Geregistreerd: do 14 jun, 2012 13:44:18
Kennisniveau: (1) Beginner
AV: Mcafee

Re: mijn logbestanden na infectie live security platinum

Berichtdoor Maxstar » zo 24 jun, 2012 20:42:16

Hoi,

Als eerste adviseer ik om de betreffende website goed te controleren op aanwezige malware, hidden i-frames en andere malafide zaken.
Wijzig eveneens de FTP gegevens en eventuele andere login gegevens die behoren tot deze website.

Voer op de geïnfecteerde computer Malwarebytes'Anti-malware uit in de veilige modus en plaats hiervan het logje.

Download MalwareBytes' Anti-Malware en sla het op je bureaublad op.
Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg dat er na de installatie een vinkje is geplaatst bij:
  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
Klik daarna op "Voltooien".
Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

Bij problemen!!! (Lees de onderstaande instructies)

  • Het venster met de vraag of je de "Evaluatie wil starten" mag je in principe weigeren, deze kan je later ook nog inschakelen.
  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
Het log wordt automatisch bewaard door MalwareBytes' Anti-Malware en kan je terugvinden door op de "Logs" tab te klikken in het programma.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33369
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: mijn logbestanden na infectie live security platinum

Berichtdoor derijp » ma 25 jun, 2012 10:48:00

Ik had gisteren al even malwarebytes anti-malware aangezet met een volledige scan;
toen kreeg ik dit logje:
Mijn Mcafee pikte er trouwens niks uit...dat is wel weer gek

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.06.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: PASCAL-PC [administrator]

24-6-2012 11:06:10
mbam-log-2012-06-24 (11-06-10).txt

Scantype: Volledige scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 422461
Verstreken tijd: 2 uur/uren, 7 minuut/minuten, 3 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2
C:\Users\Pascal\AppData\Local\Temp\4831990.Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Pascal\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U\800000cb.@ (Rootkit.0Access) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)



Logje van vandaag:
alwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Databaseversie: v2012.06.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal :: PASCAL-PC [administrator]

14-6-2012 13:55:17
mbam-log-2012-06-14 (13-55-17).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 287346
Verstreken tijd: 1 uur/uren, 25 minuut/minuten, 36 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 2
C:\Users\Pascal\AppData\Local\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Pascal\Downloads\VideoConverterSetup.exe (PUP.Adware.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)
derijp
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 8
Geregistreerd: do 14 jun, 2012 13:44:18
Kennisniveau: (1) Beginner
AV: Mcafee

Re: mijn logbestanden na infectie live security platinum

Berichtdoor Maxstar » ma 25 jun, 2012 18:29:18

Hoi,
derijp schreef:Mijn Mcafee pikte er trouwens niks uit...dat is wel weer gek

Dit is niet zo heel gek, als er nog geen definities zijn bij McAfee en de 'behaviour blocker' functionaliteit geen alarm slaat kan de malware zonder pardon het systeem infecteren.
McAfee scoort in de Virus Bulletin RAP-test toch niet erg goed, kijk maar naar de onderstaande grafiek.

De onderstaande afbeelding is verkleind, klik op de thumbnail voor een vergroting.

Image

Download DDS van sUBS van één van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.


Afbeelding

DDS is een diagnosetool en maakt gebruik van scripts.

Schakel je beveiligings software uit voordat je DDS uitvoert!

Dubbelklik op DDS om de tool te starten.

DDS zal 2 logfiles openen:
* DDS.txt
* Attach.txt


Een scherm vraagt je om beide logjes op te slaan omdat de logjes weg zullen zijn als je ze sluit.
Sla de logjes op bijvoorbeeld op je bureaublad of een andere plaats waar je ze makkelijk terug vind.

Post het DDS.txt logje met je volgende antwoord. De Attach.txt post je alleen wanneer ik hier om vraag.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33369
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: mijn logbestanden na infectie live security platinum

