Inhoud van 010890falcon - Pagina 7

Omzetten van een document

010890falcon reageerde op 010890falcon's topic in Archief Microsoft Office

Ik kan het inderdaad wel openen in Word maar krijg dan een voor mij "Chinees" dat wordt weergegeven

4 januari 2012
8 antwoorden
- document
- graag
- (en 4 meer)
  Getagd met:
  - document
  - graag
  - office
  - openen
  - probleem
  - zoiets

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Hier het combofix loge ComboFix 12-01-03.08 - Chris 04/01/2012 17:58:19.4.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1043.18.3767.1834 [GMT 1:00] Gestart vanuit: c:\users\Chris\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Chris\Desktop\CFScript.docx AV: G Data TotalCare 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED} SP: G Data TotalCare 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\windows\SysWow64\sho7E91.tmp c:\windows\SysWow64\shoD32B.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))) . . 2012-01-04 17:25 . 2012-01-04 17:25 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7B14E90-F519-4056-8A8A-A4E8C55971D4}\offreg.dll 2012-01-04 17:21 . 2012-01-04 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-04 17:21 . 2012-01-04 17:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-01-03 10:00 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7B14E90-F519-4056-8A8A-A4E8C55971D4}\mpengine.dll 2011-12-25 22:32 . 2011-12-25 22:32 -------- d-----w- c:\programdata\Microsoft Help 2011-12-25 22:32 . 2011-12-25 22:32 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Help 2011-12-16 12:52 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-16 12:52 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys 2011-12-16 12:52 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll 2011-12-16 12:52 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-12-16 12:52 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-16 12:52 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-12-08 20:19 . 2011-12-08 20:19 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes 2011-12-08 20:19 . 2011-12-08 20:19 -------- d-----w- c:\programdata\Malwarebytes 2011-12-08 20:19 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-08 20:19 . 2011-12-29 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-08 15:21 . 2011-12-08 15:21 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-08 15:21 . 2011-12-08 15:21 -------- d-----w- c:\program files (x86)\Trend Micro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-04 10:30 . 2011-07-30 17:48 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-11-17 17:59 . 2011-09-24 09:09 53112 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2011-11-17 17:58 . 2011-09-24 09:09 50552 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-11-17 17:58 . 2011-09-24 09:09 111992 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-11-17 17:58 . 2011-09-24 09:09 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys . . ((((((((((((((((((((((((((((( SnapShot@2011-12-29_18.43.09 ))))))))))))))))))))))))))))))))))))))))) . + 2012-01-04 17:22 . 2012-01-04 17:22 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2011-12-29 18:39 . 2011-12-29 18:39 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2009-07-14 04:54 . 2011-12-29 17:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-01-04 17:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-12-29 17:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-01-04 17:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-12-29 17:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-01-04 17:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-07-20 16:32 . 2012-01-02 10:49 35670 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-01-04 17:29 32144 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-07-20 16:15 . 2012-01-04 17:29 10642 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3351498878-181285060-854150992-1001_UserData.bin + 2011-07-20 18:48 . 2012-01-04 13:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-07-20 18:48 . 2011-12-29 17:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-07-20 18:48 . 2012-01-04 13:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-07-20 18:48 . 2011-12-29 17:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-01-04 13:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-12-29 17:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-09-05 21:11 . 2012-01-04 13:14 40960 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\rtdrvmon.exe - 2011-09-05 21:11 . 2011-12-29 14:52 40960 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\rtdrvmon.exe + 2012-01-04 17:22 . 2012-01-04 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-12-29 18:40 . 2011-12-29 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-04 17:22 . 2012-01-04 17:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-12-29 18:40 . 2011-12-29 18:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-09-24 11:54 . 2012-01-04 11:15 512192 c:\windows\SysWOW64\sig.bin + 2012-01-04 10:30 . 2012-01-04 10:30 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe + 2012-01-04 10:30 . 2012-01-04 10:30 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll - 2011-07-24 13:46 . 2011-12-29 17:48 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2011-07-24 13:46 . 2012-01-04 17:17 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-01-03 15:34 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2011-12-28 11:17 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2012-01-01 17:09 . 2012-01-01 17:09 236904 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\reliability\Sqm\Manifest\Sqm25.bin + 2009-07-14 05:01 . 2012-01-04 17:22 238224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-12-29 18:39 238224 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-07-20 21:36 . 2012-01-04 17:22 5199276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3351498878-181285060-854150992-1001-8192.dat + 2009-07-14 02:34 . 2012-01-04 13:29 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2011-12-29 15:08 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2011-07-20 21:36 . 2011-12-29 18:39 12294044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3351498878-181285060-854150992-1001-4096.dat + 2011-07-20 21:36 . 2012-01-04 17:22 12294044 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3351498878-181285060-854150992-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600] "HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992] "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe" [2011-09-22 1012232] "GDFirewallTray"="c:\program files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2011-11-08 1616904] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040] R3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2011-10-28 1498616] R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [x] R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2011-05-20 960504] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x] S0 SafeBoot;SafeBoot; [x] S0 SbAlg;SbAlg; [x] S0 SbFsLock;SbFsLock; [x] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x] S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [x] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x] S1 RsvLock;RsvLock; [x] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-11-08 1501192] S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalCare\AVK\AVKService.exe [2011-09-22 464392] S2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe [2011-10-28 2191808] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512] S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe [2011-08-10 1556816] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 459784] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496] . . Inhoud van de 'Gedeelde Taken' map . 2011-12-22 c:\windows\Tasks\HPCeeScheduleFor010890FALCON$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2011-12-08 c:\windows\Tasks\HPCeeScheduleForChris.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac . ************************************************************************** . Voltooingstijd: 2012-01-04 18:59:37 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-04 17:59 ComboFix2.txt 2011-12-29 19:14 . Pre-Run: 106.315.730.944 bytes beschikbaar Post-Run: 105.901.789.184 bytes beschikbaar . - - End Of File - - ABA42E24E5BF85B200C70BDF2829FC56 ---------- Post toegevoegd om 19:07 ---------- Vorige post was om 19:04 ---------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:06:30, on 4/01/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AVKWebIE.dll O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\TotalCare\WebFilter\AVKWebIE.dll O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe O4 - HKLM\..\Run: [HP KEYBOARDx] "C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe O4 - HKLM\..\Run: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe O4 - HKLM\..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [File Sanitizer] c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVK\AVKService.exe O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: lxcz_device - - C:\Windows\system32\lxczcoms.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11023 bytes ---------- Post toegevoegd om 19:08 ---------- Vorige post was om 19:07 ---------- Ik moet nu weg naar mijn repetitie maar ik zal straks de zaken voor Jotti klaarmaken

