Dbrown
-
Items
165 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door Dbrown
-
-
Hijackthis - fix items --> heb ik gedaan
Bekijk resultaten kan ik nergens vinden mij malwarebytes, na het scannen krijg ik enkel de melding dat het scannen gedaan is (ik klik dan op ok) en ik zie nergens iets van resultaten (behalve de log):
Hier is de log:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Databaseversie: 7720
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
15/09/2011 12:16:43
mbam-log-2011-09-15 (12-16-43).txt
Scantype: Snelle scan
Objecten gescand: 181061
Verstreken tijd: 46 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
In mijn quarantainelijst zie ik wel dit:
Er werd niet gevraagd om opnieuw op te starten...
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:42, on 15/09/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Mijn Naam\Desktop\Xpadder\Xpadder.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Xpadder - Snelkoppeling - kopie.lnk = C:\Users\Mijn Naam\Desktop\Xpadder\Xpadder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - libusb-Win32 - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9730 bytes
-
Het gebeurt de laatste tijd steeds meer dat mijn pc een zwart scherm weergeeft wanneer ik hem heb opgestart. Wanneer dit gebeurt duw ik op de resetknop en dan start hij meestal normaal op met een melding dat er een fout is gebeurd en of ik al dan niet een rapport wil opsturen.
Ik heb zopas een scan gedaan met avg en ik heb een trojaans paard gevonden:
Het is verplaatst naar de quarantaine, wat moet ik hiermee doen? Verwijderen?
Ik heb ook met anti malware gescanned, geen kwaadaardige bestanden gevonden:
Malwarebytes' Anti-Malware 1.34
Database versie: 1900
Windows 6.0.6002 Service Pack 2
14/09/2011 13:43:49
mbam-log-2011-09-14 (13-43-49).txt
Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 342831
Verstreken tijd: 53 minute(s), 38 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
En hier nog Hijackthis logje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:47:12, on 14/09/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Mijn Naam\Desktop\Xpadder\Xpadder.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIARQBEAFMATAAtADcARQBUAEUAQwAtAFUATABBADgAUgAtAEUAQQBPAEsATAAtADQARQBNAEIAUgA" &"inst=NwA2AC0ANwA5ADUAMwAxADQAMAAwADcALQBYAE8AMwA2ACsAMQAtAE4AMQBEACsAMQAtAFAATAArADkALQBEADMAOAAxA EwAKwA1AA"&"prod=2"&"ver=9.0.894
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote-inhoudsopgave.onetoc2
O4 - Startup: Xpadder - Snelkoppeling - kopie.lnk = C:\Users\Mijn Naam\Desktop\Xpadder\Xpadder.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/reso...PUpldnl-be.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - libusb-Win32 - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9752 bytes
-
Kijk eens of het terugplaatsen van een herstelpunt (klik er op) van voor de iTunes-update een gunstig effect heeft.
Juist geprobeerd, nu ik Itunes wil opstarten zegt die dat dat niet gaat omdat ik die twee bestanden heb verwijderd (er wordt ook gezegd dat ik itunes opnieuw moet installeren). Wanneer ik de bestanden via mijn prullenbak terugzet geeft hij nog steeds dezelfde foutmelding.
Dus best itunes opnieuw installeren? Maar heb ik dan niet mijn muziekbibliotheek/afspeellijsten kwijt? (ze staan wel nog op mijn ipod)
-
Ik heb zopas Itunes upgedate naar de nieuwste versie, nadat ik mijn pc opnieuw opstartte en op Itunes klikte kwam er even een zandloper maar voor de rest gebeurt er niets. Ik draai Windows Vista x64
Ik heb dit al proberen te doen: iTunes voor Windows: opent niet na een upgrade in Windows Vista of Windows 7 maar dit verandert niets aan het probleem...
Nog ideetjes? (ik dacht aan de optie 'itunes herstellen', maar ben ik dan niet mijn volledige muziekbibliotheek/afspeellijsten kwijt?)
-
Ok, ik heb geprobeerd te doen wat je me vroeg:
Ik heb combofix opgestart, en wanneer hij begon met te scannen (terwijl de melding er stond dat het besmette computers langer kon duren) heb ik het log bestand er aan toegevoegd. Hij heeft niet opnieuw opgestart, gewoon verder gescand... (het lukte me niet om het log bestand vroeger toe te voegen (wanneer combofix aan het opstarten was lukte me het niet)).
Ccleaner heeft de mappen in mijn dataschijf niet verwijderd (opnieuw ik heb firefox open laten staan omdat ik mijn geschiedenis wil bewaren).
Dit is de inhoud van vcred als dit helpt (ik denk dat het van een windows update is):
Hier mijn log:
ComboFix 11-05-10.02 - Mijn Naam 11/05/2011 19:47:38.3.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.8190.6702 [GMT 2:00]
Gestart vanuit: c:\users\Mijn Naam\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Mijn Naam\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-11 to 2011-05-11 ))))))))))))))))))))))))))))))
.
