Ukash virus
Geplaatst: 01 jun 2012 22:38
Hallo!
Vandaag was mijn laptop plots geinfecteerd met het Ukash virus. Via mijn broer heb ik in via regedit 2 bestanden verwijderd in de map HKEY_current_user\software\microsoft\windows\currentversion\run. Nadien kon ik mijn computer weer normaal gebruiken, maar via jullie site heb ik het stappenplan uitgevoerd (van FCCU Federal computer crime unit trojan.ransom verwijderen).
Hieronder volgen de 2 logberichten van DDS:
DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Thea at 22:11:00 on 2012-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3957.2395 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Thea\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Thea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D4B04A74-FCB2-49B9-B97F-6AF3C3C79820} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D4B04A74-FCB2-49B9-B97F-6AF3C3C79820}\B6160737 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{8dcb7100-df86-4384-8842-8fa844297b3f}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-8-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-23 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-23 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-21 673088]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-8 2222376]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-21 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-15 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-11-22 8192]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-2 1038088]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-06-01 19:19:51 -------- d-----w- C:\Users\Thea\AppData\Roaming\Malwarebytes
2012-06-01 19:19:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-01 19:19:41 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-01 19:19:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-01 18:01:44 55808 ----a-w- C:\ProgramData\duxpoymdgyxknmxewext.exe
2012-06-01 18:01:43 -------- d-----w- C:\ProgramData\obtbycvibturxnt
2012-06-01 13:59:47 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F20E83CF-4172-4104-BC4B-130BC5F30411}\mpengine.dll
2012-06-01 13:56:05 -------- d-----w- C:\Users\Thea\AppData\Local\{A8EDDA8D-21A5-4F3F-85F5-3481361DE79D}
2012-06-01 13:55:53 -------- d-----w- C:\Users\Thea\AppData\Local\{C1F6A4DC-A9E9-460F-85F4-DF3526AA7E8E}
2012-05-31 19:21:18 -------- d-----w- C:\Users\Thea\AppData\Local\{2D44C573-2E0F-4965-B449-5116F10B219D}
2012-05-31 19:21:07 -------- d-----w- C:\Users\Thea\AppData\Local\{0BC69311-1DC2-4D24-AC45-400D168AFE93}
2012-05-31 07:20:55 -------- d-----w- C:\Users\Thea\AppData\Local\{4A0880AC-EED6-491C-B687-8944845A7EB5}
2012-05-31 07:20:45 -------- d-----w- C:\Users\Thea\AppData\Local\{33165EE6-52E2-4333-BD61-250B81D0C908}
2012-05-30 09:46:20 -------- d-----w- C:\Users\Thea\AppData\Local\{4EACEA0B-B879-424D-A51E-47994F73AC43}
2012-05-30 09:46:09 -------- d-----w- C:\Users\Thea\AppData\Local\{99D7B29B-9024-418A-89BF-F46D984CD829}
2012-05-29 06:56:29 -------- d-----w- C:\Users\Thea\AppData\Local\{0B7E25EF-D3C0-43D8-A0C8-7A330C5D2899}
2012-05-29 06:56:18 -------- d-----w- C:\Users\Thea\AppData\Local\{82BDEAC3-FE66-496D-8D12-FE8B32AADEDC}
2012-05-28 10:42:15 -------- d-----w- C:\Users\Thea\AppData\Local\{741B13FB-306C-4398-8E32-B32A4A59A742}
2012-05-28 10:42:03 -------- d-----w- C:\Users\Thea\AppData\Local\{AACDB86C-74F5-4C3A-8002-4E37C5925BAC}
2012-05-27 19:38:51 -------- d-----w- C:\Users\Thea\AppData\Local\{07925C3D-9782-44AC-976F-9DEF1F33DA19}
2012-05-27 19:38:32 -------- d-----w- C:\Users\Thea\AppData\Local\{A460D535-F8B3-4DBE-8E1F-29F4E8F50B51}
2012-05-27 06:47:09 -------- d-----w- C:\Users\Thea\AppData\Local\{5BE6BDB3-6510-4548-8A29-C6E2FFC509C7}
2012-05-27 06:46:57 -------- d-----w- C:\Users\Thea\AppData\Local\{01B32A66-1E44-46A6-939A-22C359430DB4}
2012-05-26 13:51:32 -------- d-----w- C:\Users\Thea\AppData\Local\{6670864B-F5E4-4791-B0F6-C4BD2C13C871}