Berichtdoor derijp » ma 25 jun, 2012 18:52:43

oke, wel een gek idee om mijn pc inhoudt hier te posten, maar ja


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Pascal at 18:50:11 on 2012-06-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4010.1727 [GMT 2:00]
.
AV: AVG Internet Security Business Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security Business Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell\Stage Remote\DMR.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Pascal\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify] "C:\Users\Pascal\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Pascal\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstall ... NllYVVItSg"&"inst=NzYtMTE2NTg0MzQ4MC1TVDEyQVBQKzEtRERUKzAtRVVMQSsx"&"prod=92"&"ver=2012.0.1809"&"mid=d156d48deb7f47d090cd7d3bcfeecd85-13f67045a76b2364fc8d1fcf978e707513a8d6fc
StartupFolder: C:\Users\Pascal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: triversum.nl\thuiswerken
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/softwa ... Plugin.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{837A96CD-6DAF-4C18-85FD-2BD670DAB2CD} : DhcpNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{837A96CD-6DAF-4C18-85FD-2BD670DAB2CD}\A5967676F63364635434 : DhcpNameServer = 212.54.40.25 212.54.35.25
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{27B4851A-3207-45A2-B947-BE8AFE6163AB}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{95B7759C-8C7F-4BF1-B163-73684A933233}
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Reader Application Helper] C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstall ... NllYVVItSg"&"inst=NzYtMTE2NTg0MzQ4MC1TVDEyQVBQKzEtRERUKzAtRVVMQSsx"&"prod=92"&"ver=2012.0.1809"&"mid=d156d48deb7f47d090cd7d3bcfeecd85-13f67045a76b2364fc8d1fcf978e707513a8d6fc
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-6-25 98208]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-6-25 1692480]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-25 2656280]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-6-25 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-5 136176]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 257224]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys --> C:\Windows\system32\drivers\btmaud.sys [?]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-5 136176]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-9-14 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-06-25 09:57:57 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-25 09:41:41 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-25 09:41:39 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-25 09:41:29 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-25 09:39:32 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-25 09:31:26 -------- d-----w- C:\Program Files (x86)\AVG Internet Security
2012-06-25 08:05:03 -------- d-----w- C:\Users\Pascal\AppData\Local\{E3FF08D8-39DD-40E9-81EB-34550472E430}
2012-06-25 08:04:52 -------- d-----w- C:\Users\Pascal\AppData\Local\{3E9F293D-B898-49DD-A4E6-F932C818DA4B}
2012-06-24 19:34:44 -------- d-----w- C:\Users\Pascal\AppData\Local\{73DCF942-0010-4C31-992B-3C5412C9ECD5}
2012-06-24 19:34:28 -------- d-----w- C:\Users\Pascal\AppData\Local\{C9B56D73-76A6-4653-9AAC-3271A2F0D069}
2012-06-24 09:07:07 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-24 08:04:11 98816 ----a-w- C:\Windows\sed.exe
2012-06-24 08:04:11 518144 ----a-w- C:\Windows\SWREG.exe
2012-06-24 08:04:11 256000 ----a-w- C:\Windows\PEV.exe
2012-06-24 08:04:11 208896 ----a-w- C:\Windows\MBR.exe
2012-06-24 07:33:00 -------- d-----w- C:\Users\Pascal\AppData\Local\{2C1C2659-755B-4213-858C-B33841DF244F}
2012-06-24 07:32:44 -------- d-----w- C:\Users\Pascal\AppData\Local\{BAA866DE-9929-4852-8641-B4098DC1612C}