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Neen; ik was zover nog niet gekomen om dat bestand GDBehave.sys al laten scannen bij Jotti, ik heb dat CFScript terug aangemaakt en ben het nu opnieuw aan het laten scannen door combofix

Omzetten van een document

010890falcon reageerde op 010890falcon's topic in Archief Microsoft Office

Ik heb beide opties geprobeerd en en geen van beide werkt

4 januari 2012
8 antwoorden
- document
- graag
- (en 4 meer)
  Getagd met:
  - document
  - graag
  - office
  - openen
  - probleem
  - zoiets

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Het eigenaardige is dat het scriptje verdwenen is van mijn bureaublad en ook uit mijn documenten

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Alles leek prima te gaan lukken met Combofix en dat CFscript tot ineens ik een melding kreeg bij het nieuw opstarten dat malwarebytes nog aan het scannen was (terwijl ik dat niet had gevraagd) en ik heb dan malwarebytes afgesloten en de PC opnieuw opgestart en Combofix staat nu al een hele tijd niets te doen? Dus heb ik mijn antivirus en Firewall weer ingeschakeld op opnieuw op het net te komen maar van een Logje dus geen enkel spoor

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Kunt U mij zeggen hoe ik CFscript.txt moet slepen in Combofix,exe want bij mij lukt dat niet ---------- Post toegevoegd om 12:22 ---------- Vorige post was om 12:17 ---------- Ik denk dat het gelukt is met combofix!

Omzetten van een document

010890falcon reageerde op 010890falcon's topic in Archief Microsoft Office

Bedankt voor de mail maar ik versta niet alles wat ze daar in het Engels uitleggen, bestaat dat ergens in de nederlandse taal?