2012-05-26 13:51:21 -------- d-----w- C:\Users\Thea\AppData\Local\{7E297D33-480C-4B59-990D-F9813DD8A19A}
2012-05-25 20:44:40 -------- d-----w- C:\Users\Thea\AppData\Local\{FA112347-8EFC-4039-8380-11B66A6D07FF}
2012-05-25 20:44:29 -------- d-----w- C:\Users\Thea\AppData\Local\{8AFC8009-7567-4E54-AB3B-589DD648D365}
2012-05-25 08:30:11 -------- d-----w- C:\Users\Thea\AppData\Local\{03786959-C548-4E57-ABA9-F34EBB20C043}
2012-05-25 08:30:00 -------- d-----w- C:\Users\Thea\AppData\Local\{48A00C60-EBB7-45CF-A1D0-D57F43D9F197}
2012-05-24 20:06:40 -------- d-----w- C:\Users\Thea\AppData\Local\{9F7BD5AA-5357-4664-9A11-739CDC0F0432}
2012-05-24 20:06:29 -------- d-----w- C:\Users\Thea\AppData\Local\{CCDE5F8F-63EA-4B50-9B1A-1605787EA626}
2012-05-24 06:49:53 -------- d-----w- C:\Users\Thea\AppData\Local\{C8C33FBC-5FB1-4D08-B098-73228FEA5D01}
2012-05-24 06:49:42 -------- d-----w- C:\Users\Thea\AppData\Local\{80D34EFA-CDAD-461F-AF59-2D966F9BCB50}
2012-05-23 07:42:55 -------- d-----w- C:\Users\Thea\AppData\Local\{B3BF828E-8864-4FDA-9CBD-0E21965678EA}
2012-05-23 07:42:42 -------- d-----w- C:\Users\Thea\AppData\Local\{8CC32144-0FB0-4B77-AC14-AA67D8A00A83}
2012-05-22 19:22:51 -------- d-----w- C:\Users\Thea\AppData\Local\{6D74BB5E-D90B-428D-8A4C-36FC7E344E66}
2012-05-22 19:22:40 -------- d-----w- C:\Users\Thea\AppData\Local\{A51DD4E9-6EF4-4D40-8DE2-B16E9B8FE09C}
2012-05-22 07:22:26 -------- d-----w- C:\Users\Thea\AppData\Local\{DAE3EF37-FDB7-433D-A834-25805F4941E4}
2012-05-21 19:05:46 -------- d-----w- C:\Users\Thea\AppData\Local\{993F2D7C-2A2C-4897-87E3-86450DB5C3FD}
2012-05-21 07:05:22 -------- d-----w- C:\Users\Thea\AppData\Local\{796FD4ED-11FE-48A8-B3FC-ED846F39633D}
2012-05-21 07:05:10 -------- d-----w- C:\Users\Thea\AppData\Local\{48710B50-FF86-4F6E-9D83-CBC05FF27D81}
2012-05-20 19:04:01 -------- d-----w- C:\Users\Thea\AppData\Local\{A489352F-987E-473C-8D1B-483219E673F0}
2012-05-20 19:03:51 -------- d-----w- C:\Users\Thea\AppData\Local\{6244A83A-D49D-4D4B-A848-BE3539ABAB9E}
2012-05-20 07:03:38 -------- d-----w- C:\Users\Thea\AppData\Local\{60915E3E-ABAE-4CC8-B174-95B614BA487B}
2012-05-20 07:03:27 -------- d-----w- C:\Users\Thea\AppData\Local\{F4FEC3DA-FEE0-4665-ADFA-C8B0DE13D805}
2012-05-19 19:02:54 -------- d-----w- C:\Users\Thea\AppData\Local\{1E8DE78A-5475-4C39-BEF6-A3F6BAFD6AEB}
2012-05-19 19:02:43 -------- d-----w- C:\Users\Thea\AppData\Local\{D5F15861-6B21-41FB-B817-ACC75153D05E}
2012-05-19 07:02:18 -------- d-----w- C:\Users\Thea\AppData\Local\{7B2E2BB2-6F4F-4728-AEC2-D8201B45F442}
2012-05-19 07:02:07 -------- d-----w- C:\Users\Thea\AppData\Local\{1641EA4A-3129-4F4B-8FB4-0B2ED08E9A87}
2012-05-18 19:01:42 -------- d-----w- C:\Users\Thea\AppData\Local\{17298126-DA56-435B-BAA6-EB11297B4A79}
2012-05-18 07:01:18 -------- d-----w- C:\Users\Thea\AppData\Local\{62EDEAFC-B0D4-47E3-9FD2-047E6D3A071C}
2012-05-18 07:01:07 -------- d-----w- C:\Users\Thea\AppData\Local\{03F53C59-2DC0-4912-A771-D2BA3B27562A}
2012-05-17 19:00:43 -------- d-----w- C:\Users\Thea\AppData\Local\{4B19A5AC-338C-4569-8F31-3580911F2C44}
2012-05-17 19:00:32 -------- d-----w- C:\Users\Thea\AppData\Local\{4A146A60-02F3-44D2-A337-83149357E03D}
2012-05-17 07:00:17 -------- d-----w- C:\Users\Thea\AppData\Local\{5B1093CD-AF85-476A-BD06-820C83300D37}
2012-05-17 07:00:06 -------- d-----w- C:\Users\Thea\AppData\Local\{4ED47BD1-75E8-472B-8411-F7B138F19A72}
2012-05-16 18:22:04 -------- d-----w- C:\Users\Thea\AppData\Local\{A61DE126-DE5F-45EF-BE3E-ABCC624C0624}
2012-05-16 18:21:53 -------- d-----w- C:\Users\Thea\AppData\Local\{DB32EE79-B3E8-4E1E-8E90-3520897AE040}
2012-05-16 06:21:40 -------- d-----w- C:\Users\Thea\AppData\Local\{2E498293-4C38-4D1A-8767-B04E085C3AEC}
2012-05-16 06:21:29 -------- d-----w- C:\Users\Thea\AppData\Local\{B99AD185-5D36-4565-909C-635076DE7C38}