2012-06-23 11:29:47 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D968E83D-92C8-480D-8880-5B584A72A00A}\mpengine.dll
2012-06-23 11:26:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-23 11:26:03 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-23 11:25:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-23 11:25:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-23 11:20:24 -------- d-----w- C:\Users\Pascal\AppData\Local\{64EE4A59-9A6E-42C8-B1F9-224ACCC86A50}
2012-06-23 11:20:13 -------- d-----w- C:\Users\Pascal\AppData\Local\{E430B025-4B87-49FE-B829-037688BA127F}
2012-06-22 17:48:37 -------- d-----w- C:\Users\Pascal\AppData\Local\{734438B2-7E56-4F25-A218-D0DEB89FA743}
2012-06-22 17:48:25 -------- d-----w- C:\Users\Pascal\AppData\Local\{951E628A-7F96-4581-AE77-015B43F8739B}
2012-06-22 05:47:01 -------- d-----w- C:\Users\Pascal\AppData\Local\{BD132CBB-C291-47E4-A848-806FDBD56E9D}
2012-06-22 05:46:46 -------- d-----w- C:\Users\Pascal\AppData\Local\{4548FC79-384D-4163-8EE7-68DDA967E293}
2012-06-21 17:29:49 -------- d-----w- C:\Users\Pascal\AppData\Local\{7DF387F5-6285-4DC9-B2CB-B96E14923D0B}
2012-06-21 17:29:39 -------- d-----w- C:\Users\Pascal\AppData\Local\{0071E2D3-73BF-4607-B6F6-9359215AC2FA}
2012-06-21 05:29:20 -------- d-----w- C:\Users\Pascal\AppData\Local\{A3A3C35D-3A23-4C8A-8244-5CA78963B1E2}
2012-06-21 05:29:10 -------- d-----w- C:\Users\Pascal\AppData\Local\{341321C2-E666-4631-885D-06E826A7142C}
2012-06-20 15:26:14 -------- d-----w- C:\Users\Pascal\AppData\Local\{FCCF7F4D-9F0E-4AC0-9641-74F25EF3E194}
2012-06-20 15:26:03 -------- d-----w- C:\Users\Pascal\AppData\Local\{D26D03C0-D904-4914-A03E-D53C222E3FFA}
2012-06-20 15:18:42 -------- d-----w- C:\Windows\nl
2012-06-20 15:14:07 -------- d-----w- C:\Users\Pascal\AppData\Local\{73D7223A-99B3-4A02-AAAD-2F6A3AF06F43}
2012-06-20 15:10:21 -------- d-----w- C:\Users\Pascal\AppData\Local\{4C6A7B80-97F1-4DEE-BD2A-9FFA5DAE47E4}
2012-06-20 15:09:04 -------- d-----w- C:\Users\Pascal\AppData\Local\{10B7115F-1F73-4237-9368-75107E2613BD}
2012-06-20 15:08:51 -------- d-----w- C:\Users\Pascal\AppData\Local\{CB56C960-7075-4484-9BE2-4BFBBCF55C1C}
2012-06-20 14:38:21 -------- d-----w- C:\Users\Pascal\AppData\Local\{CC76FD97-C623-416E-A361-5454F2B1DA8B}
2012-06-20 14:38:10 -------- d-----w- C:\Users\Pascal\AppData\Local\{A48B3E02-F53A-4F6C-B1AC-0607BF63A6DB}
2012-06-20 08:34:09 -------- d-----w- C:\Users\Pascal\AppData\Local\{E829FADC-62C8-4FD6-BA30-E13F8DE6EB2D}
2012-06-20 08:33:08 -------- d-----w- C:\Users\Pascal\AppData\Local\{7B5AE8B1-F461-4401-96E0-028E26EECEE5}
2012-06-18 05:52:49 -------- d-----w- C:\Users\Pascal\AppData\Local\{82B473BC-0FB4-4B62-9FC9-2ADCD085CC73}
2012-06-17 09:28:33 -------- d-----w- C:\Users\Pascal\AppData\Local\{D3B410F4-B268-4DDF-B5D3-FCB0603AA5C4}
2012-06-15 13:00:39 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-15 13:00:39 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-15 05:43:03 -------- d-----w- C:\Users\Pascal\AppData\Local\{ECD4B0D5-CFDB-4B7A-BB82-A1A913646EBA}
2012-06-14 19:07:50 -------- d-----w- C:\Users\Pascal\AppData\Local\{3117453B-D79E-40D7-B2C8-3653BD73A6CD}
2012-06-14 19:07:40 -------- d-----w- C:\Users\Pascal\AppData\Local\{A4E6EAC9-69B9-4DA9-A961-8A5123CB4E14}
2012-06-14 18:13:01 -------- d-----w- C:\Users\Pascal\AppData\Local\{70481517-4655-46E2-9BB9-0F6123674323}
2012-06-14 18:00:06 -------- d-----w- C:\Users\Pascal\AppData\Local\{CB579469-34EF-4544-9BDF-5F16CAA987B3}
2012-06-14 17:59:55 -------- d-----w- C:\Users\Pascal\AppData\Local\{6D1E564D-CCEF-4AA6-B688-F4176478D208}
2012-06-14 17:49:10 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5dc4011cd4a5602\MeshBetaRemover.exe
2012-06-14 17:49:08 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ff9f55eb1cd4a5501\DSETUP.dll