3 januari 2012
8 antwoorden
- document
- graag
- (en 4 meer)
  Getagd met:
  - document
  - graag
  - office
  - openen
  - probleem
  - zoiets

Omzetten van een document

010890falcon reageerde op 010890falcon's topic in Archief Microsoft Office

Als ik Ctrl + S doe dan gebeurt er niks

3 januari 2012
8 antwoorden
- document
- graag
- (en 4 meer)
  Getagd met:
  - document
  - graag
  - office
  - openen
  - probleem
  - zoiets

Omzetten van een document

010890falcon plaatste een topic in Archief Microsoft Office

Ik heb een document, model 113.word.dat en ik kan dat alleen openen maar niet bewerken. Ik had dat graag naar Word omgezet. Hoe moet je zoiets doen?

3 januari 2012
8 antwoorden
- document
- graag
- (en 4 meer)
  Getagd met:
  - document
  - graag
  - office
  - openen
  - probleem
  - zoiets

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Neen, ik kan niet naar GData gaan met bladeren, ik heb dus Combofix nu maar opgestart en op hoop van zegen...komt alles zoals het moet lopen.

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Ik heb nog een vraagje, ik heb mijn andere nieuwe PC laten nakijken door een collega van U maar die heeft sinds al een paar dagen niets meer van zich laten horen ? Is hij misschien in verlof? Die discussie staat nog open.

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Ik heb eerst geprobeerd in normale modus maar dan werkt er helemaal niets, in veilige modus kan ik echter niet aan mijn GData omdat de symbooltjes onderaan rechts op het PC scherm allemaal verdwenen zijn in veilige modus. Dan heb ik dus maar Combofix laten uitvoeren maar ik krijg dadelijk een melding dat GData nog aktief is en dat het hinderend kan zijn en zelfs systeemschade toebrengenK Kunt U mij misschien zeggen hoe ik GData kan terugvinden en uitschakelen in veilige modus. En wat met Malwarebytes anti-malware, CC Cleaner, Hijack this en Superantispyware? Moet ik die wegdoen op mijn PC?

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Maar dan moet ik niet in veilige modus staan maar in normale modus want nu krijg ik een melding dat Windows Installer Service op Lokale Computer niet kan starten, Fout 1084, deze service kan niet in veilige modus worden gestart, ---------- Post toegevoegd om 14:39 ---------- Vorige post was om 14:25 ---------- In normale modus kan ik niks doen dus moet ik alles in veilige modus uitvoeren, ik heb het zojuist geporbeerd

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Ik heb Hijack This wel gevonden zoals door U aangegeven in Trend Micro maar als ik rechtermuisknop klik op Hijack This dan krijg ik nergens een aanduiding van HijackThis.exe? en er staat ook nergens "uitvoeren als administrator"

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Ik kon met de rechtermuisknop als administrator "Hijack thi"s niet starten en heb het dan gewoon met de linkermuisknop gedaan, ik heb dan weer een Logfile gekregen en die 3 rubrieken staan erin die ik moet "fixen" Ik krijg ook een melding dat Hijack een HBO file ga deleten, over die 2 andere files die ik ga deleten zegt hij niks, ---------- Post toegevoegd om 11:35 ---------- Vorige post was om 11:33 ---------- Neen, dat ging niet, als ik services intip bij "uitvoeren"en dan OK druk dan gebeurt er niks,

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Ik kan alleen Hijack this opstarten op de normale manier, als ik met de rechtermuisknop klik komt er geen melding van “Run as administrator" of "Uitvoeren als administrator". Ik heb dus wel een Log File gekregen maar die had U al denk ik, ---------- Post toegevoegd om 11:23 ---------- Vorige post was om 11:20 ---------- Ik krijg een melding dat ik Ask.com niet kan verwijderen omdat er geen toegang is tot Windows installer-service omdat ik in veilige modus ben opgestart

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Ik kan die 2 programma's niet verwijderen via software want mijn scherm bevriest ook als ik zeg "verwijderen", ---------- Post toegevoegd om 11:13 ---------- Vorige post was om 11:04 ---------- Ik heb de Pc nog eens opgestart in veilige modus en Speed Up my PC heb ik wel kunnen verwijderen maar als ik probeer Registrybooster 2011 te verwijderen dan bevriest de PC,

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Oké, dat is gelukt, moet ik nu eerst via configuratiescherm en dan de rubriek software die 2 programma's verwijderen? ---------- Post toegevoegd om 10:33 ---------- Vorige post was om 10:31 ---------- Ik heb in mijn software Ask Toolbar en Ask Toolbar Updates, die moet ik dus ook verwijderen? Ik neem aan dat je daarmee Ask.com bedoelt?