.
2011-05-11 17:54 . 2011-05-11 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-11 16:40 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 16:40 . 2011-04-07 12:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-05-11 16:18 . 2011-05-11 16:18 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{5FF52FD0-BB3F-43A2-BF97-D16530E18C8F}
2011-05-10 15:14 . 2011-05-10 15:14 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{3D4D3322-C92A-4691-A3C6-B9CFC77D8030}
2011-05-10 11:53 . 2011-05-10 11:53 183128 ----a-w- c:\users\Mijn Naam\cc_20110510_135309.reg
2011-05-10 06:10 . 2011-05-10 06:10 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{C76D2097-1AEF-47ED-9D80-949DB338C9A1}
2011-05-09 07:40 . 2011-05-09 07:40 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{7E7604D5-55E2-4E36-A90B-150C2CA63F13}
2011-05-09 07:33 . 2011-05-09 07:34 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{29C5FF89-243E-43FB-898C-F815184FEB14}
2011-05-08 19:29 . 2011-05-08 19:29 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-05-08 19:29 . 2011-05-08 19:29 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-08 19:29 . 2011-05-08 19:29 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-08 19:29 . 2011-05-08 19:29 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-05-08 19:29 . 2011-05-08 19:29 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-08 19:29 . 2011-05-08 19:29 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-08 19:29 . 2011-05-08 19:29 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-08 19:29 . 2011-05-08 19:29 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-08 19:29 . 2011-05-08 19:29 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-08 19:29 . 2011-05-08 19:29 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-08 19:18 . 2011-05-08 19:18 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{BEDCD85D-C282-4944-A906-EC3A17BED0D9}
2011-05-06 15:45 . 2011-05-06 15:46 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{D479FBC3-FA3E-48E2-A152-B2912F84191B}
2011-05-06 10:41 . 2011-05-06 10:41 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{7FB64922-3299-40A0-9DF9-379CB7AA954A}
2011-05-05 07:50 . 2011-05-05 07:50 -------- d-----w- c:\users\Mijn Naam\AppData\Local\{58C9DD11-DB29-46C6-9046-DEB79025E35B}
2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files\iPod
2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files\iTunes
2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files (x86)\iTunes
2011-05-04 15:54 . 2011-05-04 15:54 -------- d-----w- c:\program files\Bonjour
2011-05-04 15:31 . 2011-05-04 15:31 424152 ----a-w- c:\users\Mijn Naam\cc_20110504_173130.reg
2011-05-03 16:39 . 2011-05-03 16:39 -------- d-----w- c:\users\Mijn Naam\AppData\Local\AVG Security Toolbar
2011-05-03 16:34 . 2011-05-03 16:34 -------- d-----w- c:\users\Mijn Naam\AppData\Roaming\AVG10
2011-05-03 16:10 . 2011-05-03 16:10 -------- d-----w- c:\users\Mijn Naam\AppData\Roaming\AVG9
2011-05-03 15:54 . 2011-05-09 08:04 -------- d-----w- c:\programdata\MFAData
2011-05-02 07:59 . 2011-05-02 07:59 -------- d-----w- c:\users\Mijn Naam\AppData\Roaming\InstallShield
2011-05-01 19:42 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-01 19:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-05-01 19:40 . 2009-01-08 01:20 537088 ----a-w- c:\program files\Internet Explorer\pdm.dll
2011-05-01 19:40 . 2009-01-08 01:20 358904 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2011-05-01 19:40 . 2009-01-08 01:20 355832 ----a-w- c:\program files (x86)\Internet Explorer\pdm.dll
2011-05-01 19:40 . 2009-01-08 01:20 265720 ----a-w- c:\program files (x86)\Internet Explorer\msdbg2.dll
2011-04-27 06:24 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 06:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 06:24 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 06:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 06:24 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 06:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-26 06:44 . 2011-02-16 16:37 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-04-26 06:44 . 2011-02-16 16:16 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-04-26 06:44 . 2011-02-16 14:15 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-04-26 06:44 . 2011-02-16 14:02 292864 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-04-26 06:44 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-26 06:44 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-04-26 06:44 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-26 06:44 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-26 06:44 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-26 06:44 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-26 06:44 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 15:45 . 2010-08-28 12:23 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-10 15:45 . 2010-04-20 19:21 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-10 15:26 . 2010-04-20 19:21 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-15 07:56 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:59 . 2011-04-27 06:24 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 06:24 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 06:24 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:40 . 2011-04-27 06:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 06:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 06:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 06:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:47 . 2011-03-24 09:23 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 14:13 . 2011-03-24 09:23 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53 . 2011-03-24 09:23 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:53 . 2011-03-24 09:23 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:33 . 2011-03-24 09:23 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-22 06:38 . 2011-02-22 06:38 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-02-22 06:38 . 2011-02-22 06:38 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-02-18 14:36 . 2011-02-18 14:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"MsnMsgr"="c:\program files (x86)\Windows Live\Messenger\MsnMsgr.Exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Mijn Naam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote-inhoudsopgave.onetoc2 [2008-9-16 3656]
Skype.lnk - c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe [2010-10-21 371272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-31 5430272]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Mijn Naam\AppData\Roaming\Mozilla\Firefox\Profiles\u6oalznp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Gears of War_is1 - .:\gears of war\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:32,95,5f,b2,df,e5,88,18,13,f4,3f,ca,c1,13,9b,2e,bb,d5,06,1c,5f,c5,78,
c1,5d,ef,46,9d,1d,9d,3e,25,8f,8f,13,1c,bf,52,d2,14,54,26,13,16,50,57,76,35,\
"??"=hex:c2,14,6a,f5,59,13,69,49,ab,6e,a0,10,5d,8c,e9,84
.