2012-06-14 17:49:08 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ff9f55eb1cd4a5501\DXSETUP.exe
2012-06-14 17:49:08 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ff9f55eb1cd4a5501\dsetup32.dll
2012-06-14 17:48:58 -------- d-----w- C:\Users\Pascal\AppData\Local\{0FB33714-5F26-4B70-A82B-A0D803AC5D0D}
2012-06-14 17:48:08 -------- d-----w- C:\Users\Pascal\AppData\Local\{230ADF57-0EB7-4921-8182-0FACEA0251DD}
2012-06-14 17:47:57 -------- d-----w- C:\Users\Pascal\AppData\Local\{3C1193F0-524F-4DC8-9BD7-CA878CFE7455}
2012-06-14 14:04:31 -------- d-----w- C:\Users\Pascal\AppData\Local\{93E810CC-E12C-4C4E-A433-6FA2F795AB08}
2012-06-14 14:04:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{B8D7C28B-8058-4C44-842D-EC7489EE8B90}
2012-06-14 12:01:06 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-06-14 11:52:48 -------- d-----w- C:\Users\Pascal\AppData\Roaming\Malwarebytes
2012-06-14 11:52:05 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-14 11:51:57 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-14 11:51:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-14 11:37:57 -------- d-----w- C:\Program Files (x86)\DVD SHRINK
2012-06-14 11:07:48 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 11:07:47 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 11:07:47 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 11:07:13 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 11:07:10 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 11:07:09 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 11:07:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 11:07:04 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 11:07:00 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 11:07:00 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 11:06:55 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 11:06:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 11:06:35 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 11:06:35 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 11:06:34 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 11:06:34 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 11:06:34 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-14 10:56:40 -------- d-----w- C:\Users\Pascal\AppData\Local\{2E2E4F10-ADDA-471E-BFE0-94C8ED9E010C}
2012-06-14 10:56:26 -------- d-----w- C:\Users\Pascal\AppData\Local\{A18DA7A4-53D7-4E5D-A6B9-EDCDEA5A4D31}
2012-06-13 18:00:19 -------- d-----w- C:\Users\Pascal\AppData\Local\{7DA6D6C1-3FE9-4A57-9A11-7CF511AEF677}
2012-06-13 18:00:08 -------- d-----w- C:\Users\Pascal\AppData\Local\{8FF60F1D-2743-40D3-871F-5C7912A982AD}
2012-06-13 14:33:22 -------- d-----w- C:\Users\Pascal\AppData\Roaming\AVG2012
2012-06-13 14:32:04 -------- d-----w- C:\Users\Pascal\AppData\Local\{3EC71012-405F-404F-99BF-B43BB30F230A}
2012-06-13 14:31:50 -------- d--h--w- C:\ProgramData\Common Files
2012-06-13 14:31:49 -------- d-----w- C:\Users\Pascal\AppData\Local\{3A391FFC-3746-47C3-86E4-713F0229C25C}
2012-06-13 14:30:07 -------- d-----w- C:\ProgramData\AVG2012
2012-06-13 14:29:20 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-13 13:55:41 -------- d-----w- C:\ProgramData\MFAData
2012-06-13 12:03:27 -------- d-----w- C:\sh4ldr
2012-06-13 12:03:27 -------- d-----w- C:\Program Files\Enigma Software Group
2012-06-13 12:01:47 -------- d-----w- C:\Windows\18F97AF04F884494AFE25A5702E142CC.TMP
2012-06-13 12:01:36 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-06-13 07:47:19 -------- d-----w- C:\Users\Pascal\AppData\Local\{87D95148-BB0B-4D35-AAC5-BAE2279B743A}
2012-06-13 07:47:02 -------- d-----w- C:\Users\Pascal\AppData\Local\{737FAA5D-1290-4682-AEAF-45DDDB121C74}