Vermoedelijk virus op PC

010890falcon reageerde op 010890falcon's topic in Archief Bestrijding malware & virussen

Ik probeer mijn PC in veilige modus op te starten maar dat lukt me niet, als ik normaal opstart dan bevriest mijn PC op alle commando's die ik geef. Hoe kan ik hem zeker in veilige modus opstarten? Bij mij werkt F8 niet voor veilige modus maar wel F11 voor het opstarten van een Boot CD

Vermoedelijk virus op PC

010890falcon plaatste een topic in Archief Bestrijding malware & virussen

Hallo, ik denk dat mijn PC getroffen is door een virus. Vermits ik ongeveer al weet wat ik moet doen stuur ik hier het rapportje van Hijack this Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:53:27, on 1/01/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\Uniblue\SPEEDU~1\sump.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\WebFilter\AvkWebIE.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\WebFilter\AvkWebIE.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m O4 - HKCU\..\Run: [speedUpMyPC] "C:\PROGRA~1\Uniblue\SPEEDU~1\launcher.exe" -d 20000 O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\calcheck.exe O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB PLUS\Driver\WATCH.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\ASTSRV.EXE O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe O23 - Service: G Data Bestandssysteembewaker (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe O23 - Service: G Data Backup Service (GDBackupSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe O23 - Service: G Data Persoonlijke Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe O23 - Service: G Data Tuner Service (GDTunerSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe O23 - Service: Google Updateservice (gupdate1ca2cdb6cbbcd2c) (gupdate1ca2cdb6cbbcd2c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 9716 bytes Ik hoop dat jullie mijn probleem kunnen oplossen zoals altijd.

