Gesloten
1
Hallo!

Vandaag was mijn laptop plots geinfecteerd met het Ukash virus. Via mijn broer heb ik in via regedit 2 bestanden verwijderd in de map HKEY_current_user\software\microsoft\windows\currentversion\run. Nadien kon ik mijn computer weer normaal gebruiken, maar via jullie site heb ik het stappenplan uitgevoerd (van FCCU Federal computer crime unit trojan.ransom verwijderen).

Hieronder volgen de 2 logberichten van DDS:

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Thea at 22:11:00 on 2012-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3957.2395 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Thea\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Thea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D4B04A74-FCB2-49B9-B97F-6AF3C3C79820} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D4B04A74-FCB2-49B9-B97F-6AF3C3C79820}\B6160737 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{8dcb7100-df86-4384-8842-8fa844297b3f}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-8-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-23 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-23 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-21 673088]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-8 2222376]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-21 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-15 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-11-22 8192]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-2 1038088]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-06-01 19:19:51 -------- d-----w- C:\Users\Thea\AppData\Roaming\Malwarebytes
2012-06-01 19:19:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-01 19:19:41 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-01 19:19:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-01 18:01:44 55808 ----a-w- C:\ProgramData\duxpoymdgyxknmxewext.exe
2012-06-01 18:01:43 -------- d-----w- C:\ProgramData\obtbycvibturxnt
2012-06-01 13:59:47 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F20E83CF-4172-4104-BC4B-130BC5F30411}\mpengine.dll
2012-06-01 13:56:05 -------- d-----w- C:\Users\Thea\AppData\Local\{A8EDDA8D-21A5-4F3F-85F5-3481361DE79D}
2012-06-01 13:55:53 -------- d-----w- C:\Users\Thea\AppData\Local\{C1F6A4DC-A9E9-460F-85F4-DF3526AA7E8E}
2012-05-31 19:21:18 -------- d-----w- C:\Users\Thea\AppData\Local\{2D44C573-2E0F-4965-B449-5116F10B219D}
2012-05-31 19:21:07 -------- d-----w- C:\Users\Thea\AppData\Local\{0BC69311-1DC2-4D24-AC45-400D168AFE93}
2012-05-31 07:20:55 -------- d-----w- C:\Users\Thea\AppData\Local\{4A0880AC-EED6-491C-B687-8944845A7EB5}
2012-05-31 07:20:45 -------- d-----w- C:\Users\Thea\AppData\Local\{33165EE6-52E2-4333-BD61-250B81D0C908}
2012-05-30 09:46:20 -------- d-----w- C:\Users\Thea\AppData\Local\{4EACEA0B-B879-424D-A51E-47994F73AC43}
2012-05-30 09:46:09 -------- d-----w- C:\Users\Thea\AppData\Local\{99D7B29B-9024-418A-89BF-F46D984CD829}
2012-05-29 06:56:29 -------- d-----w- C:\Users\Thea\AppData\Local\{0B7E25EF-D3C0-43D8-A0C8-7A330C5D2899}
2012-05-29 06:56:18 -------- d-----w- C:\Users\Thea\AppData\Local\{82BDEAC3-FE66-496D-8D12-FE8B32AADEDC}
2012-05-28 10:42:15 -------- d-----w- C:\Users\Thea\AppData\Local\{741B13FB-306C-4398-8E32-B32A4A59A742}
2012-05-28 10:42:03 -------- d-----w- C:\Users\Thea\AppData\Local\{AACDB86C-74F5-4C3A-8002-4E37C5925BAC}
