Mauritsluijs

24 mei 2012

Okee,

Register opgeruimd en gedefragmenteerd.

AutoAdminLogon "1" naar "0" weer.

De melding is nu wegxD

Bedankt voor de hulp:top:

24 mei 2012

Als ik die wijzig van "1" naar "0" en andersom blijf ik dezelfde melding krijgen...

24 mei 2012

Okee,

met wachtwoord UIT logt die gelijk in op de mijn account

met wachtwoord AAN geeft die eerst de foutmelding over username en password, daarna kan ik invoeren.

Waar is ingesteld dat die deze auto-inlog doet?

nog ff vraagje over dat "regedit" na invoeren is het goed toch? of zit er ergens een "opslaan"?

23 mei 2012

Nee, nog steeds hetzelfde...

23 mei 2012

Ik wil niet dat die automatisch inlogt met mijn wachtwoord, maar gewoon mijn inlog geeft zonder keuze voor een andere user en ik zelf mijn wachtwoord kan invoeren.xD

23 mei 2012

Ik krijg nog steeds hetzelfde scherm?! Ook de wrong username or password foutmelding vooraf.

22 mei 2012

Na de registerwijziging

Deze geeft dezelfde melding in een ander venster.

Deze is goed alleen de switch user moet nog weg.

Kan ik dit ook instellen?

22 mei 2012

Na dubbelklikken krijg ik deze melding.

21 mei 2012

Nog steeds hetzelfde, ik snap ook niet wat de inlog van het linker inlogscherm kan zijn, ook zie ik de gebruikersnaam niet.

Ik ben de administrator en gebruiker, het gastaccount is uitgeschakeld en er zijn geen andere accounts geweest.

Onder C:\Users \Default \Maurits \Openbaar

Enig idee hoe ik hier achterkom.

Het lijkt ook alsof die automatisch via de linker wil inloggen maar niet het (goede)WW heeft, daarna de foutmelding geeft en mij laat beslissen.

Kan ik ergens instellen dat mijn account automatisch geselecteerd word??

19 mei 2012

Als ik op enter druk verschijnt en verdwijnt het dos/cmd scherm.

Gister gaf deze de melding dat het pad niet goed was. Nu hetzelfde als hierboven.

ComboFix 12-05-19.01 - Maurits 19-05-2012 16:38:32.1.3 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1033.18.4095.2816 [GMT 2:00]

Gestart vanuit: c:\users\Maurits\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - Windows: deleted 192 bytes in 1 streams.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\TelevisionFanaticEI

c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\64EIPlug.dll

c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\64EZSETP.dll

c:\program files (x86)\TelevisionFanaticEI\Installr\1.bin\NP64EISb.dll

c:\windows\IsUn0413.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-04-19 to 2012-05-19 ))))))))))))))))))))))))))))))

.

2012-05-19 14:43 . 2012-05-19 14:43 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{317A41B3-D0F7-4285-AD21-5C8F83E16949}\offreg.dll

2012-05-19 05:51 . 2012-05-19 05:51 -------- d-----w- c:\users\Maurits\AppData\Roaming\Malwarebytes

2012-05-19 05:51 . 2012-05-19 05:51 -------- d-----w- c:\programdata\Malwarebytes

2012-05-19 05:51 . 2012-05-19 05:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-19 05:51 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-18 17:09 . 2012-05-18 17:09 388096 ----a-r- c:\users\Maurits\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-18 17:09 . 2012-05-18 17:09 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-18 16:31 . 2012-05-18 16:31 -------- d-----w- c:\users\Maurits\AppData\Local\Stefan_Wobbe

2012-05-18 16:30 . 2012-05-18 16:30 -------- d-----w- c:\program files (x86)\GIF Viewer

2012-05-17 22:14 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-05-13 21:11 . 2012-05-13 21:11 -------- d-----w- c:\users\Maurits\AppData\Local\Diagnostics

2012-05-13 20:40 . 2012-05-13 20:43 -------- d-----w- c:\program files (x86)\AVS4YOU

2012-05-13 20:01 . 2010-05-27 10:32 774144 ----a-w- c:\windows\SysWow64\htmlayout.dll

2012-05-13 20:01 . 2010-05-27 10:32 1003008 ----a-w- c:\windows\SysWow64\libeay32.dll

2012-05-13 20:00 . 2011-06-23 11:26 974848 ----a-w- c:\windows\SysWow64\mfc70.dll

2012-05-13 20:00 . 2011-06-23 11:26 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll

2012-05-13 20:00 . 2011-06-23 11:26 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll

2012-05-13 19:29 . 2011-11-07 15:24 34624 ----a-w- c:\windows\system32\TURegOpt.exe