2012-06-12 06:17:46 -------- d-----w- C:\Users\Pascal\AppData\Local\{959308C4-D047-4591-AB48-2AE6FE272354}
2012-06-12 06:17:32 -------- d-----w- C:\Users\Pascal\AppData\Local\{A3E76E9B-6960-4B0D-B977-A4A8653BEF24}
2012-06-11 14:22:42 -------- d-----w- C:\Users\Pascal\AppData\Local\{8B4F7346-ECE5-4D7A-ACA4-DE07E743FB96}
2012-06-11 14:22:33 -------- d-----w- C:\Users\Pascal\AppData\Local\{C5900B42-C3DD-4894-B2B4-75AC91737AE9}
2012-06-11 12:10:33 -------- d-----w- C:\Users\Pascal\AppData\Local\{F90AEBB1-8617-4111-97DE-FD4F1DF20D9C}
2012-06-11 12:10:23 -------- d-----w- C:\Users\Pascal\AppData\Local\{35C7B31F-F4FA-43CF-A166-5069C35DE867}
2012-06-11 11:48:39 -------- d-----w- C:\Users\Pascal\AppData\Local\{782A8684-1C33-42C3-9EDC-BFB9047C92DF}
2012-06-11 11:48:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{3F696E6A-8245-4B38-ABCE-D8D27334E892}
2012-06-11 10:50:37 -------- d-----w- C:\Users\Pascal\AppData\Local\{4690A7CF-8F2D-49DC-88E5-60B88518034B}
2012-06-11 10:50:28 -------- d-----w- C:\Users\Pascal\AppData\Local\{3207A748-79CE-4086-8680-BB94E7BCB44A}
2012-06-11 10:42:39 -------- d-----w- C:\Users\Pascal\AppData\Local\{745706FF-5E84-4482-B66B-49B1D24B05E4}
2012-06-11 10:42:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{8B445014-AC7E-4921-BB11-879BAF059586}
2012-06-11 09:52:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{CC8D4ABE-0994-47F8-B9C6-89C779621752}
2012-06-11 05:26:55 -------- d-----w- C:\Users\Pascal\AppData\Local\{CC8C8F65-EA2E-44DB-A1B7-F9FB3BF0FFB4}
2012-06-11 05:26:43 -------- d-----w- C:\Users\Pascal\AppData\Local\{8C380E43-E22D-4EDB-835E-D7E8EACC62B2}
2012-06-10 08:07:03 -------- d-----w- C:\Users\Pascal\AppData\Local\{4185FB2D-3A7B-4908-B41B-DADD526F9E90}
2012-06-10 08:06:52 -------- d-----w- C:\Users\Pascal\AppData\Local\{EB769AF4-BEF7-4793-84FF-BB4003353F49}
2012-06-09 18:57:25 -------- d-----w- C:\Users\Pascal\AppData\Local\{69DD250F-C660-4FB6-9BD5-6037E91C8D04}
2012-06-09 18:57:14 -------- d-----w- C:\Users\Pascal\AppData\Local\{BA05277E-1E4E-4728-A95B-5892F7180698}
2012-06-09 07:17:15 -------- d-----w- C:\Users\Pascal\AppData\Local\{8DE495CF-9F2D-4714-89B0-7C2C0DA143B5}
2012-06-09 07:17:05 -------- d-----w- C:\Users\Pascal\AppData\Local\{823091C1-128B-4E2F-8053-AA46B155759B}
2012-06-08 09:14:50 -------- d-----w- C:\Program Files\iPod
2012-06-08 09:14:49 -------- d-----w- C:\Program Files\iTunes
2012-06-08 09:14:49 -------- d-----w- C:\Program Files (x86)\iTunes
2012-06-08 09:03:57 -------- d-----w- C:\Users\Pascal\AppData\Local\{7B2F6E61-E583-45AD-9A1E-9795D7C25987}
2012-06-08 09:03:45 -------- d-----w- C:\Users\Pascal\AppData\Local\{A9B83331-4CA0-45E2-AFDC-B06ED1191E92}
2012-06-08 05:25:30 -------- d-----w- C:\Users\Pascal\AppData\Local\{11ECBF8C-AB9B-4213-A1EF-D2EE8C15C672}
2012-06-08 05:25:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{A7EBCD85-AD53-477A-9270-F18E3D6F2A16}
2012-06-07 19:50:42 -------- d-----w- C:\Users\Pascal\AppData\Local\{A91F3E7C-F2EF-4AF8-866E-DFCAE27535A8}
2012-06-07 19:50:31 -------- d-----w- C:\Users\Pascal\AppData\Local\{EF5E8590-A46D-4AED-825C-331327FB5CB1}
2012-06-07 15:36:55 -------- d-----w- C:\Users\Pascal\AppData\Local\{6858E648-466B-4EC4-A478-DE618C3076AB}
2012-06-07 15:36:45 -------- d-----w- C:\Users\Pascal\AppData\Local\{512C952E-3910-451F-B00D-5AD11B05C3C1}
2012-06-07 05:43:04 -------- d-----w- C:\Users\Pascal\AppData\Local\{B1527652-D389-47B0-917E-6597FAC39528}
2012-06-07 05:42:52 -------- d-----w- C:\Users\Pascal\AppData\Local\{04D76988-EB58-42A8-8CB0-A5501BCBAD05}
2012-06-06 15:21:11 -------- d-----w- C:\Users\Pascal\AppData\Local\{2A2744C7-9C9D-400E-AEC9-790DF081D0C5}
2012-06-06 15:21:00 -------- d-----w- C:\Users\Pascal\AppData\Local\{1204D788-DBFC-428A-9EE5-0315F83FF5C0}
2012-06-06 11:49:47 -------- d-----w- C:\Users\Pascal\AppData\Local\{83A86905-820D-4E2D-96DF-9E17982C6B8D}