2012-05-27 19:38:51 -------- d-----w- C:\Users\Thea\AppData\Local\{07925C3D-9782-44AC-976F-9DEF1F33DA19}
2012-05-27 19:38:32 -------- d-----w- C:\Users\Thea\AppData\Local\{A460D535-F8B3-4DBE-8E1F-29F4E8F50B51}
2012-05-27 06:47:09 -------- d-----w- C:\Users\Thea\AppData\Local\{5BE6BDB3-6510-4548-8A29-C6E2FFC509C7}
2012-05-27 06:46:57 -------- d-----w- C:\Users\Thea\AppData\Local\{01B32A66-1E44-46A6-939A-22C359430DB4}
2012-05-26 13:51:32 -------- d-----w- C:\Users\Thea\AppData\Local\{6670864B-F5E4-4791-B0F6-C4BD2C13C871}
2012-05-26 13:51:21 -------- d-----w- C:\Users\Thea\AppData\Local\{7E297D33-480C-4B59-990D-F9813DD8A19A}
2012-05-25 20:44:40 -------- d-----w- C:\Users\Thea\AppData\Local\{FA112347-8EFC-4039-8380-11B66A6D07FF}
2012-05-25 20:44:29 -------- d-----w- C:\Users\Thea\AppData\Local\{8AFC8009-7567-4E54-AB3B-589DD648D365}
2012-05-25 08:30:11 -------- d-----w- C:\Users\Thea\AppData\Local\{03786959-C548-4E57-ABA9-F34EBB20C043}
2012-05-25 08:30:00 -------- d-----w- C:\Users\Thea\AppData\Local\{48A00C60-EBB7-45CF-A1D0-D57F43D9F197}
2012-05-24 20:06:40 -------- d-----w- C:\Users\Thea\AppData\Local\{9F7BD5AA-5357-4664-9A11-739CDC0F0432}
2012-05-24 20:06:29 -------- d-----w- C:\Users\Thea\AppData\Local\{CCDE5F8F-63EA-4B50-9B1A-1605787EA626}
2012-05-24 06:49:53 -------- d-----w- C:\Users\Thea\AppData\Local\{C8C33FBC-5FB1-4D08-B098-73228FEA5D01}
2012-05-24 06:49:42 -------- d-----w- C:\Users\Thea\AppData\Local\{80D34EFA-CDAD-461F-AF59-2D966F9BCB50}
2012-05-23 07:42:55 -------- d-----w- C:\Users\Thea\AppData\Local\{B3BF828E-8864-4FDA-9CBD-0E21965678EA}
2012-05-23 07:42:42 -------- d-----w- C:\Users\Thea\AppData\Local\{8CC32144-0FB0-4B77-AC14-AA67D8A00A83}
2012-05-22 19:22:51 -------- d-----w- C:\Users\Thea\AppData\Local\{6D74BB5E-D90B-428D-8A4C-36FC7E344E66}
2012-05-22 19:22:40 -------- d-----w- C:\Users\Thea\AppData\Local\{A51DD4E9-6EF4-4D40-8DE2-B16E9B8FE09C}
2012-05-22 07:22:26 -------- d-----w- C:\Users\Thea\AppData\Local\{DAE3EF37-FDB7-433D-A834-25805F4941E4}
2012-05-21 19:05:46 -------- d-----w- C:\Users\Thea\AppData\Local\{993F2D7C-2A2C-4897-87E3-86450DB5C3FD}
2012-05-21 07:05:22 -------- d-----w- C:\Users\Thea\AppData\Local\{796FD4ED-11FE-48A8-B3FC-ED846F39633D}
2012-05-21 07:05:10 -------- d-----w- C:\Users\Thea\AppData\Local\{48710B50-FF86-4F6E-9D83-CBC05FF27D81}
2012-05-20 19:04:01 -------- d-----w- C:\Users\Thea\AppData\Local\{A489352F-987E-473C-8D1B-483219E673F0}
2012-05-20 19:03:51 -------- d-----w- C:\Users\Thea\AppData\Local\{6244A83A-D49D-4D4B-A848-BE3539ABAB9E}
2012-05-20 07:03:38 -------- d-----w- C:\Users\Thea\AppData\Local\{60915E3E-ABAE-4CC8-B174-95B614BA487B}
2012-05-20 07:03:27 -------- d-----w- C:\Users\Thea\AppData\Local\{F4FEC3DA-FEE0-4665-ADFA-C8B0DE13D805}
2012-05-19 19:02:54 -------- d-----w- C:\Users\Thea\AppData\Local\{1E8DE78A-5475-4C39-BEF6-A3F6BAFD6AEB}
2012-05-19 19:02:43 -------- d-----w- C:\Users\Thea\AppData\Local\{D5F15861-6B21-41FB-B817-ACC75153D05E}
2012-05-19 07:02:18 -------- d-----w- C:\Users\Thea\AppData\Local\{7B2E2BB2-6F4F-4728-AEC2-D8201B45F442}
2012-05-19 07:02:07 -------- d-----w- C:\Users\Thea\AppData\Local\{1641EA4A-3129-4F4B-8FB4-0B2ED08E9A87}
2012-05-18 19:01:42 -------- d-----w- C:\Users\Thea\AppData\Local\{17298126-DA56-435B-BAA6-EB11297B4A79}
2012-05-18 07:01:18 -------- d-----w- C:\Users\Thea\AppData\Local\{62EDEAFC-B0D4-47E3-9FD2-047E6D3A071C}