2012-05-15 18:21:04 -------- d-----w- C:\Users\Thea\AppData\Local\{37D1D5A9-E702-4D27-87A2-5EE618EB1D18}
2012-05-15 18:20:53 -------- d-----w- C:\Users\Thea\AppData\Local\{CD776E0D-8CFE-4908-AD69-37AD0E2E4CCF}
2012-05-15 06:20:39 -------- d-----w- C:\Users\Thea\AppData\Local\{D8BE55D6-9FAC-45EB-A1F3-64B5131474CE}
2012-05-15 06:20:28 -------- d-----w- C:\Users\Thea\AppData\Local\{C3F4F289-5F11-4043-8EF8-E793DFD13526}
2012-05-14 18:20:02 -------- d-----w- C:\Users\Thea\AppData\Local\{6E2EFE23-5D31-46FF-A4EF-68879352226A}
2012-05-14 18:19:51 -------- d-----w- C:\Users\Thea\AppData\Local\{BF20A43E-552F-401E-8A25-34B436DC4616}
2012-05-14 06:19:36 -------- d-----w- C:\Users\Thea\AppData\Local\{99E221DF-0D4B-4591-9FC5-F2DB9D27694E}
2012-05-14 06:19:25 -------- d-----w- C:\Users\Thea\AppData\Local\{3F224336-80F8-4C3F-BEA5-DBEF354CD589}
2012-05-13 08:32:15 -------- d-----w- C:\Users\Thea\AppData\Local\{DF17D436-365B-447C-91A6-E4C0A011D9D1}
2012-05-13 08:32:04 -------- d-----w- C:\Users\Thea\AppData\Local\{40B67F76-4707-4C09-AE8C-D5F2B31F4EC4}
2012-05-12 20:31:35 -------- d-----w- C:\Users\Thea\AppData\Local\{C7B73F96-B9BF-40B8-8136-5627E151469E}
2012-05-12 11:20:18 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 11:20:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 11:20:11 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 11:20:10 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 11:20:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 11:20:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 11:19:20 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 11:19:09 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 11:19:06 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:19:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 11:19:06 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:19:05 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 11:19:05 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 07:18:11 -------- d-----w- C:\Users\Thea\AppData\Local\{8FEC8358-20D6-40D5-A0F5-3253710EAFEE}
2012-05-12 07:17:59 -------- d-----w- C:\Users\Thea\AppData\Local\{6E514C02-67A9-4720-8F26-17F493C27969}
2012-05-11 18:31:41 -------- d-----w- C:\Users\Thea\AppData\Local\{B74225A2-7D5B-442B-841A-B08D62871593}
2012-05-11 06:26:52 -------- d-----w- C:\Users\Thea\AppData\Local\{10151855-7F14-4018-9083-B72BBDAA1506}
2012-05-11 06:26:41 -------- d-----w- C:\Users\Thea\AppData\Local\{4B882F67-1D5B-44D3-A41D-AA3E0692853C}
2012-05-10 08:37:35 -------- d-----w- C:\Users\Thea\AppData\Local\{3A5EE8C6-87DC-4CBF-93FA-052806D6F4E7}
2012-05-10 08:37:24 -------- d-----w- C:\Users\Thea\AppData\Local\{2357931C-26EC-4FDE-8146-5D59439C721D}
2012-05-09 20:37:12 -------- d-----w- C:\Users\Thea\AppData\Local\{0A154D2D-19EA-4402-9370-25AC86875A49}
2012-05-09 20:37:01 -------- d-----w- C:\Users\Thea\AppData\Local\{0766A292-A78C-433D-ADA7-EF19E1A25DF0}
2012-05-09 08:36:44 -------- d-----w- C:\Users\Thea\AppData\Local\{182820C5-C1C5-4CC2-A0CF-4142412DDAAC}
2012-05-09 08:36:33 -------- d-----w- C:\Users\Thea\AppData\Local\{BABE7FB0-C831-4B30-8F4A-A75667A7B611}
2012-05-08 18:58:00 -------- d-----w- C:\Users\Thea\AppData\Local\{116E6475-FD53-45F8-A03C-0102A0D99231}
2012-05-08 18:57:49 -------- d-----w- C:\Users\Thea\AppData\Local\{74FB14A6-9364-42CF-A168-51C1E7925FA4}
2012-05-08 06:57:23 -------- d-----w- C:\Users\Thea\AppData\Local\{D3881EA3-1B92-4216-82B7-7C4FC201274A}
2012-05-08 06:57:12 -------- d-----w- C:\Users\Thea\AppData\Local\{26B4A36D-F5B5-4574-885A-E108F79A4200}
2012-05-07 18:56:48 -------- d-----w- C:\Users\Thea\AppData\Local\{7F379789-C454-407C-8FCF-83C191D0A494}
2012-05-07 18:56:37 -------- d-----w- C:\Users\Thea\AppData\Local\{25D31E8D-8445-43BB-9F5C-B389BB238A3B}
2012-05-07 06:56:25 -------- d-----w- C:\Users\Thea\AppData\Local\{D9DF101B-85F6-4B84-ACF2-22315F101C74}
2012-05-07 06:56:14 -------- d-----w- C:\Users\Thea\AppData\Local\{56769A3C-3D20-4F42-8B7C-A7C3C986A7D3}