[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\License information*]
"datasecu"=hex:5a,f7,bd,98,a5,62,77,70,46,57,88,59,70,81,ad,0d,3a,38,34,79,df,
61,73,aa,34,2a,33,18,1e,7f,2f,c3,95,8d,0c,43,ad,33,c5,58,f4,64,7a,a9,71,94,\
"rkeysecu"=hex:86,99,1e,02,ef,88,0d,3b,6c,d9,03,e7,03,8b,cc,2d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-05-11 19:57:03
ComboFix-quarantined-files.txt 2011-05-11 17:57
ComboFix2.txt 2011-05-09 07:53
.
Pre-Run: 35.418.058.752 bytes beschikbaar
Post-Run: 40.216.584.192 bytes beschikbaar
.
- - End Of File - - A5612A377C2EA40274A3186507F3B0B1
-
-
Thanks voor je reply/hulp
C/Qoobox is nu ook verwijderd nu ik correct heb kunnen uninstallen.
In local heb ik de twee mappen verwijderd, maar deze blijven nog over:
Dan heb ik nog een vraagje. In mijn D schijf (waar ik mijn data opsla) staan er al een tijdje een paar mappen/bestanden waarvan ik in het begot niet zou weten voor wat ze dienen (ze zijn daar vanzelf opgekomen). Mag ik ze verwijderen?
Hier mijn combofix log:
ComboFix 11-05-08.04 - Mijn naam 09/05/2011 9:44.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.8190.6784 [GMT 2:00]
Gestart vanuit: c:\users\Mijn naam\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-09 to 2011-05-09 ))))))))))))))))))))))))))))))
.
.
2011-05-09 07:51 . 2011-05-09 07:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 07:40 . 2011-05-09 07:40 -------- d-----w- c:\users\Mijn naam\AppData\Local\{7E7604D5-55E2-4E36-A90B-150C2CA63F13}
2011-05-09 07:33 . 2011-05-09 07:34 -------- d-----w- c:\users\Mijn naam\AppData\Local\{29C5FF89-243E-43FB-898C-F815184FEB14}
2011-05-08 19:29 . 2011-05-08 19:29 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-05-08 19:29 . 2011-05-08 19:29 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-08 19:29 . 2011-05-08 19:29 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-08 19:29 . 2011-05-08 19:29 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-05-08 19:29 . 2011-05-08 19:29 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-08 19:29 . 2011-05-08 19:29 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-08 19:29 . 2011-05-08 19:29 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-08 19:29 . 2011-05-08 19:29 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-08 19:29 . 2011-05-08 19:29 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-08 19:29 . 2011-05-08 19:29 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-08 19:18 . 2011-05-08 19:18 -------- d-----w- c:\users\Mijn naam\AppData\Local\{BEDCD85D-C282-4944-A906-EC3A17BED0D9}
2011-05-06 15:45 . 2011-05-06 15:46 -------- d-----w- c:\users\Mijn naam\AppData\Local\{D479FBC3-FA3E-48E2-A152-B2912F84191B}
2011-05-06 10:41 . 2011-05-06 10:41 -------- d-----w- c:\users\Mijn naam\AppData\Local\{7FB64922-3299-40A0-9DF9-379CB7AA954A}
2011-05-05 07:50 . 2011-05-05 07:50 -------- d-----w- c:\users\Mijn naam\AppData\Local\{58C9DD11-DB29-46C6-9046-DEB79025E35B}
2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files\iPod
2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files\iTunes
2011-05-04 15:55 . 2011-05-04 15:55 -------- d-----w- c:\program files (x86)\iTunes
2011-05-04 15:54 . 2011-05-04 15:54 -------- d-----w- c:\program files\Bonjour
2011-05-04 15:31 . 2011-05-04 15:31 424152 ----a-w- c:\users\Mijn naam\cc_20110504_173130.reg
2011-05-04 15:17 . 2011-05-04 15:18 -------- d-----w- c:\users\Mijn naam\AppData\Local\{43F44700-D718-4E6C-83A2-32F9C2B6196F}
2011-05-04 06:18 . 2011-05-04 06:19 -------- d-----w- c:\users\Mijn naam\AppData\Local\{7B190137-40BE-408E-A37D-BC16AFABB177}
2011-05-03 16:39 . 2011-05-03 16:39 -------- d-----w- c:\users\Mijn naam\AppData\Local\AVG Security Toolbar
2011-05-03 16:34 . 2011-05-03 16:34 -------- d-----w- c:\users\Mijn naam\AppData\Roaming\AVG10
2011-05-03 16:10 . 2011-05-03 16:10 -------- d-----w- c:\users\Mijn naam\AppData\Roaming\AVG9
2011-05-03 15:54 . 2011-05-03 16:34 -------- d-----w- c:\programdata\MFAData
2011-05-02 07:59 . 2011-05-02 07:59 -------- d-----w- c:\users\Mijn naam\AppData\Roaming\InstallShield