2012-05-18 07:01:07 -------- d-----w- C:\Users\Thea\AppData\Local\{03F53C59-2DC0-4912-A771-D2BA3B27562A}
2012-05-17 19:00:43 -------- d-----w- C:\Users\Thea\AppData\Local\{4B19A5AC-338C-4569-8F31-3580911F2C44}
2012-05-17 19:00:32 -------- d-----w- C:\Users\Thea\AppData\Local\{4A146A60-02F3-44D2-A337-83149357E03D}
2012-05-17 07:00:17 -------- d-----w- C:\Users\Thea\AppData\Local\{5B1093CD-AF85-476A-BD06-820C83300D37}
2012-05-17 07:00:06 -------- d-----w- C:\Users\Thea\AppData\Local\{4ED47BD1-75E8-472B-8411-F7B138F19A72}
2012-05-16 18:22:04 -------- d-----w- C:\Users\Thea\AppData\Local\{A61DE126-DE5F-45EF-BE3E-ABCC624C0624}
2012-05-16 18:21:53 -------- d-----w- C:\Users\Thea\AppData\Local\{DB32EE79-B3E8-4E1E-8E90-3520897AE040}
2012-05-16 06:21:40 -------- d-----w- C:\Users\Thea\AppData\Local\{2E498293-4C38-4D1A-8767-B04E085C3AEC}
2012-05-16 06:21:29 -------- d-----w- C:\Users\Thea\AppData\Local\{B99AD185-5D36-4565-909C-635076DE7C38}
2012-05-15 18:21:04 -------- d-----w- C:\Users\Thea\AppData\Local\{37D1D5A9-E702-4D27-87A2-5EE618EB1D18}
2012-05-15 18:20:53 -------- d-----w- C:\Users\Thea\AppData\Local\{CD776E0D-8CFE-4908-AD69-37AD0E2E4CCF}
2012-05-15 06:20:39 -------- d-----w- C:\Users\Thea\AppData\Local\{D8BE55D6-9FAC-45EB-A1F3-64B5131474CE}
2012-05-15 06:20:28 -------- d-----w- C:\Users\Thea\AppData\Local\{C3F4F289-5F11-4043-8EF8-E793DFD13526}
2012-05-14 18:20:02 -------- d-----w- C:\Users\Thea\AppData\Local\{6E2EFE23-5D31-46FF-A4EF-68879352226A}
2012-05-14 18:19:51 -------- d-----w- C:\Users\Thea\AppData\Local\{BF20A43E-552F-401E-8A25-34B436DC4616}
2012-05-14 06:19:36 -------- d-----w- C:\Users\Thea\AppData\Local\{99E221DF-0D4B-4591-9FC5-F2DB9D27694E}
2012-05-14 06:19:25 -------- d-----w- C:\Users\Thea\AppData\Local\{3F224336-80F8-4C3F-BEA5-DBEF354CD589}
2012-05-13 08:32:15 -------- d-----w- C:\Users\Thea\AppData\Local\{DF17D436-365B-447C-91A6-E4C0A011D9D1}
2012-05-13 08:32:04 -------- d-----w- C:\Users\Thea\AppData\Local\{40B67F76-4707-4C09-AE8C-D5F2B31F4EC4}
2012-05-12 20:31:35 -------- d-----w- C:\Users\Thea\AppData\Local\{C7B73F96-B9BF-40B8-8136-5627E151469E}
2012-05-12 11:20:18 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 11:20:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 11:20:11 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 11:20:10 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 11:20:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 11:20:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 11:19:20 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 11:19:09 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 11:19:06 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:19:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 11:19:06 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:19:05 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 11:19:05 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 07:18:11 -------- d-----w- C:\Users\Thea\AppData\Local\{8FEC8358-20D6-40D5-A0F5-3253710EAFEE}
2012-05-12 07:17:59 -------- d-----w- C:\Users\Thea\AppData\Local\{6E514C02-67A9-4720-8F26-17F493C27969}
2012-05-11 18:31:41 -------- d-----w- C:\Users\Thea\AppData\Local\{B74225A2-7D5B-442B-841A-B08D62871593}
2012-05-11 06:26:52 -------- d-----w- C:\Users\Thea\AppData\Local\{10151855-7F14-4018-9083-B72BBDAA1506}