2012-06-06 11:49:37 -------- d-----w- C:\Users\Pascal\AppData\Local\{859AFBAA-EF2E-4540-BACB-E878AB77DED9}
2012-06-06 11:46:20 -------- d-----w- C:\Users\Pascal\AppData\Local\{8BB8227F-6ECA-4CCB-BE8D-CA2EE5CDC508}
2012-06-06 11:46:10 -------- d-----w- C:\Users\Pascal\AppData\Local\{41721B6B-8530-4C79-A5B1-30D842032980}
2012-06-06 11:41:08 -------- d-----w- C:\Users\Pascal\AppData\Local\{D94D2CE6-BB99-4024-9E1E-771B7C1905F2}
2012-06-06 11:40:58 -------- d-----w- C:\Users\Pascal\AppData\Local\{15FCDFF3-C127-4948-A67B-07C306ACB90F}
2012-06-06 07:24:33 -------- d-----w- C:\Users\Pascal\AppData\Local\{C41DAF5A-AFA3-4F5A-9DEB-98288B069F2C}
2012-06-06 07:24:22 -------- d-----w- C:\Users\Pascal\AppData\Local\{F4EE1AE4-475F-4FB9-8BBE-3E0A3F87B4D3}
2012-06-06 07:13:30 -------- d-----w- C:\Users\Pascal\AppData\Local\{F8A28B17-EEDA-4128-987B-3941E4C254F6}
2012-06-06 07:13:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{B2B694D6-22B7-40ED-A459-8795AA434C22}
2012-06-05 12:49:19 -------- d-----w- C:\Users\Pascal\AppData\Local\{E4968597-E5CC-4816-A1CD-8998CF0C53E9}
2012-06-05 12:49:09 -------- d-----w- C:\Users\Pascal\AppData\Local\{894C4291-C6B1-4999-8A8B-5E2F8ACF5832}
2012-06-05 12:37:56 -------- d-----w- C:\Users\Pascal\AppData\Local\{3A6278D6-829E-4CBA-AF65-0435FFEF1824}
2012-06-05 12:37:46 -------- d-----w- C:\Users\Pascal\AppData\Local\{5E99F215-5F03-4BB7-AC25-3F217235132E}
2012-06-05 07:55:06 -------- d-----w- C:\Users\Pascal\AppData\Local\{55E318EE-4022-4AC6-A91D-3DAC943D505E}
2012-06-05 07:54:55 -------- d-----w- C:\Users\Pascal\AppData\Local\{F9195794-35B1-41FD-822E-0E80A09B3871}
2012-06-04 06:23:06 -------- d-----w- C:\Users\Pascal\AppData\Local\{525DE2E6-DFE6-417A-8567-1BB852E93454}
2012-06-04 06:22:56 -------- d-----w- C:\Users\Pascal\AppData\Local\{216BC800-16CE-4C87-B05F-D1EF48DF94B4}
2012-06-04 06:03:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{A54A94BD-86B9-40EA-BBC3-094F1CA995DE}
2012-06-04 05:55:18 -------- d-----w- C:\Users\Pascal\AppData\Local\{302A464A-E01F-4926-AA92-714CB8CA3C56}
2012-06-04 05:55:08 -------- d-----w- C:\Users\Pascal\AppData\Local\{70B06810-1D62-4DB2-87FB-6755B276DA9E}
2012-06-04 05:41:41 -------- d-----w- C:\Users\Pascal\AppData\Local\{AF932825-3128-48D1-B921-189D96941DC0}
2012-06-04 05:41:29 -------- d-----w- C:\Users\Pascal\AppData\Local\{DCD68FE9-99FA-4E82-81F8-127E7FD763AE}
2012-06-03 18:48:03 -------- d-----w- C:\Users\Pascal\AppData\Local\{F6DFDDBC-EEBA-45E3-8F66-843B995266EE}
2012-06-03 18:47:46 -------- d-----w- C:\Users\Pascal\AppData\Local\{3EEA0638-7D41-4CA6-AC04-422B794569EF}
2012-06-03 15:23:17 -------- d-----w- C:\Users\Pascal\AppData\Local\{B23C528D-D8F8-4FAE-8FF5-7FCED2F2DF64}
2012-06-01 18:17:28 -------- d-----w- C:\Users\Pascal\AppData\Local\{5913A72B-1CC1-4CBC-93C5-A47667134EC1}
2012-06-01 08:21:40 -------- d-----w- C:\Users\Pascal\AppData\Local\{FEF0F297-8D35-4BBA-9776-0B81CA4A9880}
2012-05-31 19:23:25 -------- d-----w- C:\Users\Pascal\AppData\Local\{6BC1C09F-6FE5-47D5-9BBA-EF5237B735FC}
2012-05-27 19:37:39 -------- d-----w- C:\Users\Pascal\AppData\Local\{3443E971-4596-4571-A25D-59C515444EC3}
2012-05-26 20:20:31 -------- d-----w- C:\Users\Pascal\AppData\Local\{889AC332-646C-46E7-862D-635BA706E081}
2012-05-26 20:20:20 -------- d-----w- C:\Users\Pascal\AppData\Local\{3831F509-D557-44DE-BBDD-3169558594E5}
.
==================== Find3M ====================
.
2012-06-24 07:33:12 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-24 07:33:12 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-05 10:27:19 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 18:50:41,84 ===============
derijp
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 8
Geregistreerd: do 14 jun, 2012 13:44:18
Kennisniveau: (1) Beginner
AV: Mcafee