2012-05-06 18:55:47 -------- d-----w- C:\Users\Thea\AppData\Local\{DC87B389-742B-4D5F-821B-880BC9321587}
2012-05-06 06:55:21 -------- d-----w- C:\Users\Thea\AppData\Local\{105F71C9-58CE-4850-9176-E2A53E60DAD3}
2012-05-06 06:55:07 -------- d-----w- C:\Users\Thea\AppData\Local\{7567ED8F-6DB9-451A-99F4-7B2666B293D4}
2012-05-05 18:49:23 -------- d-----w- C:\Users\Thea\AppData\Local\{90563E49-444C-490B-9B3B-1145BA5B7BAC}
2012-05-05 18:49:11 -------- d-----w- C:\Users\Thea\AppData\Local\{4CEAB7A5-DB3A-4A23-B6EF-B49532668ED9}
2012-05-05 06:48:59 -------- d-----w- C:\Users\Thea\AppData\Local\{BE8ED898-BCB8-4142-87A4-2C458A1E7D98}
2012-05-05 06:48:49 -------- d-----w- C:\Users\Thea\AppData\Local\{79E2CFA8-0C4F-4A3C-A4B3-AFA2D892235D}
2012-05-04 18:48:24 -------- d-----w- C:\Users\Thea\AppData\Local\{398501C0-3DCE-42B9-8261-D8F69D743EE7}
2012-05-04 12:46:26 -------- d-----w- C:\Program Files\iPod
2012-05-04 12:46:25 -------- d-----w- C:\Program Files\iTunes
2012-05-04 12:46:25 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-04 06:48:01 -------- d-----w- C:\Users\Thea\AppData\Local\{3FEAF2A9-7A78-4CC1-B347-139310E25E32}
2012-05-04 06:47:50 -------- d-----w- C:\Users\Thea\AppData\Local\{4F09D10C-5CB5-4244-8326-60244F0F77E1}
2012-05-03 18:47:26 -------- d-----w- C:\Users\Thea\AppData\Local\{52A46A0D-68B6-4298-A72C-2EB326D2C4BE}
2012-05-03 06:47:03 -------- d-----w- C:\Users\Thea\AppData\Local\{0D70FFB5-53DD-4F41-91D9-E6EADD7BF085}
2012-05-03 06:46:53 -------- d-----w- C:\Users\Thea\AppData\Local\{43D4C87B-FC7E-434C-B81F-6AB8E61FCD51}
.
==================== Find3M ====================
.
2012-05-08 15:18:09 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-08 16:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 16:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 22:12:31,81 ===============
en attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27-9-2010 21:00:41
System Uptime: 1-6-2012 22:05:55 (0 hours ago)
.
Motherboard: Dell Inc. | | 0KVMW2
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | U2E1 | 1450/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 139,278 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP237: 22-5-2012 9:32:41 - Windows Update
RP238: 29-5-2012 13:01:23 - Windows Update
RP239: 1-6-2012 15:59:02 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1.2 - Nederlands
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Albelli Fotoboeken
Alchemy Deluxe 1.6
ANNO 1404
Apple Application Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
Avira Free Antivirus
Bing Bar
calibre
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CD-LabelPrint
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Connect
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Webcam Central
EasyBits GO
Gebruikersregistratie voor Canon MG5200 series
Google Chrome
Google Earth Plug-in
Google Update Helper
GrabIt 1.7.2 Beta 4 (build 997)
High-Definition Video Playback 10
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
kuler
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes Anti-Malware versie 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
QuickTime
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Skins
Skype Click to Call
Skype™ 5.8
Spotnet
Suite Shared Configuration CS4
TeamViewer 6
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zynga Toolbar
.
==== End Of File ===========================
Staat er nog (een deel van) het virus op??
Alvast bedankt voor de hulp!
Groet,
Rikkert
Vandaag was mijn laptop plots geinfecteerd met het Ukash virus. Via mijn broer heb ik in via regedit 2 bestanden verwijderd in de map HKEY_current_user\software\microsoft\windows\currentversion\run. Nadien kon ik mijn computer weer normaal gebruiken, maar via jullie site heb ik het stappenplan uitgevoerd (van FCCU Federal computer crime unit trojan.ransom verwijderen).