2012-05-11 06:26:41 -------- d-----w- C:\Users\Thea\AppData\Local\{4B882F67-1D5B-44D3-A41D-AA3E0692853C}
2012-05-10 08:37:35 -------- d-----w- C:\Users\Thea\AppData\Local\{3A5EE8C6-87DC-4CBF-93FA-052806D6F4E7}
2012-05-10 08:37:24 -------- d-----w- C:\Users\Thea\AppData\Local\{2357931C-26EC-4FDE-8146-5D59439C721D}
2012-05-09 20:37:12 -------- d-----w- C:\Users\Thea\AppData\Local\{0A154D2D-19EA-4402-9370-25AC86875A49}
2012-05-09 20:37:01 -------- d-----w- C:\Users\Thea\AppData\Local\{0766A292-A78C-433D-ADA7-EF19E1A25DF0}
2012-05-09 08:36:44 -------- d-----w- C:\Users\Thea\AppData\Local\{182820C5-C1C5-4CC2-A0CF-4142412DDAAC}
2012-05-09 08:36:33 -------- d-----w- C:\Users\Thea\AppData\Local\{BABE7FB0-C831-4B30-8F4A-A75667A7B611}
2012-05-08 18:58:00 -------- d-----w- C:\Users\Thea\AppData\Local\{116E6475-FD53-45F8-A03C-0102A0D99231}
2012-05-08 18:57:49 -------- d-----w- C:\Users\Thea\AppData\Local\{74FB14A6-9364-42CF-A168-51C1E7925FA4}
2012-05-08 06:57:23 -------- d-----w- C:\Users\Thea\AppData\Local\{D3881EA3-1B92-4216-82B7-7C4FC201274A}
2012-05-08 06:57:12 -------- d-----w- C:\Users\Thea\AppData\Local\{26B4A36D-F5B5-4574-885A-E108F79A4200}
2012-05-07 18:56:48 -------- d-----w- C:\Users\Thea\AppData\Local\{7F379789-C454-407C-8FCF-83C191D0A494}
2012-05-07 18:56:37 -------- d-----w- C:\Users\Thea\AppData\Local\{25D31E8D-8445-43BB-9F5C-B389BB238A3B}
2012-05-07 06:56:25 -------- d-----w- C:\Users\Thea\AppData\Local\{D9DF101B-85F6-4B84-ACF2-22315F101C74}
2012-05-07 06:56:14 -------- d-----w- C:\Users\Thea\AppData\Local\{56769A3C-3D20-4F42-8B7C-A7C3C986A7D3}
2012-05-06 18:55:47 -------- d-----w- C:\Users\Thea\AppData\Local\{DC87B389-742B-4D5F-821B-880BC9321587}
2012-05-06 06:55:21 -------- d-----w- C:\Users\Thea\AppData\Local\{105F71C9-58CE-4850-9176-E2A53E60DAD3}
2012-05-06 06:55:07 -------- d-----w- C:\Users\Thea\AppData\Local\{7567ED8F-6DB9-451A-99F4-7B2666B293D4}
2012-05-05 18:49:23 -------- d-----w- C:\Users\Thea\AppData\Local\{90563E49-444C-490B-9B3B-1145BA5B7BAC}
2012-05-05 18:49:11 -------- d-----w- C:\Users\Thea\AppData\Local\{4CEAB7A5-DB3A-4A23-B6EF-B49532668ED9}
2012-05-05 06:48:59 -------- d-----w- C:\Users\Thea\AppData\Local\{BE8ED898-BCB8-4142-87A4-2C458A1E7D98}
2012-05-05 06:48:49 -------- d-----w- C:\Users\Thea\AppData\Local\{79E2CFA8-0C4F-4A3C-A4B3-AFA2D892235D}
2012-05-04 18:48:24 -------- d-----w- C:\Users\Thea\AppData\Local\{398501C0-3DCE-42B9-8261-D8F69D743EE7}
2012-05-04 12:46:26 -------- d-----w- C:\Program Files\iPod
2012-05-04 12:46:25 -------- d-----w- C:\Program Files\iTunes
2012-05-04 12:46:25 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-04 06:48:01 -------- d-----w- C:\Users\Thea\AppData\Local\{3FEAF2A9-7A78-4CC1-B347-139310E25E32}
2012-05-04 06:47:50 -------- d-----w- C:\Users\Thea\AppData\Local\{4F09D10C-5CB5-4244-8326-60244F0F77E1}
2012-05-03 18:47:26 -------- d-----w- C:\Users\Thea\AppData\Local\{52A46A0D-68B6-4298-A72C-2EB326D2C4BE}
2012-05-03 06:47:03 -------- d-----w- C:\Users\Thea\AppData\Local\{0D70FFB5-53DD-4F41-91D9-E6EADD7BF085}
2012-05-03 06:46:53 -------- d-----w- C:\Users\Thea\AppData\Local\{43D4C87B-FC7E-434C-B81F-6AB8E61FCD51}
.
==================== Find3M ====================
.
2012-05-08 15:18:09 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-08 16:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 16:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 22:12:31,81 ===============

en attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27-9-2010 21:00:41
System Uptime: 1-6-2012 22:05:55 (0 hours ago)
.
Motherboard: Dell Inc. | | 0KVMW2
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | U2E1 | 1450/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 139,278 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP237: 22-5-2012 9:32:41 - Windows Update
RP238: 29-5-2012 13:01:23 - Windows Update
RP239: 1-6-2012 15:59:02 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1.2 - Nederlands
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Albelli Fotoboeken
Alchemy Deluxe 1.6
ANNO 1404
Apple Application Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
Avira Free Antivirus
Bing Bar
calibre
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CD-LabelPrint
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Connect
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Webcam Central
EasyBits GO
Gebruikersregistratie voor Canon MG5200 series
Google Chrome
Google Earth Plug-in
Google Update Helper
GrabIt 1.7.2 Beta 4 (build 997)
High-Definition Video Playback 10
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
kuler
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes Anti-Malware versie 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
QuickTime
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Skins
Skype Click to Call
Skype™ 5.8
Spotnet
Suite Shared Configuration CS4
TeamViewer 6
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zynga Toolbar
.
==== End Of File ===========================


Staat er nog (een deel van) het virus op??

Alvast bedankt voor de hulp!

Groet,
Rikkert
2
Hierbij overigens nog het log van malware bytes (was ik vergeten):


Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org" onclick="window.open(this.href);return false;

Databaseversie: v2012.06.01.05

Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 9.0.8112.16421
Thea :: THEA-LAPTOP [administrator]

1-6-2012 21:21:23
mbam-log-2012-06-01 (21-21-23).txt

Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 211937
Verstreken tijd: 5 minuut/minuten, 43 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 1
C:\WinSrcv.Bin (Trojan.SpyEyes) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 1
C:\Users\Thea\0.8246970750573813.exe (Trojan.Agent.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)
3
Hoi en welkom op het forum,

1. Ga naar start>configuratiescherm>software of programma's en onderdelen en verwijder daar het onderstaande indien aanwezig aangezien deze een dubieuze reputatie hebben.
Zynga Toolbar
Nero Toolbar
Ask.com



2. Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op, maar start deze nog niet.


Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
Open Kladblok.
Kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:


DDS::
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} -

File::
C:\ProgramData\duxpoymdgyxknmxewext.exe

Folder::
C:\ProgramData\obtbycvibturxnt
C:\Program Files (x86)\Zynga
C:\Program Files (x86)\Ask.com\


Sla dit op op je Bureaublad als CFScript.txt


Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:
Afbeelding Dit zal ComboFix laten starten.
Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
4
Beste Maxstar,

Dit is het antwoord van combofix:


ComboFix 12-06-02.02 - Thea 02-06-2012 20:23:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3957.2411 [GMT 2:00]
Gestart vanuit: c:\users\Thea\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Thea\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\duxpoymdgyxknmxewext.exe"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\duxpoymdgyxknmxewext.exe
c:\programdata\obtbycvibturxnt
c:\programdata\obtbycvibturxnt\btn-green.png
c:\programdata\obtbycvibturxnt\corners-btn.png
c:\programdata\obtbycvibturxnt\corners1.png
c:\programdata\obtbycvibturxnt\corners2.png
c:\programdata\obtbycvibturxnt\corners3.png
c:\programdata\obtbycvibturxnt\corners4.png
c:\programdata\obtbycvibturxnt\ie6-7.css
c:\programdata\obtbycvibturxnt\jquery.main.js
c:\programdata\obtbycvibturxnt\main.html
c:\programdata\obtbycvibturxnt\McAfee.png
c:\programdata\obtbycvibturxnt\nl-flag.png
c:\programdata\obtbycvibturxnt\nl-image.png
c:\programdata\obtbycvibturxnt\pay7.png
c:\programdata\obtbycvibturxnt\pay8.png
c:\programdata\obtbycvibturxnt\pay9.png
c:\programdata\obtbycvibturxnt\style.css
c:\programdata\obtbycvibturxnt\ukash.png
c:\programdata\PCDr\5907\Downloads\288d198f-eb50-4316-9b17-4269c8487bf7.dll
c:\programdata\urtizcszjdgajbh
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-02 to 2012-06-02 ))))))))))))))))))))))))))))))
.
.
2012-06-02 18:30 . 2012-06-02 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\users\Thea\AppData\Roaming\Malwarebytes
2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\programdata\Malwarebytes
2012-06-01 19:19 . 2012-06-01 19:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-01 19:19 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-01 13:59 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F20E83CF-4172-4104-BC4B-130BC5F30411}\mpengine.dll
2012-05-12 11:20 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 11:20 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 11:20 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 11:20 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 11:20 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 11:20 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 11:19 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 11:19 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 11:19 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 11:19 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:19 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:19 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 11:19 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 14:23 . 2012-05-08 14:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-04 12:46 . 2012-05-04 12:46 -------- d-----w- c:\program files\iPod
2012-05-04 12:46 . 2012-05-04 12:47 -------- d-----w- c:\program files\iTunes
2012-05-04 12:46 . 2012-05-04 12:47 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 15:18 . 2011-11-23 19:58 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:18 . 2011-11-23 19:58 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-04-08 17:33 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-08 16:50 . 2012-03-08 16:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 16:37 . 2012-03-08 16:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-17 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-21 165184]
.
c:\users\Thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-02 1038088]
R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-03 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-05-21 673088]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-15 18:52]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-15 18:52]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1861931184-4231724395-267854515-1001Core.job
- c:\users\Thea\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 18:52]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1861931184-4231724395-267854515-1001UA.job
- c:\users\Thea\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-03 18:52]
.
2012-05-19 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-06-02 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-20 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-11-03 3168336]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCInstallQueue"="netman.dll" [2009-07-14 360448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab" onclick="window.open(this.href);return false;
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\DRIVERS\o2flash.exe
.
**************************************************************************
.
Voltooingstijd: 2012-06-02 20:37:42 - machine werd herstart
ComboFix-quarantined-files.txt 2012-06-02 18:37
.
Pre-Run: 149.315.354.624 bytes beschikbaar
Post-Run: 159.781.822.464 bytes beschikbaar
.
- - End Of File - - 7E9E3BE70E76294F30013F94F4E4C81B
5
Hoi,

Dit logje ziet er prima uit, maar voer ter controle nog even een scan uit met de Emsisoft Emergency Kit.

Download de Emsisoft Emergency Kit naar het bureaublad en pak het ZIP bestand uit.
  • Open de map "EmsisoftEmergencyKit" en dubbelklik op "Start.exe"
  • Klik nu op "Emergency Kit Scanner" u krijg nu een melding dat het is aanbevolen om eerst te updaten sta dit toe door te klikken op "Ja" Afbeelding
  • Als de update gereed is en de melding "Update process is succesvol afgerond" verschijnt klikt u op "menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik Nu op de knop "Scan" en doe verder niets op de computer tijdens het scannen, deze scan kan een geruime tijd in beslag nemen dus wacht dit geduldig af.
  • Het venster met de waarschuwing over een verhoogd risico kunt u sluiten als de scan gereed is.
  • Zorg ervoor dat alle gevonden items zijn aangevinkt en druk dan op de knop "verwijder geselecteerde" u zal nu de volgende melding krijgen maar klik hier op "Ja" Afbeelding
  • Als het verwijderen gereed is klikt u op de knop "Rapport bekijken" en selecteert u het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dit LOG bestand straks in uw volgende bericht.
  • Herstart nu de computer.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
6
hierbij het log van emergency kit:


Emsisoft Emergency Kit - Versie 1.0
Laatste Update: 4-6-2012 22:56:41

Scaninstellingen:

Scantype: Diepe Scan
Objecten: Geheugen, Sporen, Cookies, C:\
Scan archieven: Aan
Heuristieken: Uit
ADS Scan: Aan

Scan gestart: 4-6-2012 22:57:51

c:\programdata\microsoft\windows\start menu\programs\PopCap Games Ontdekt: Trace.Directory.Bejeweled 2 Deluxe 1.0!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\thea@questionmarket[1].txt Ontdekt: Trace.TrackingCookie.questionmarket!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\thea@specificclick[2].txt Ontdekt: Trace.TrackingCookie.specificclick!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\thea@statse.webtrendslive[2].txt Ontdekt: Trace.TrackingCookie.statse.webtrendslive!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\thea@weborama[1].txt Ontdekt: Trace.TrackingCookie.weborama!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\Low\thea@com[1].txt Ontdekt: Trace.TrackingCookie.com!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\Low\thea@hitbox[1].txt Ontdekt: Trace.TrackingCookie.hitbox!A2
C:\Qoobox\Quarantine\C\ProgramData\duxpoymdgyxknmxewext.exe.vir Ontdekt: Trojan.Win32.Agent.AMN!A2

Gescand

Bestanden: 404738
Sporen: 409956
Cookies: 2955
Processen: 86

Gevonden

Bestanden: 1
Sporen: 1
Cookies: 6
Processen: 0
Registersleutels: 0

Scan Geëindigd: 5-6-2012 3:39:07
Scantijd: 4:41:16

C:\Qoobox\Quarantine\C\ProgramData\duxpoymdgyxknmxewext.exe.vir Verwijderd Trojan.Win32.Agent.AMN!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\Low\thea@hitbox[1].txt Verwijderd Trace.TrackingCookie.hitbox!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\Low\thea@com[1].txt Verwijderd Trace.TrackingCookie.com!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\thea@weborama[1].txt Verwijderd Trace.TrackingCookie.weborama!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\thea@statse.webtrendslive[2].txt Verwijderd Trace.TrackingCookie.statse.webtrendslive!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\thea@specificclick[2].txt Verwijderd Trace.TrackingCookie.specificclick!A2
C:\Users\Thea\AppData\Roaming\Microsoft\Windows\Cookies\thea@questionmarket[1].txt Verwijderd Trace.TrackingCookie.questionmarket!A2
c:\programdata\microsoft\windows\start menu\programs\PopCap Games Verwijderd Trace.Directory.Bejeweled 2 Deluxe 1.0!A2

Verwijderd

Bestanden: 1
Sporen: 1
Cookies: 6


Hoop dat nu pc weer schoon is!

grtz
8
hallo,

Ik heb geen problemen meer gehad tot nu toe.
Dank voor alle hulp!! :dank:

Grtz!
9
Hoi,

Graag gedaan en goed om te horen dat er geen problemen meer zijn... :good:

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).
  • DDS
  • ComboFix via de onderstaande instructies.
Verwijderen ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)

Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter. Afbeelding
Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
  • Hoe u de herstelpunten verwijderd leest u hier
  • Hoe u zelf snel een nieuw systeemherstelpunt aan kunt maken leest u hier
2.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

3.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier

4.) Gebruikersaccounts
Met dit account heeft u dus het volledige beheer van de computer in handen, het is dan ook niet aan te raden om dit account als primair account voor het dagelijkse gebruik in te stellen.
Meer informatie hierover leest u hier

5.) Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier

6.) Preventie informatie & het gebruik van beveiligings software.
Hier en hier staat informatie hoe u een infectie kunt voorkomen, lees dit eens op uw gemak door.

Meer informatie over het gebruik van "beveiligings software" en "valse (nep) software" (rogueware) leest u hier
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
10
Omdat het probleem is verholpen wordt dit topic gesloten en verplaatst naar de sectie opgeloste problemen / logs.

Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.

Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.


Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.
Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Gesloten

Terug naar “Hulp bij malware problemen, adware, ongewenste software en een trage computer”