2011-05-01 19:42 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-01 19:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-04-27 06:24 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 06:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 06:24 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 06:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 06:24 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 06:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-26 06:44 . 2011-02-16 16:37 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-04-26 06:44 . 2011-02-16 16:16 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-04-26 06:44 . 2011-02-16 14:15 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-04-26 06:44 . 2011-02-16 14:02 292864 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-04-26 06:44 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-26 06:44 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-04-26 06:44 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-26 06:44 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-26 06:44 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-26 06:44 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-26 06:44 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 20:57 . 2010-08-28 12:23 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-05-05 20:57 . 2010-04-20 19:21 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-05-05 20:03 . 2010-04-20 19:21 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-03-15 07:56 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:59 . 2011-04-27 06:24 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 06:24 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 06:24 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:40 . 2011-04-27 06:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 06:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 06:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 06:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:47 . 2011-03-24 09:23 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 14:13 . 2011-03-24 09:23 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53 . 2011-03-24 09:23 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:53 . 2011-03-24 09:23 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:33 . 2011-03-24 09:23 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-22 06:38 . 2011-02-22 06:38 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-02-22 06:38 . 2011-02-22 06:38 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-02-18 14:36 . 2011-02-18 14:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-03_15.49.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-04-27 13:45 . 2010-04-27 13:45 72856 c:\windows\SysWOW64\xliveinstallhost.exe
+ 2010-04-27 12:45 . 2010-04-27 12:45 72856 c:\windows\SysWOW64\xliveinstallhost.exe
- 2008-01-21 03:20 . 2010-10-09 10:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-05-08 19:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-05-08 19:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2010-10-09 10:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2010-10-09 10:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-05-08 19:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-05-09 07:41 75230 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-09-06 11:57 . 2011-05-09 07:41 25174 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3289391138-723072036-955293971-1000_UserData.bin
+ 2008-09-06 11:54 . 2011-05-08 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-06 11:54 . 2011-05-03 15:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-06 11:54 . 2011-05-03 15:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-06 11:54 . 2011-05-08 19:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-06 11:54 . 2011-05-08 19:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-09-06 11:54 . 2011-05-03 15:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-06-20 06:47 . 2011-05-03 15:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-06-20 06:47 . 2011-05-06 11:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-06-20 06:47 . 2011-05-03 15:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-20 06:47 . 2011-05-06 11:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-06-20 06:47 . 2011-05-03 15:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-06-20 06:47 . 2011-05-06 11:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-17 10:55 . 2011-05-03 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-17 10:55 . 2011-05-09 07:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-17 10:55 . 2011-05-03 15:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-12-17 10:55 . 2011-05-09 07:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-03 16:30 . 2011-05-03 16:30 80384 c:\windows\Installer\a4179.msi
+ 2011-05-08 19:23 . 2011-05-08 19:23 76926 c:\windows\Installer\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}\GameForWindowsLiveDash.exe
+ 2006-11-02 12:40 . 2011-05-09 07:38 86016 c:\windows\inf\infstor.dat
- 2006-11-02 12:40 . 2011-03-27 19:38 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 12:40 . 2011-05-09 07:38 51200 c:\windows\inf\infpub.dat
- 2006-11-02 12:40 . 2011-03-27 19:38 51200 c:\windows\inf\infpub.dat