Hieronder volgen de 2 logberichten van DDS:
DDS.txt:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Thea at 22:11:00 on 2012-06-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3957.2395 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.nl/" onclick="window.open(this.href);return false;
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\prxtbZyng.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Thea\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge]
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Thea\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab" onclick="window.open(this.href);return false;
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab" onclick="window.open(this.href);return false;
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab" onclick="window.open(this.href);return false;
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D4B04A74-FCB2-49B9-B97F-6AF3C3C79820} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D4B04A74-FCB2-49B9-B97F-6AF3C3C79820}\B6160737 : DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{d2ce3e00-f94a-4740-988e-03dc2f38c34f}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{8dcb7100-df86-4384-8842-8fa844297b3f}
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-8-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-23 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-23 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-21 673088]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-8 2222376]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-21 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Acceler.sys --> C:\Windows\system32\DRIVERS\Acceler.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\Windows\system32\DRIVERS\o2mdgx64.sys --> C:\Windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-15 136176]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2011-11-22 8192]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-2 1038088]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-15 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S3 WSDScan;Ondersteuning voor WSD-scan via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]
.
=============== Created Last 30 ================
.
2012-06-01 19:19:51 -------- d-----w- C:\Users\Thea\AppData\Roaming\Malwarebytes
2012-06-01 19:19:43 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-01 19:19:41 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-01 19:19:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-01 18:01:44 55808 ----a-w- C:\ProgramData\duxpoymdgyxknmxewext.exe
2012-06-01 18:01:43 -------- d-----w- C:\ProgramData\obtbycvibturxnt
2012-06-01 13:59:47 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F20E83CF-4172-4104-BC4B-130BC5F30411}\mpengine.dll
2012-06-01 13:56:05 -------- d-----w- C:\Users\Thea\AppData\Local\{A8EDDA8D-21A5-4F3F-85F5-3481361DE79D}
2012-06-01 13:55:53 -------- d-----w- C:\Users\Thea\AppData\Local\{C1F6A4DC-A9E9-460F-85F4-DF3526AA7E8E}
2012-05-31 19:21:18 -------- d-----w- C:\Users\Thea\AppData\Local\{2D44C573-2E0F-4965-B449-5116F10B219D}
2012-05-31 19:21:07 -------- d-----w- C:\Users\Thea\AppData\Local\{0BC69311-1DC2-4D24-AC45-400D168AFE93}
2012-05-31 07:20:55 -------- d-----w- C:\Users\Thea\AppData\Local\{4A0880AC-EED6-491C-B687-8944845A7EB5}
2012-05-31 07:20:45 -------- d-----w- C:\Users\Thea\AppData\Local\{33165EE6-52E2-4333-BD61-250B81D0C908}
2012-05-30 09:46:20 -------- d-----w- C:\Users\Thea\AppData\Local\{4EACEA0B-B879-424D-A51E-47994F73AC43}
2012-05-30 09:46:09 -------- d-----w- C:\Users\Thea\AppData\Local\{99D7B29B-9024-418A-89BF-F46D984CD829}
2012-05-29 06:56:29 -------- d-----w- C:\Users\Thea\AppData\Local\{0B7E25EF-D3C0-43D8-A0C8-7A330C5D2899}
2012-05-29 06:56:18 -------- d-----w- C:\Users\Thea\AppData\Local\{82BDEAC3-FE66-496D-8D12-FE8B32AADEDC}
2012-05-28 10:42:15 -------- d-----w- C:\Users\Thea\AppData\Local\{741B13FB-306C-4398-8E32-B32A4A59A742}
2012-05-28 10:42:03 -------- d-----w- C:\Users\Thea\AppData\Local\{AACDB86C-74F5-4C3A-8002-4E37C5925BAC}