2012-05-13 19:29 . 2011-11-07 15:24 25920 ----a-w- c:\windows\system32\authuitu.dll

2012-05-13 19:29 . 2011-11-07 15:24 21312 ----a-w- c:\windows\SysWow64\authuitu.dll

2012-05-13 19:28 . 2012-05-13 19:29 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012

2012-05-13 16:30 . 2012-05-13 21:12 -------- d-----w- c:\users\Maurits\AppData\Local\ElevatedDiagnostics

2012-05-13 15:16 . 2012-05-13 15:16 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

2012-05-13 04:33 . 2012-05-15 17:01 -------- d-----w- c:\users\Maurits\AppData\Roaming\AVS4YOU

2012-05-13 04:32 . 2012-05-13 20:03 -------- d-----w- c:\programdata\AVS4YOU

2012-05-13 04:30 . 2011-09-16 16:00 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll

2012-05-13 04:30 . 2012-05-13 20:43 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2012-05-13 04:30 . 2011-06-23 11:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-05-13 03:43 . 2012-05-17 08:37 -------- d-----w- c:\users\Maurits\AppData\Roaming\vlc

2012-05-10 16:43 . 2012-05-14 05:07 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite

2012-05-10 15:03 . 2012-05-10 15:03 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-05-10 15:02 . 2012-05-10 15:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-05-08 00:39 . 2012-05-08 00:39 -------- d-----w- c:\programdata\AltrixSoft

2012-05-08 00:24 . 2012-05-08 00:24 -------- d-----w- c:\users\Maurits\AppData\Roaming\Mirillis

2012-05-08 00:24 . 2012-05-08 00:24 -------- d-----w- c:\programdata\Mirillis

2012-05-08 00:24 . 2012-05-08 00:27 -------- d-----w- c:\users\Maurits\AppData\Local\Mirillis

2012-05-08 00:22 . 2012-05-08 10:28 -------- d-----w- c:\program files (x86)\Common Files\AltrixSoft

2012-05-08 00:21 . 2012-05-19 01:36 -------- d-----w- c:\users\Maurits\AppData\Roaming\Nitro PDF

2012-05-08 00:20 . 2012-04-12 03:26 17928 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-05-08 00:20 . 2012-04-12 03:26 29704 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-05-08 00:20 . 2012-05-08 00:20 -------- d-----w- c:\program files\Common Files\Nitro PDF

2012-05-08 00:20 . 2012-05-08 00:20 -------- d-----w- c:\programdata\Nitro PDF

2012-05-08 00:20 . 2012-05-08 00:20 -------- d-----w- c:\program files (x86)\Nitro PDF

2012-05-08 00:20 . 2012-05-08 00:20 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF

2012-05-08 00:19 . 2012-05-08 00:19 -------- d-----w- c:\users\Maurits\AppData\Roaming\Downloaded Installations

2012-05-06 21:45 . 2012-02-09 11:17 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92D3878B-B293-41D6-8203-F6B702BC0C2F}\gapaengine.dll

2012-05-06 21:44 . 2012-05-06 21:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-05-06 21:44 . 2012-05-06 21:44 -------- d-----w- c:\program files\Microsoft Security Client

2012-05-01 21:25 . 2012-05-01 21:25 -------- d-----w- c:\users\Maurits\AppData\Local\VS Revo Group

2012-05-01 21:25 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2012-05-01 21:25 . 2012-05-01 21:25 -------- d-----w- c:\program files\VS Revo Group

2012-04-28 18:03 . 2012-04-28 18:03 -------- d-----w- c:\programdata\YoWindow

2012-04-28 18:03 . 2012-04-28 18:03 -------- d-----w- c:\program files (x86)\YoWindow

2012-04-28 15:09 . 2012-04-28 18:30 -------- d-----w- c:\users\Maurits\AppData\Roaming\YoWindow

2012-04-26 19:59 . 2012-04-26 19:59 -------- d--h--w- c:\windows\msdownld.tmp

2012-04-26 19:45 . 2012-04-26 19:45 -------- d-----w- c:\users\Maurits\AppData\Local\Mozilla

2012-04-26 19:45 . 2012-04-26 19:45 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-26 14:29 . 2012-04-26 14:56 -------- d-----w- c:\program files (x86)\WinUtilities

2012-04-26 14:29 . 2010-07-25 20:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll

2012-04-26 14:29 . 2010-07-25 20:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx

2012-04-26 14:29 . 2010-07-25 20:23 33968 ----a-w- c:\windows\SysWow64\anim.dll

2012-04-26 14:29 . 2010-07-25 20:23 258352 ----a-w- c:\windows\SysWow64\unicows.dll