- 2011-05-03 15:37 . 2011-05-03 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-09 07:39 . 2011-05-09 07:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-05-09 07:39 . 2011-05-09 07:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-05-03 15:37 . 2011-05-03 15:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-04-27 13:45 . 2010-04-27 13:45 187544 c:\windows\SysWOW64\xliveinstall.dll
+ 2010-04-27 12:45 . 2010-04-27 12:45 187544 c:\windows\SysWOW64\xliveinstall.dll
+ 2008-09-08 09:44 . 2011-05-06 16:21 209972 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2006-11-02 15:45 . 2011-05-09 07:41 160762 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-21 08:09 . 2011-05-03 15:43 679906 c:\windows\system32\perfh013.dat
+ 2008-01-21 08:09 . 2011-05-09 07:45 679906 c:\windows\system32\perfh013.dat
+ 2006-11-02 12:46 . 2011-05-09 07:45 603198 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-05-03 15:43 603198 c:\windows\system32\perfh009.dat
- 2008-01-21 08:09 . 2011-05-03 15:43 131026 c:\windows\system32\perfc013.dat
+ 2008-01-21 08:09 . 2011-05-09 07:45 131026 c:\windows\system32\perfc013.dat
+ 2006-11-02 12:46 . 2011-05-09 07:45 109020 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-05-03 15:43 109020 c:\windows\system32\perfc009.dat
- 2010-04-28 09:24 . 2011-05-03 15:36 465204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-28 09:24 . 2011-05-09 07:38 465204 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-04-28 11:34 . 2011-05-03 15:36 936972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3289391138-723072036-955293971-1000-12288.dat
+ 2010-04-28 11:34 . 2011-05-09 07:38 936972 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3289391138-723072036-955293971-1000-12288.dat
+ 2011-05-04 15:54 . 2011-05-04 15:54 811520 c:\windows\Installer\fb343.msi
+ 2011-05-03 16:30 . 2011-05-03 16:30 219648 c:\windows\Installer\a4175.msi
+ 2011-05-08 19:23 . 2011-05-08 19:23 830464 c:\windows\Installer\56f01.msi
+ 2011-05-08 19:22 . 2011-05-08 19:22 847872 c:\windows\Installer\56e92.msi
+ 2011-05-04 15:56 . 2011-05-04 15:56 380928 c:\windows\Installer\{18155797-EF2E-4699-9A16-FE787C4C10DB}\iTunesIco.exe
+ 2006-11-02 12:40 . 2011-05-09 07:38 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 12:40 . 2011-03-27 19:38 143360 c:\windows\inf\infstrng.dat
+ 2011-05-04 15:56 . 2011-05-04 15:56 6530048 c:\windows\Installer\fbd5d.msi
+ 2011-05-04 15:54 . 2011-05-04 15:54 1991680 c:\windows\Installer\fb375.msi
- 2006-11-02 12:33 . 2011-05-02 16:53 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 12:33 . 2011-05-03 16:34 11272192 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
-- Snapshot teruggezet naar huidige datum --
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"MsnMsgr"="c:\program files (x86)\Windows Live\Messenger\MsnMsgr.Exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-26 421160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Mijn naam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote-inhoudsopgave.onetoc2 [2008-9-16 3656]
Skype.lnk - c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe [2010-10-21 371272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-31 5430272]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\users\Mijn naam\AppData\Roaming\Mozilla\Firefox\Profiles\u6oalznp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:32,95,5f,b2,df,e5,88,18,13,f4,3f,ca,c1,13,9b,2e,bb,d5,06,1c,5f,c5,78,
c1,5d,ef,46,9d,1d,9d,3e,25,8f,8f,13,1c,bf,52,d2,14,54,26,13,16,50,57,76,35,\
"??"=hex:c2,14,6a,f5,59,13,69,49,ab,6e,a0,10,5d,8c,e9,84
.
[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\License information*]
"datasecu"=hex:5a,f7,bd,98,a5,62,77,70,46,57,88,59,70,81,ad,0d,3a,38,34,79,df,
61,73,aa,34,2a,33,18,1e,7f,2f,c3,95,8d,0c,43,ad,33,c5,58,f4,64,7a,a9,71,94,\
"rkeysecu"=hex:86,99,1e,02,ef,88,0d,3b,6c,d9,03,e7,03,8b,cc,2d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-05-09 09:53:25
ComboFix-quarantined-files.txt 2011-05-09 07:53
ComboFix2.txt 2011-05-03 15:51
.
Pre-Run: 37.434.064.896 bytes beschikbaar
Post-Run: 37.471.985.664 bytes beschikbaar
.
- - End Of File - - F15ACD2D9FB8B092732E08E4A0808718
Thanks!
-
Hallo,
Ik heb zojuist een projector aangeschaft en zoek een projectiescherm (met een statief, ik wil hem niet aan het plafond hangen (hopelijk weten jullie hiermee wat ik bedoel
)). Ik weet niet of dit wat uitmaakt maar ik zal het vooral gebruiken om films en games af te spelen. Ik heb al wat gegoogled en de prijzen voor deze schermen lijken me heel duur! Zijn er adressen waar ik goedkope/goede projectieschermen kan vinden? Het enige wat ik gevonden heb zijn de projectieschermen van acco nobo, die heel meevallen qua prijs als je vergelijkt met andere projectieschermen. Iemand ervaring met deze projectieschermen?
Thanks!
-
er staan nog 2 lege mappen: {43F44700-D718-4E6C-83A2-32F9C2B6196F} en {7B190137-40BE-408E-A37D-BC16AFABB177} deze ook verwijderen?