Re: mijn logbestanden na infectie live security platinum

Berichtdoor Maxstar » ma 25 jun, 2012 18:56:02

Hoi,
derijp schreef:oke, wel een gek idee om mijn pc inhoudt hier te posten, maar ja

Buiten de gebruikersnaam om staat er geen privé gevoelige informatie in dit soort logjes hoor. ;)

Maar het logje ziet er prima uit, zijn er nu verder nog problemen merkbaar?
Wat betreft de 'gecomprommitteerde' website, heb je hier nog iets van malafide bestanden en hidden i-frames kunnen ontdekken?
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33369
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Re: mijn logbestanden na infectie live security platinum

Berichtdoor derijp » ma 25 jun, 2012 19:03:23

Hoi

Die opmerkingen heb ik door gemaild naar onze webmaster.
Er was wel wat op onze site geplaatst, maar hij vertelde dat het geen virus was.
Dus als het goed is, is dat opgelost.
Ik verander alleen dingen op de site en vul artikelen in, de rest doet hij.

ik merk nu niets meer, dus hoop dat het goed is zo.

Ik heb Mcafee eraf gegooid en nu gebruik ik een goede versie van AVG
misschien helpt dat ook.

Dank je weer voor je hulp!
Hoop niet meer terug te komen

groetjes!
derijp
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 8
Geregistreerd: do 14 jun, 2012 13:44:18
Kennisniveau: (1) Beginner
AV: Mcafee

Re: mijn logbestanden na infectie live security platinum

Berichtdoor Maxstar » di 26 jun, 2012 12:31:49

Hoi,

Graag gedaan en goed om te horen dat er geen problemen meer zijn.
Wat betreft AVG heeft deze een betere detectie dan McAfee, zie ook de onderstaande RAP-test van VirusBulletin.

De onderstaande afbeelding is verkleind, klik op de thumbnail voor een vergroting.

Image

De volgende programma's en bijbehorende log bestanden mag je verwijderen.
  • DDS

Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
  • Hoe u de herstelpunten verwijderd leest u hier
  • Hoe u zelf snel een nieuw systeemherstelpunt aan kunt maken leest u hier

2.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

3.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier

4.) Gebruikersaccounts
Met dit account heeft u dus het volledige beheer van de computer in handen, het is dan ook niet aan te raden om dit account als primair account voor het dagelijkse gebruik in te stellen.
Meer informatie hierover leest u hier

5.) Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.
Hier en hier staat informatie hoe u een infectie kunt voorkomen, lees dit eens op uw gemak door.

Meer informatie over het gebruik van "beveiligings software" en "valse (nep) software" (rogueware) leest u hier
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 33369
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Internet Security

Volgende

Keer terug naar Opgeloste problemen / logs

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 1 gast