2012-04-26 14:29 . 2010-07-25 20:23 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll

2012-04-26 14:29 . 2010-07-25 20:23 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL

2012-04-26 14:29 . 2010-07-25 20:23 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL

2012-04-25 18:37 . 2012-04-25 18:37 -------- d-----w- c:\users\Maurits\AppData\Roaming\Alien Skin

2012-04-25 18:36 . 2012-04-25 18:36 -------- d-----w- c:\users\Maurits\AppData\Local\Alien Skin

2012-04-25 18:34 . 2012-04-25 18:42 -------- d-----w- c:\program files (x86)\Alien Skin

2012-04-25 18:34 . 2012-04-25 18:42 -------- d-----w- c:\programdata\Alien Skin

2012-04-25 18:11 . 2012-05-13 14:50 -------- d-----w- c:\users\Maurits\AppData\Roaming\TuneUp Software

2012-04-25 18:10 . 2012-05-13 19:27 -------- d-----w- c:\programdata\TuneUp Software

2012-04-25 18:10 . 2012-04-25 18:10 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-19 06:17 . 2012-04-02 07:51 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-19 06:17 . 2012-02-11 12:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-10 16:43 . 2012-02-19 10:15 560184 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-05-05 16:32 . 2012-04-14 00:05 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-12 03:27 . 2012-04-12 03:27 69640 ----a-w- c:\windows\SysWow64\NLSSRV32.EXE

2012-04-09 06:44 . 2012-04-09 06:44 841728 ----a-w- c:\windows\yowindow.scr

2012-03-27 15:03 . 2012-04-10 21:55 4015592 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2012-03-25 20:25 . 2012-04-10 21:36 517329 ----a-w- c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Updater.exe

2012-03-25 20:25 . 2012-04-02 22:57 517329 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Updater.exe

2012-03-20 18:44 . 2012-03-20 18:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2012-03-20 18:44 . 2012-03-20 18:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2012-03-20 08:47 . 2012-04-10 21:55 3608680 ----a-w- c:\windows\system32\RtkAPO64.dll

2012-03-19 17:01 . 2012-04-10 21:55 102504 ----a-w- c:\windows\system32\RCoInstII64.dll

2012-03-16 14:25 . 2012-04-10 21:55 2670696 ----a-w- c:\windows\system32\RtPgEx64.dll

2012-03-13 09:21 . 2012-04-10 21:55 1251432 ----a-w- c:\windows\system32\RTCOM64.dll

2012-03-08 09:47 . 2012-04-10 21:54 108640 ----a-w- c:\windows\system32\AERTAR64.dll

2012-03-08 09:47 . 2012-04-10 21:54 202336 ----a-w- c:\windows\system32\AERTAC64.dll

2012-03-07 09:09 . 2012-04-10 21:55 824424 ----a-w- c:\windows\system32\RtkApi64.dll

2012-03-01 06:54 . 2012-04-11 22:49 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:45 . 2012-04-11 22:49 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:40 . 2012-04-11 22:49 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:35 . 2012-04-11 22:49 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:49 . 2012-04-11 22:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:45 . 2012-04-11 22:49 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:40 . 2012-04-11 22:49 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-03-01 00:02 . 2012-04-10 21:33 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-03-01 00:02 . 2012-04-10 21:33 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-03-01 00:02 . 2012-04-10 21:33 25543488 ----a-w- c:\windows\system32\nvoglv64.dll

2012-03-01 00:02 . 2012-04-10 21:33 19444544 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-03-01 00:02 . 2012-04-10 21:33 13626688 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-03-01 00:02 . 2012-04-10 21:33 8008000 ----a-w- c:\windows\system32\nvcuda.dll

2012-03-01 00:02 . 2012-04-10 21:33 5892928 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-03-01 00:02 . 2012-04-10 21:33 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-03-01 00:02 . 2012-04-10 21:33 2672448 ----a-w- c:\windows\system32\nvcuvid.dll

2012-03-01 00:02 . 2012-04-10 21:33 2517312 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-03-01 00:02 . 2012-04-10 21:33 2437440 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-03-01 00:02 . 2012-04-10 21:33 25222976 ----a-w- c:\windows\system32\nvcompiler.dll

2012-03-01 00:02 . 2012-04-10 21:33 2301248 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-03-01 00:02 . 2012-04-10 21:33 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-03-01 00:02 . 2012-02-11 12:50 7713088 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-03-01 00:02 . 2012-02-11 12:50 1737536 ----a-w- c:\windows\system32\nvdispco64.dll

2012-03-01 00:02 . 2012-02-11 12:50 15009600 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-03-01 00:02 . 2012-02-11 12:50 1466176 ----a-w- c:\windows\system32\nvgenco64.dll