Ik heb combofix proberen te zoeken, maar hij vindt niets. Ik heb wel na combofix direct avg 2011 geïnstalleerd en avg gaf combofix (die in mijn downloads stond) aan als virus, dus die had ik die in mijn map met downloads verwijderd. Misschien dat dit hier aan ligt? (is alles van combofix verwijderd?)
edit: f*****************k, ik zie juist dat ik combofix op bureaublad moest opslaan. wat nu?
(combofix stond dus onder: C:\Users\Naam\Downloads
Bij C:\Qoobox krijg ik de melding dat ik niet gemachtigd ben om deze bewerking uit te voeren, ik ben nochtans de administrator....
Ccleaner had veel fouten, vele fouten heb ik dan ook hersteld. (+ mijn internetgeschiedenis wil ik houden, dus heb ik mijn explorer laten aan staan tijdens dit opsporen, ik weet niet of dit fout is?)
Edit: heb er 2 dagen geen last meer van gehad, maar nu pas was ik weer call of duty aan het spelen en krijg zwart scherm --> reset
Iemand voorstellen? thanks
-
er staan nog 2 lege mappen: {43F44700-D718-4E6C-83A2-32F9C2B6196F} en {7B190137-40BE-408E-A37D-BC16AFABB177} deze ook verwijderen?
Ik heb combofix proberen te zoeken, maar hij vindt niets. Ik heb wel na combofix direct avg 2011 geïnstalleerd en avg gaf combofix (die in mijn downloads stond) aan als virus, dus die had ik die in mijn map met downloads verwijderd. Misschien dat dit hier aan ligt? (is alles van combofix verwijderd?)
edit: f*****************k, ik zie juist dat ik combofix op bureaublad moest opslaan. wat nu?
(combofix stond dus onder: C:\Users\Naam\Downloads
Bij C:\Qoobox krijg ik de melding dat ik niet gemachtigd ben om deze bewerking uit te voeren, ik ben nochtans de administrator....
Ccleaner had veel fouten, vele fouten heb ik dan ook hersteld. (+ mijn internetgeschiedenis wil ik houden, dus heb ik mijn explorer laten aan staan tijdens dit opsporen, ik weet niet of dit fout is?)
Edit: heb er 2 dagen geen last meer van gehad, maar nu pas was ik weer call of duty aan het spelen en krijg zwart scherm --> reset
-
ik heb juist avg opnieuw er op gezet en krijg constant de melding bij anti virus, anti spyware en linkscanner: database is outdated. ook al zijn er geen updates meer beschikbaar
edit: al opgelost
-
Via deze link kan je AVG remover downloaden, hiermee kan je het best AVG verwijderen.
Je kan dan als je probleem opgelost is AVG weer terug installeren.
ComboFix 11-05-02.04 - Mijn naam 03/05/2011 17:42:05.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.8190.6756 [GMT 2:00]
Gestart vanuit: c:\users\Mijn naam\Downloads\ComboFix.exe
AV: AVG Anti-Virus *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mijn naam\AppData\Roaming\inst.exe
c:\users\Mijn naam\Favorites\Games.url
c:\users\NICKDE~1\FAVORI~1\Games.url
D:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-03 to 2011-05-03 ))))))))))))))))))))))))))))))
.
.
2011-05-03 15:49 . 2011-05-03 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-03 14:31 . 2011-05-03 14:31 -------- d-----w- c:\users\Mijn naam\AppData\Local\{32F46E35-B43E-4EB0-9FCD-DA9AE511C702}
2011-05-02 20:06 . 2011-05-02 20:07 -------- d-----w- c:\users\Mijn naam\AppData\Local\{113AFA64-2EA1-4F0A-BE0F-780E1204B1E9}
2011-05-02 07:59 . 2011-05-02 07:59 -------- d-----w- c:\users\Mijn naam\AppData\Roaming\InstallShield
2011-05-02 07:58 . 2011-05-02 07:59 -------- d-----w- c:\users\Mijn naam\AppData\Local\{AE682C2D-4EF4-48CC-8464-38C8361EE3DD}
2011-05-01 19:42 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-01 19:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-05-01 19:19 . 2011-05-01 19:20 -------- d-----w- c:\users\Mijn naam\AppData\Local\{49FB0240-1C66-4A60-90CA-7F80F6B7F1F0}
2011-04-29 08:25 . 2011-04-29 08:26 -------- d-----w- c:\users\Mijn naam\AppData\Local\{0B531DBC-333D-4D36-B380-D28929333E41}
2011-04-28 06:28 . 2011-04-28 06:28 -------- d-----w- c:\users\Mijn naam\AppData\Local\{D3C71F8F-3F31-40DB-8E08-1005502D354C}
2011-04-27 18:12 . 2011-04-27 18:12 -------- d-----w- c:\users\Mijn naam\AppData\Local\{6BE08434-1F8D-4F51-AD42-6168BC92B38E}
2011-04-27 06:24 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 06:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 06:24 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 06:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 06:24 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 06:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-26 06:44 . 2011-02-16 16:37 48128 ----a-w- c:\windows\system32\atmlib.dll