2012-05-27 19:38:51 -------- d-----w- C:\Users\Thea\AppData\Local\{07925C3D-9782-44AC-976F-9DEF1F33DA19}
2012-05-27 19:38:32 -------- d-----w- C:\Users\Thea\AppData\Local\{A460D535-F8B3-4DBE-8E1F-29F4E8F50B51}
2012-05-27 06:47:09 -------- d-----w- C:\Users\Thea\AppData\Local\{5BE6BDB3-6510-4548-8A29-C6E2FFC509C7}
2012-05-27 06:46:57 -------- d-----w- C:\Users\Thea\AppData\Local\{01B32A66-1E44-46A6-939A-22C359430DB4}
2012-05-26 13:51:32 -------- d-----w- C:\Users\Thea\AppData\Local\{6670864B-F5E4-4791-B0F6-C4BD2C13C871}
2012-05-26 13:51:21 -------- d-----w- C:\Users\Thea\AppData\Local\{7E297D33-480C-4B59-990D-F9813DD8A19A}
2012-05-25 20:44:40 -------- d-----w- C:\Users\Thea\AppData\Local\{FA112347-8EFC-4039-8380-11B66A6D07FF}
2012-05-25 20:44:29 -------- d-----w- C:\Users\Thea\AppData\Local\{8AFC8009-7567-4E54-AB3B-589DD648D365}
2012-05-25 08:30:11 -------- d-----w- C:\Users\Thea\AppData\Local\{03786959-C548-4E57-ABA9-F34EBB20C043}
2012-05-25 08:30:00 -------- d-----w- C:\Users\Thea\AppData\Local\{48A00C60-EBB7-45CF-A1D0-D57F43D9F197}
2012-05-24 20:06:40 -------- d-----w- C:\Users\Thea\AppData\Local\{9F7BD5AA-5357-4664-9A11-739CDC0F0432}
2012-05-24 20:06:29 -------- d-----w- C:\Users\Thea\AppData\Local\{CCDE5F8F-63EA-4B50-9B1A-1605787EA626}
2012-05-24 06:49:53 -------- d-----w- C:\Users\Thea\AppData\Local\{C8C33FBC-5FB1-4D08-B098-73228FEA5D01}
2012-05-24 06:49:42 -------- d-----w- C:\Users\Thea\AppData\Local\{80D34EFA-CDAD-461F-AF59-2D966F9BCB50}
2012-05-23 07:42:55 -------- d-----w- C:\Users\Thea\AppData\Local\{B3BF828E-8864-4FDA-9CBD-0E21965678EA}
2012-05-23 07:42:42 -------- d-----w- C:\Users\Thea\AppData\Local\{8CC32144-0FB0-4B77-AC14-AA67D8A00A83}
2012-05-22 19:22:51 -------- d-----w- C:\Users\Thea\AppData\Local\{6D74BB5E-D90B-428D-8A4C-36FC7E344E66}
2012-05-22 19:22:40 -------- d-----w- C:\Users\Thea\AppData\Local\{A51DD4E9-6EF4-4D40-8DE2-B16E9B8FE09C}
2012-05-22 07:22:26 -------- d-----w- C:\Users\Thea\AppData\Local\{DAE3EF37-FDB7-433D-A834-25805F4941E4}
2012-05-21 19:05:46 -------- d-----w- C:\Users\Thea\AppData\Local\{993F2D7C-2A2C-4897-87E3-86450DB5C3FD}
2012-05-21 07:05:22 -------- d-----w- C:\Users\Thea\AppData\Local\{796FD4ED-11FE-48A8-B3FC-ED846F39633D}
2012-05-21 07:05:10 -------- d-----w- C:\Users\Thea\AppData\Local\{48710B50-FF86-4F6E-9D83-CBC05FF27D81}
2012-05-20 19:04:01 -------- d-----w- C:\Users\Thea\AppData\Local\{A489352F-987E-473C-8D1B-483219E673F0}
2012-05-20 19:03:51 -------- d-----w- C:\Users\Thea\AppData\Local\{6244A83A-D49D-4D4B-A848-BE3539ABAB9E}
2012-05-20 07:03:38 -------- d-----w- C:\Users\Thea\AppData\Local\{60915E3E-ABAE-4CC8-B174-95B614BA487B}
2012-05-20 07:03:27 -------- d-----w- C:\Users\Thea\AppData\Local\{F4FEC3DA-FEE0-4665-ADFA-C8B0DE13D805}
2012-05-19 19:02:54 -------- d-----w- C:\Users\Thea\AppData\Local\{1E8DE78A-5475-4C39-BEF6-A3F6BAFD6AEB}
2012-05-19 19:02:43 -------- d-----w- C:\Users\Thea\AppData\Local\{D5F15861-6B21-41FB-B817-ACC75153D05E}
2012-05-19 07:02:18 -------- d-----w- C:\Users\Thea\AppData\Local\{7B2E2BB2-6F4F-4728-AEC2-D8201B45F442}
2012-05-19 07:02:07 -------- d-----w- C:\Users\Thea\AppData\Local\{1641EA4A-3129-4F4B-8FB4-0B2ED08E9A87}
2012-05-18 19:01:42 -------- d-----w- C:\Users\Thea\AppData\Local\{17298126-DA56-435B-BAA6-EB11297B4A79}
2012-05-18 07:01:18 -------- d-----w- C:\Users\Thea\AppData\Local\{62EDEAFC-B0D4-47E3-9FD2-047E6D3A071C}
2012-05-18 07:01:07 -------- d-----w- C:\Users\Thea\AppData\Local\{03F53C59-2DC0-4912-A771-D2BA3B27562A}
2012-05-17 19:00:43 -------- d-----w- C:\Users\Thea\AppData\Local\{4B19A5AC-338C-4569-8F31-3580911F2C44}
2012-05-17 19:00:32 -------- d-----w- C:\Users\Thea\AppData\Local\{4A146A60-02F3-44D2-A337-83149357E03D}
2012-05-17 07:00:17 -------- d-----w- C:\Users\Thea\AppData\Local\{5B1093CD-AF85-476A-BD06-820C83300D37}
2012-05-17 07:00:06 -------- d-----w- C:\Users\Thea\AppData\Local\{4ED47BD1-75E8-472B-8411-F7B138F19A72}
2012-05-16 18:22:04 -------- d-----w- C:\Users\Thea\AppData\Local\{A61DE126-DE5F-45EF-BE3E-ABCC624C0624}