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Als ik mijn oude PC opstart en F8 druk dan gebeurt er niets en wordt de PC normaal opgestart en nadien blijft alles hangen, ik kan geen enkel commando doorvoeren. Als ik echter opnieuw start en F11 druk dan kan ik de Boot CD van GData wel opstarten. ---------- Post toegevoegd om 20:19 ---------- Vorige post was om 20:04 ---------- Hier het Combofix rapport, ik hoop dat he bruikbaar is, ComboFix 11-12-29.04 - Chris 29/12/2011 18:12:29.2.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1043.18.3767.1935 [GMT 1:00] Gestart vanuit: c:\users\Chris\Desktop\ComboFix.exe AV: G Data TotalCare 2012 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496} FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED} SP: G Data TotalCare 2012 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Thumbs.db . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-28 to 2011-12-29 )))))))))))))))))))))))))))))) . . 2011-12-29 18:38 . 2011-12-29 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-12-29 15:01 . 2011-12-29 18:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EED91A7-9B1F-486D-99E6-776176E698AE}\offreg.dll 2011-12-29 13:17 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EED91A7-9B1F-486D-99E6-776176E698AE}\mpengine.dll 2011-12-25 22:32 . 2011-12-25 22:32 -------- d-----w- c:\programdata\Microsoft Help 2011-12-25 22:32 . 2011-12-25 22:32 -------- d-----w- c:\users\Chris\AppData\Local\Microsoft Help 2011-12-16 12:52 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll 2011-12-16 12:52 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys 2011-12-16 12:52 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll 2011-12-16 12:52 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll 2011-12-16 12:52 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll 2011-12-16 12:52 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-12-08 20:19 . 2011-12-08 20:19 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes 2011-12-08 20:19 . 2011-12-08 20:19 -------- d-----w- c:\programdata\Malwarebytes 2011-12-08 20:19 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-12-08 20:19 . 2011-12-08 20:19 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-12-08 15:21 . 2011-12-08 15:21 388096 ----a-r- c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-12-08 15:21 . 2011-12-08 15:21 -------- d-----w- c:\program files (x86)\Trend Micro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-17 17:59 . 2011-09-24 09:09 53112 ----a-w- c:\windows\system32\drivers\HookCentre.sys 2011-11-17 17:58 . 2011-09-24 09:09 50552 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-11-17 17:58 . 2011-09-24 09:09 111992 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-11-17 17:58 . 2011-09-24 09:09 65912 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2011-10-07 21:00 . 2011-10-07 21:00 0 ----a-w- c:\windows\SysWow64\sho7E91.tmp 2011-10-06 13:15 . 2011-10-06 13:15 106488 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-10-04 21:56 . 2011-10-04 21:56 0 ----a-w- c:\windows\SysWow64\shoD32B.tmp 2011-10-04 17:37 . 2011-09-24 09:10 59256 ----a-w- c:\windows\system32\drivers\PktIcpt.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600] "HP KEYBOARDx"="c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE" [2010-02-11 710656] "HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896] "BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992] "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] "G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\TotalCare\AVKTray\AVKTray.exe" [2011-09-22 1012232] "GDFirewallTray"="c:\program files (x86)\G Data\TotalCare\Firewall\GDFirewallTray.exe" [2011-11-08 1616904] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ DPPassFilter scecli Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x] R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040] R3 GDBackupSvc;G Data Backup Service;c:\program files (x86)\G Data\TotalCare\AVKBackup\AVKBackupService.exe [2011-10-28 1498616] R3 GdNetMon;G Data Network Monitor;c:\windows\system32\drivers\GdNetMon64.sys [x] R3 GDTunerSvc;G Data Tuner Service;c:\program files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe [2011-05-20 960504] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 OxPPort;OxPPort;c:\windows\system32\DRIVERS\OxPPort.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [x] S0 SafeBoot;SafeBoot; [x] S0 SbAlg;SbAlg; [x] S0 SbFsLock;SbFsLock; [x] S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [x] S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [x] S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [x] S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [x] S1 RsvLock;RsvLock; [x] S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2011-11-08 1501192] S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\TotalCare\AVK\AVKService.exe [2011-09-22 464392] S2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files (x86)\G Data\TotalCare\AVK\AVKWCtlX64.exe [2011-10-28 2191808] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664] S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192] S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2009-12-12 297984] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512] S3 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\TotalCare\Firewall\GDFwSvcx64.exe [2011-08-10 1556816] S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] S3 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2011-10-28 459784] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496] . . Inhoud van de 'Gedeelde Taken' map . 2011-12-22 c:\windows\Tasks\HPCeeScheduleFor010890FALCON$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2011-12-08 c:\windows\Tasks\HPCeeScheduleForChris.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac c:\program files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe . ************************************************************************** . Voltooingstijd: 2011-12-29 20:14:08 - machine werd herstart ComboFix-quarantined-files.txt 2011-12-29 19:13 . Pre-Run: 109.628.715.008 bytes beschikbaar Post-Run: 109.408.739.328 bytes beschikbaar . - - End Of File - - 37AEA24530C3CE3F5711515EE6A6A7C5

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Neen, ik heb bij mijn nieuwe PC gewoon alles laten lopen maar niet in veilige modus, ondertussen ben ik al in voltooid 41 geraakt ---------- Post toegevoegd om 19:33 ---------- Vorige post was om 19:26 ---------- Ik denk dat mijn oude PC zwaar geïnfecteerd is want mijn Boot CD moest updates ophalen en doet het niet en de virusscan programma van Gdata werd afgebroken en ik kan de Boot Cd van Gdata ook niet meer uitwerpen want er komt een bericht : cannot open /media/.hal-mtab. Wat kan ik doen? ---------- Post toegevoegd om 19:38 ---------- Vorige post was om 19:33 ---------- Ik heb de CD eruit gehaald met de paperclip truc en wat nu?

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Mijn nieuwe PC is al meer dan 30 minuten aan het scannen met Combofix maar blijft na voltooid Deel_4 staan, alleen een cursor blinkt, is dat normaal? ---------- Post toegevoegd om 18:46 ---------- Vorige post was om 18:38 ---------- Als combofix aan het scannen is moet dan de Internetaansluiting ingestoken blijven in de PC?

Computer is trager geworden

010890falcon reageerde op 010890falcon's topic in Archief Windows Algemeen

Oke, ik zal dat eens proberen met mijn oude PC in veilige modus

Inloggen

Profielen

Forums

Store

Alles dat geplaatst werd door 010890falcon

OVER ONS

SITEMAP

Belangrijke informatie