2011-04-26 06:44 . 2011-02-16 16:16 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-04-26 06:44 . 2011-02-16 14:15 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-04-26 06:44 . 2011-02-16 14:02 292864 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-04-26 06:44 . 2011-03-10 17:18 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-26 06:44 . 2011-03-10 17:18 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-04-26 06:44 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-26 06:44 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-26 06:44 . 2011-03-02 16:12 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-26 06:44 . 2009-05-04 10:21 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-26 06:44 . 2009-05-04 09:59 25088 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 18:23 . 2010-08-28 12:23 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-03-24 18:23 . 2010-04-20 19:21 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-03-24 17:45 . 2010-04-20 19:21 224960 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-03-15 07:56 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:59 . 2011-04-27 06:24 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 06:24 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 06:24 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:40 . 2011-04-27 06:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 06:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 06:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 06:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:47 . 2011-03-24 09:23 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 14:13 . 2011-03-24 09:23 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53 . 2011-03-24 09:23 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:53 . 2011-03-24 09:23 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:33 . 2011-03-24 09:23 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-22 06:38 . 2011-02-22 06:38 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-02-22 06:38 . 2011-02-22 06:38 84992 ----a-w- c:\windows\system32\frapsv64.dll
2011-02-18 14:36 . 2011-02-18 14:36 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"MsnMsgr"="c:\program files (x86)\Windows Live\Messenger\MsnMsgr.Exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-29 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\users\Mijn naam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote-inhoudsopgave.onetoc2 [2008-9-16 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-31 5430272]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mijn naam\AppData\Roaming\Mozilla\Firefox\Profiles\u6oalznp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: UnPlug: unplug@compunach - %profile%\extensions\unplug@compunach
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-BlazeServoTool - c:\program files (x86)\NTI\NTI Digital Flix 2.5\MediaDetector.exe
HKLM_Wow6432Node-ActiveSetup-{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516} - c:\programdata\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Gears of War_is1 - .:\gears of war\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-Slachtofferchat - c:\windows\system32\javaws.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:32,95,5f,b2,df,e5,88,18,13,f4,3f,ca,c1,13,9b,2e,bb,d5,06,1c,5f,c5,78,
c1,5d,ef,46,9d,1d,9d,3e,25,8f,8f,13,1c,bf,52,d2,14,54,26,13,16,50,57,76,35,\
"??"=hex:c2,14,6a,f5,59,13,69,49,ab,6e,a0,10,5d,8c,e9,84
.
[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\License information*]
"datasecu"=hex:5a,f7,bd,98,a5,62,77,70,46,57,88,59,70,81,ad,0d,3a,38,34,79,df,
61,73,aa,34,2a,33,18,1e,7f,2f,c3,95,8d,0c,43,ad,33,c5,58,f4,64,7a,a9,71,94,\
"rkeysecu"=hex:86,99,1e,02,ef,88,0d,3b,6c,d9,03,e7,03,8b,cc,2d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-05-03 17:51:48
ComboFix-quarantined-files.txt 2011-05-03 15:51
.
Pre-Run: 36.990.029.824 bytes beschikbaar
Post-Run: 36.624.969.728 bytes beschikbaar
.
- - End Of File - - 374F29CEA0D3530FE29E2A67D4889AC2
-
Logjes zien er beiden netjes uit. Nog een extra scan graag :
Download ComboFix van één van deze locaties:
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Ik heb zopas geprobeerd om combofix te gebruiken door avg af te sluiten via deze site: AVG Free | FAQ | Worldwide - How to disable AVG Free temporarily combofix blijft me de melding geven dat het niet kan starten omdat avg aan staat. avg verwijderen dan maar? (doe ik eigenlijk liever niet)
-
Hallo,
Mijn pc doet nu al een tijdje raar wanneer ik hem opstart. Het gebeurt soms dat hij gewoon een zwart scherm weergeeft, het scherm blijft dan gewoon zo en ik duw op de reset knop. Soms start hij dan gewoon op, en soms weer niet, dan duw ik opnieuw op de reset knop totdat hij gewoon opstart.
Daarnaast "freezed" mijn beeld soms als ik op internet surf, of een spel speel.