2012-05-16 18:21:53 -------- d-----w- C:\Users\Thea\AppData\Local\{DB32EE79-B3E8-4E1E-8E90-3520897AE040}
2012-05-16 06:21:40 -------- d-----w- C:\Users\Thea\AppData\Local\{2E498293-4C38-4D1A-8767-B04E085C3AEC}
2012-05-16 06:21:29 -------- d-----w- C:\Users\Thea\AppData\Local\{B99AD185-5D36-4565-909C-635076DE7C38}
2012-05-15 18:21:04 -------- d-----w- C:\Users\Thea\AppData\Local\{37D1D5A9-E702-4D27-87A2-5EE618EB1D18}
2012-05-15 18:20:53 -------- d-----w- C:\Users\Thea\AppData\Local\{CD776E0D-8CFE-4908-AD69-37AD0E2E4CCF}
2012-05-15 06:20:39 -------- d-----w- C:\Users\Thea\AppData\Local\{D8BE55D6-9FAC-45EB-A1F3-64B5131474CE}
2012-05-15 06:20:28 -------- d-----w- C:\Users\Thea\AppData\Local\{C3F4F289-5F11-4043-8EF8-E793DFD13526}
2012-05-14 18:20:02 -------- d-----w- C:\Users\Thea\AppData\Local\{6E2EFE23-5D31-46FF-A4EF-68879352226A}
2012-05-14 18:19:51 -------- d-----w- C:\Users\Thea\AppData\Local\{BF20A43E-552F-401E-8A25-34B436DC4616}
2012-05-14 06:19:36 -------- d-----w- C:\Users\Thea\AppData\Local\{99E221DF-0D4B-4591-9FC5-F2DB9D27694E}
2012-05-14 06:19:25 -------- d-----w- C:\Users\Thea\AppData\Local\{3F224336-80F8-4C3F-BEA5-DBEF354CD589}
2012-05-13 08:32:15 -------- d-----w- C:\Users\Thea\AppData\Local\{DF17D436-365B-447C-91A6-E4C0A011D9D1}
2012-05-13 08:32:04 -------- d-----w- C:\Users\Thea\AppData\Local\{40B67F76-4707-4C09-AE8C-D5F2B31F4EC4}
2012-05-12 20:31:35 -------- d-----w- C:\Users\Thea\AppData\Local\{C7B73F96-B9BF-40B8-8136-5627E151469E}
2012-05-12 11:20:18 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-12 11:20:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-12 11:20:11 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-12 11:20:10 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-12 11:20:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-12 11:20:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-12 11:19:20 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-12 11:19:09 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-12 11:19:06 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:19:06 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 11:19:06 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 11:19:05 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 11:19:05 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-12 07:18:11 -------- d-----w- C:\Users\Thea\AppData\Local\{8FEC8358-20D6-40D5-A0F5-3253710EAFEE}
2012-05-12 07:17:59 -------- d-----w- C:\Users\Thea\AppData\Local\{6E514C02-67A9-4720-8F26-17F493C27969}
2012-05-11 18:31:41 -------- d-----w- C:\Users\Thea\AppData\Local\{B74225A2-7D5B-442B-841A-B08D62871593}
2012-05-11 06:26:52 -------- d-----w- C:\Users\Thea\AppData\Local\{10151855-7F14-4018-9083-B72BBDAA1506}
2012-05-11 06:26:41 -------- d-----w- C:\Users\Thea\AppData\Local\{4B882F67-1D5B-44D3-A41D-AA3E0692853C}
2012-05-10 08:37:35 -------- d-----w- C:\Users\Thea\AppData\Local\{3A5EE8C6-87DC-4CBF-93FA-052806D6F4E7}
2012-05-10 08:37:24 -------- d-----w- C:\Users\Thea\AppData\Local\{2357931C-26EC-4FDE-8146-5D59439C721D}
2012-05-09 20:37:12 -------- d-----w- C:\Users\Thea\AppData\Local\{0A154D2D-19EA-4402-9370-25AC86875A49}
2012-05-09 20:37:01 -------- d-----w- C:\Users\Thea\AppData\Local\{0766A292-A78C-433D-ADA7-EF19E1A25DF0}
2012-05-09 08:36:44 -------- d-----w- C:\Users\Thea\AppData\Local\{182820C5-C1C5-4CC2-A0CF-4142412DDAAC}
2012-05-09 08:36:33 -------- d-----w- C:\Users\Thea\AppData\Local\{BABE7FB0-C831-4B30-8F4A-A75667A7B611}
2012-05-08 18:58:00 -------- d-----w- C:\Users\Thea\AppData\Local\{116E6475-FD53-45F8-A03C-0102A0D99231}
2012-05-08 18:57:49 -------- d-----w- C:\Users\Thea\AppData\Local\{74FB14A6-9364-42CF-A168-51C1E7925FA4}
2012-05-08 06:57:23 -------- d-----w- C:\Users\Thea\AppData\Local\{D3881EA3-1B92-4216-82B7-7C4FC201274A}
2012-05-08 06:57:12 -------- d-----w- C:\Users\Thea\AppData\Local\{26B4A36D-F5B5-4574-885A-E108F79A4200}
2012-05-07 18:56:48 -------- d-----w- C:\Users\Thea\AppData\Local\{7F379789-C454-407C-8FCF-83C191D0A494}