2012-03-01 00:02 . 2011-05-21 05:01 2660160 ----a-w- c:\windows\system32\nvapi64.dll

2012-03-01 00:02 . 2011-05-21 05:01 17642816 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-03-01 00:02 . 2009-07-13 21:59 9717568 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-02-29 21:00 . 2012-02-11 01:33 3089728 ----a-w- c:\windows\system32\nvsvc64.dll

2012-02-29 21:00 . 2012-02-11 01:33 6074176 ----a-w- c:\windows\system32\nvcpl.dll

2012-02-29 20:59 . 2012-02-11 01:33 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-02-29 20:59 . 2012-02-11 01:33 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-02-29 20:59 . 2012-02-11 01:33 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-02-29 20:59 . 2012-02-11 01:33 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-02-29 11:26 . 2012-02-29 11:26 416064 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-02-28 06:56 . 2012-04-11 22:52 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-11 22:52 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-11 22:52 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-11 22:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-11 22:52 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-11 22:52 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-11 22:52 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-11 22:52 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-23 08:18 . 2012-02-11 10:55 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-21 17:45 . 2012-04-10 21:55 2605400 ----a-w- c:\windows\system32\WavesGUILib.dll

2012-02-21 12:26 . 2012-04-10 21:54 2528832 ----a-w- c:\windows\system32\FMAPO64.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Maurits\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Maurits\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Maurits\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Rapoo 9200"="c:\program files (x86)\Rapoo\9200\9200_Mouse.exe" [2010-12-29 2622464]

"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]

.

c:\users\Maurits\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Maurits\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-19 257696]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE [2012-04-12 69640]

R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-04-12 204296]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-11-07 2072896]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-31 11856]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:17]

.

2012-05-19 c:\windows\Tasks\AutoKMS.job

- c:\autokms\AutoKMS.exe [2012-02-22 10:51]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Maurits\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Maurits\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Maurits\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Maurits\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-05-03 324096]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\SYSTEM32\blank.htm

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: &Verzenden naar OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Maurits\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Maurits\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 192.168.2.254

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

FF - ProfilePath - c:\users\Maurits\AppData\Roaming\Mozilla\Firefox\Profiles\xcy2vzk6.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/

FF - prefs.js: network.proxy.type - 0

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-05-19 16:48:23 - machine werd herstart

ComboFix-quarantined-files.txt 2012-05-19 14:48

.

Pre-Run: 187.171.438.592 bytes beschikbaar

Post-Run: 186.800.795.648 bytes beschikbaar

.

- - End Of File - - B16742B43AFBF1AFC6D13FB50E83C209

19 mei 2012

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Databaseversie: v2012.05.19.01

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Maurits :: MAURITS-PC [administrator]

19-5-2012 7:52:31

mbam-log-2012-05-19 (07-52-31).txt

Scantype: Snelle scan

Uitgeschakelde scanopties: P2P

Objecten gescand: 222365

Verstreken tijd: 2 minuut/minuten, 15 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 7

HKCR\CLSID\{E81FDB4B-D5DC-4FB8-A45C-F16F425A9F7C} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E81FDB4B-D5DC-4FB8-A45C-F16F425A9F7C} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E81FDB4B-D5DC-4FB8-A45C-F16F425A9F7C} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E81FDB4B-D5DC-4FB8-A45C-F16F425A9F7C} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432} (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.

Mappen gedetecteerd: 6

C:\ProgramData\wxDfast (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\wxDfast\data (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 13

C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\wxDfast\bccldkoinakjmmgebambiaggjobhikfg.crx (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\wxDfast\bhoclass.dll (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\wxDfast\uninstall.exe (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\wxDfast\data\content.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\wxDfast\data\jsondb.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\copyright.txt (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_hpk.dat (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\Maurits\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf.dat (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:07:13, on 19-5-2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Maurits\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Rapoo\9200\9200_Mouse.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Maurits\Desktop\PC\PC Ondersteuning\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [Rapoo 9200] C:\Program Files (x86)\Rapoo\9200\9200_Mouse.exe

O4 - HKLM\..\Run: [smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc

O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-170646364-2789801469-835165156-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-170646364-2789801469-835165156-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = Maurits\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube Download - C:\Users\Maurits\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Maurits\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--

End of file - 9499 bytes

18 mei 2012

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:14:26, on 18-5-2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Maurits\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Rapoo\9200\9200_Mouse.exe

C:\Users\Maurits\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Babylon Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Babylon Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Babylon Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: wxDfast - {E81FDB4B-D5DC-4FB8-A45C-F16F425A9F7C} - C:\ProgramData\wxDfast\bhoclass.dll

O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)