Ik heb vandaag nog gescanned met avg, niets gevonden. Hier een logje van hjt:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:32:38, on 2/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19019)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [blazeServoTool] "C:\Program Files (x86)\NTI\NTI Digital Flix 2.5\MediaDetector.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote-inhoudsopgave.onetoc2
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9013 bytes
Iemand ideetjes?
thanks
edit, zopas gescanned met malwarebytes, niets gevonden:
Malwarebytes' Anti-Malware 1.34
Database versie: 1900
Windows 6.0.6002 Service Pack 2
2/05/2011 18:34:27
mbam-log-2011-05-02 (18-34-27).txt
Scan type: Volledige Scan (C:\|D:\|)
Objecten gescand: 337910
Verstreken tijd: 1 hour(s), 1 minute(s), 24 second(s)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata bestanden geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registersleutels geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Registerdata bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
Mappen geïnfecteerd:
(Geen kwaadaardige items gevonden)
Bestanden geïnfecteerd:
(Geen kwaadaardige items gevonden)
)). Ik weet niet of dit wat uitmaakt maar ik zal het vooral gebruiken om films en games af te spelen. Ik heb al wat gegoogled en de prijzen voor deze schermen lijken me heel duur! Zijn er adressen waar ik goedkope/goede projectieschermen kan vinden? 
Na opstart zwart scherm
in Archief Windows Algemeen
Geplaatst:
Heb niet moeten opnieuw opstarten... Combofix staat nog op mijn bureaublad, mag ik dat gewoon verwijderen?
ComboFix 11-09-15.04 - Mijn Naam 15/09/2011 13:55:09.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.8190.5902 [GMT 2:00]
Gestart vanuit: c:\users\Mijn Naam\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0413.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\CF29188.exe
c:\windows\SysWow64\CF29531.exe
c:\windows\SysWow64\mfc100deu.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-08-15 to 2011-09-15 ))))))))))))))))))))))))))))))
.
.
2011-09-15 12:00 . 2011-09-15 12:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-15 12:00 . 2011-09-15 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-15 10:00 . 2011-09-15 10:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-09-15 10:00 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-14 13:59 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-09-14 13:59 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-25 13:05 . 2011-08-25 13:05 -------- d-----w- c:\users\Mijn Naam\AppData\Roaming\PunkBuster
2011-08-25 12:45 . 2011-08-25 13:05 -------- d-----w- c:\program files (x86)\Ubisoft
2011-08-24 10:26 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 10:26 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-22 14:08 . 2011-08-22 14:08 -------- d-----w- c:\program files\iTunes
2011-08-22 14:08 . 2011-08-22 14:08 -------- d-----w- c:\program files (x86)\iTunes
2011-08-22 14:08 . 2011-08-22 14:08 -------- d-----w- c:\program files\iPod
2011-08-22 14:07 . 2011-08-22 14:07 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-08-22 14:05 . 2011-08-22 14:05 -------- d-----w- c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-04 11:48 . 2011-06-29 16:08 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-25 13:06 . 2010-04-20 19:21 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-25 13:06 . 2010-04-20 19:21 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-05 09:57 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-22 05:42 . 2011-08-11 10:06 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-11 10:06 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-11 10:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-11 10:06 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-11 10:06 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-11 10:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:34 . 2011-07-12 09:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-06 15:49 . 2011-08-10 11:19 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-20 08:45 . 2011-08-10 11:19 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:14 . 2011-08-10 11:19 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:16 . 2011-08-10 11:19 451072 ----a-w- c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 08:15 2532680 ----a-w- c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\users\Mijn Naam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Xpadder - Snelkoppeling - kopie.lnk - c:\users\Mijn Naam\Desktop\Xpadder\Xpadder.exe [2009-3-1 932864]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-17 7390560]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG10\avgfws.exe [2011-03-09 2708024]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-31 5430272]
"Skytel"="Skytel.exe" [2007-10-11 1826816]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.be/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.130.5 195.130.131.5
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Mijn Naam\AppData\Roaming\Mozilla\Firefox\Profiles\u6oalznp.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dcad02f&v=7.007.026.001&i=26&tp=ab&iy=&ychte=us&lng=nl&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Gears of War_is1 - .:\gears of war\unins000.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:32,95,5f,b2,df,e5,88,18,13,f4,3f,ca,c1,13,9b,2e,bb,d5,06,1c,5f,c5,78,
c1,5d,ef,46,9d,1d,9d,3e,25,8f,8f,13,1c,bf,52,d2,14,54,26,13,16,50,57,76,35,\
"??"=hex:c2,14,6a,f5,59,13,69,49,ab,6e,a0,10,5d,8c,e9,84
.
[HKEY_USERS\S-1-5-21-3289391138-723072036-955293971-1000\Software\SecuROM\License information*]
"datasecu"=hex:5a,f7,bd,98,a5,62,77,70,46,57,88,59,70,81,ad,0d,3a,38,34,79,df,
61,73,aa,34,2a,33,18,1e,7f,2f,c3,95,8d,0c,43,ad,33,c5,58,f4,64,7a,a9,71,94,\
"rkeysecu"=hex:86,99,1e,02,ef,88,0d,3b,6c,d9,03,e7,03,8b,cc,2d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2011-09-15 14:02:21
ComboFix-quarantined-files.txt 2011-09-15 12:02
.
Pre-Run: 32.554.586.112 bytes beschikbaar
Post-Run: 32.318.132.224 bytes beschikbaar
.
- - End Of File - - BED98626E621CDF33962FA7F62D8287C