2012-05-07 18:56:37 -------- d-----w- C:\Users\Thea\AppData\Local\{25D31E8D-8445-43BB-9F5C-B389BB238A3B}
2012-05-07 06:56:25 -------- d-----w- C:\Users\Thea\AppData\Local\{D9DF101B-85F6-4B84-ACF2-22315F101C74}
2012-05-07 06:56:14 -------- d-----w- C:\Users\Thea\AppData\Local\{56769A3C-3D20-4F42-8B7C-A7C3C986A7D3}
2012-05-06 18:55:47 -------- d-----w- C:\Users\Thea\AppData\Local\{DC87B389-742B-4D5F-821B-880BC9321587}
2012-05-06 06:55:21 -------- d-----w- C:\Users\Thea\AppData\Local\{105F71C9-58CE-4850-9176-E2A53E60DAD3}
2012-05-06 06:55:07 -------- d-----w- C:\Users\Thea\AppData\Local\{7567ED8F-6DB9-451A-99F4-7B2666B293D4}
2012-05-05 18:49:23 -------- d-----w- C:\Users\Thea\AppData\Local\{90563E49-444C-490B-9B3B-1145BA5B7BAC}
2012-05-05 18:49:11 -------- d-----w- C:\Users\Thea\AppData\Local\{4CEAB7A5-DB3A-4A23-B6EF-B49532668ED9}
2012-05-05 06:48:59 -------- d-----w- C:\Users\Thea\AppData\Local\{BE8ED898-BCB8-4142-87A4-2C458A1E7D98}
2012-05-05 06:48:49 -------- d-----w- C:\Users\Thea\AppData\Local\{79E2CFA8-0C4F-4A3C-A4B3-AFA2D892235D}
2012-05-04 18:48:24 -------- d-----w- C:\Users\Thea\AppData\Local\{398501C0-3DCE-42B9-8261-D8F69D743EE7}
2012-05-04 12:46:26 -------- d-----w- C:\Program Files\iPod
2012-05-04 12:46:25 -------- d-----w- C:\Program Files\iTunes
2012-05-04 12:46:25 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-04 06:48:01 -------- d-----w- C:\Users\Thea\AppData\Local\{3FEAF2A9-7A78-4CC1-B347-139310E25E32}
2012-05-04 06:47:50 -------- d-----w- C:\Users\Thea\AppData\Local\{4F09D10C-5CB5-4244-8326-60244F0F77E1}
2012-05-03 18:47:26 -------- d-----w- C:\Users\Thea\AppData\Local\{52A46A0D-68B6-4298-A72C-2EB326D2C4BE}
2012-05-03 06:47:03 -------- d-----w- C:\Users\Thea\AppData\Local\{0D70FFB5-53DD-4F41-91D9-E6EADD7BF085}
2012-05-03 06:46:53 -------- d-----w- C:\Users\Thea\AppData\Local\{43D4C87B-FC7E-434C-B81F-6AB8E61FCD51}
.
==================== Find3M ====================
.
2012-05-08 15:18:09 98848 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-08 16:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 16:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
.
============= FINISH: 22:12:31,81 ===============
en attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 27-9-2010 21:00:41
System Uptime: 1-6-2012 22:05:55 (0 hours ago)
.
Motherboard: Dell Inc. | | 0KVMW2
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | U2E1 | 1450/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 139,278 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP237: 22-5-2012 9:32:41 - Windows Update
RP238: 29-5-2012 13:01:23 - Windows Update
RP239: 1-6-2012 15:59:02 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1.2 - Nederlands
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Albelli Fotoboeken
Alchemy Deluxe 1.6
ANNO 1404
Apple Application Support
Apple Software Update
Ask Toolbar
ATI Catalyst Control Center
Avira Free Antivirus
Bing Bar
calibre
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 4.0
Canon My Printer
Canon Solution Menu EX
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CD-LabelPrint
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Connect
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
Dell Webcam Central
EasyBits GO
Gebruikersregistratie voor Canon MG5200 series
Google Chrome
Google Earth Plug-in
Google Update Helper
GrabIt 1.7.2 Beta 4 (build 997)
High-Definition Video Playback 10
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
kuler
Live! Cam Avatar Creator
LoJack Factory Installer
Malwarebytes Anti-Malware versie 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
QuickTime
Roxio Burn
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Skins
Skype Click to Call
Skype™ 5.8
Spotnet
Suite Shared Configuration CS4
TeamViewer 6
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
Zynga Toolbar
.
==== End Of File ===========================
Staat er nog (een deel van) het virus op??
Alvast bedankt voor de hulp!
Groet,
Rikkert