Ga naar inhoud

pauwhoven

Lid
  • Items

    20
  • Registratiedatum

  • Laatst bezocht

pauwhoven's prestaties

  1. Kreeg combofix moeilijk opgestart. Eerst wilde het slepen van kladblok niet lukken. ComboFix 12-03-04.02 - Wilma 11-03-2012 10:43:26.7.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4504 [GMT 1:00] Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe gebruikte Opdracht switches :: d:\gebruikers\Wilma\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . - VERMINDERDE FUNCTIONALITEIT MODUS - . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))) . . 2012-03-11 09:44 . 2012-03-11 09:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-11 08:47 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E506373-FD9D-498A-A0BB-7CCDE1BD153E}\mpengine.dll 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital 2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters 2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz 2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys 2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll 2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll 2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-03 08:16 . 2012-03-11 09:47 56982 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-11 09:47 32316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-06-01 16:33 . 2012-03-11 09:47 12578 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin - 2010-06-01 16:02 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-01 16:02 . 2012-03-10 15:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-01 16:02 . 2012-03-06 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-06-01 16:02 . 2012-03-10 15:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-10 15:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-11 09:45 . 2012-03-11 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-11 09:45 . 2012-03-11 09:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat + 2009-07-14 09:16 . 2012-03-11 08:41 706604 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-11 08:41 621036 c:\windows\system32\perfh009.dat + 2009-07-14 09:16 . 2012-03-11 08:41 135626 c:\windows\system32\perfc013.dat - 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-03-11 08:41 108256 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-03-11 09:44 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-05 23:58 . 2012-03-09 04:43 1440732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-12288.dat + 2010-07-14 22:44 . 2012-03-11 09:44 28937832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat + 2011-06-27 22:26 . 2012-03-11 09:44 26418768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R2 nlsX86cc;Nalpeiron Licensing Service; [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Inhoud van de 'Gedeelde Taken' map . 2012-03-10 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18] . 2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-11 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\SYSTEM32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: microsoft.com\oas.support Trusted Zone: microsoft.com\support Trusted Zone: nero.com TCP: DhcpNameServer = 192.168.2.254 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\ user_pref('extensions.dealply.partner', 'vita'); user_pref('extensions.dealply.channel', 'vitasuperfiles'); user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '2'); . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac . ************************************************************************** . Voltooingstijd: 2012-03-11 10:51:53 - machine werd herstart ComboFix-quarantined-files.txt 2012-03-11 09:51 ComboFix2.txt 2012-03-10 09:11 ComboFix3.txt 2012-03-08 11:35 ComboFix4.txt 2012-03-06 18:10 ComboFix5.txt 2012-03-11 09:42 . Pre-Run: 19.861.708.800 bytes beschikbaar Post-Run: 19.909.300.224 bytes beschikbaar . - - End Of File - - 7ADA361EC0C0A585589A0468A934B6AA Krijg dit bericht als combofix wordt opgestart.
  2. Hallo, Ik kan CFScript.txt nergens vinden. Als ik dit in mijn verkenner typ geeft hij aan dat het gewijzigd of verplaats is. Maar ik heb dit zelf niet gedaan. Wat nu. Groetjes Wilma
  3. ComboFix 12-03-04.02 - Wilma 10-03-2012 10:03:02.6.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4553 [GMT 1:00] Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . - VERMINDERDE FUNCTIONALITEIT MODUS - . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))) . . 2012-03-10 09:04 . 2012-03-10 09:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-09 11:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4383741B-6F50-409C-B79D-454CA86EC479}\mpengine.dll 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital 2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters 2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz 2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys 2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll 2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-03 08:16 . 2012-03-10 09:07 56816 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-10 09:07 32316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-06-01 16:33 . 2012-03-10 09:07 12530 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin - 2010-06-01 16:02 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-01 16:02 . 2012-03-08 15:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-01 16:02 . 2012-03-06 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-06-01 16:02 . 2012-03-08 15:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-08 15:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-10 09:05 . 2012-03-10 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-10 09:05 . 2012-03-10 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat + 2009-07-14 09:16 . 2012-03-09 19:03 706604 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-09 19:03 621036 c:\windows\system32\perfh009.dat + 2009-07-14 09:16 . 2012-03-09 19:03 135626 c:\windows\system32\perfc013.dat - 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-03-09 19:03 108256 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-03-10 09:04 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-05 23:58 . 2012-03-09 04:43 1440732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-12288.dat + 2010-07-14 22:44 . 2012-03-10 09:04 28937832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat + 2011-06-27 22:26 . 2012-03-10 09:04 26418768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R2 nlsX86cc;Nalpeiron Licensing Service; [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Inhoud van de 'Gedeelde Taken' map . 2012-03-09 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-10 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\SYSTEM32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: microsoft.com\oas.support Trusted Zone: microsoft.com\support Trusted Zone: nero.com TCP: DhcpNameServer = 192.168.2.254 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\ user_pref('extensions.dealply.partner', 'vita'); user_pref('extensions.dealply.channel', 'vitasuperfiles'); user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '2'); . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac . ************************************************************************** . Voltooingstijd: 2012-03-10 10:11:13 - machine werd herstart ComboFix-quarantined-files.txt 2012-03-10 09:11 ComboFix2.txt 2012-03-08 11:35 ComboFix3.txt 2012-03-06 18:10 ComboFix4.txt 2012-03-06 13:16 ComboFix5.txt 2012-03-10 09:02 . Pre-Run: 20.172.820.480 bytes beschikbaar Post-Run: 19.973.881.856 bytes beschikbaar . - - End Of File - - 61A1A8FDA7B6909C0D65FD53B714187D Ik weet niet hoe ik je kan bedanken voor je hulp. Klopt het dat ik de waarschuwing krijg van dat de proef van combofix voorbij is en ik heb nu voor beperkte service gekozen. Groetjes Wilma
  4. Ik krijg dit maar kan reset niet vinden en verwijderen lukt niet
  5. ComboFix 12-03-04.02 - Wilma 08-03-2012 12:23:38.5.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4411 [GMT 1:00] Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))) . . 2012-03-08 11:27 . 2012-03-08 11:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-08 07:59 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D35548E7-D698-410B-87D0-C18397AA66D8}\mpengine.dll 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital 2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters 2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz 2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys 2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll 2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-03 08:16 . 2012-03-08 11:30 56628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-08 11:30 32308 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-06-01 16:33 . 2012-03-08 11:30 12482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin + 2010-06-01 16:02 . 2012-03-07 08:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-01 16:02 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-01 16:02 . 2012-03-07 08:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-06-01 16:02 . 2012-03-06 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-07 08:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-08 11:28 . 2012-03-08 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-08 11:28 . 2012-03-08 11:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 09:16 . 2012-03-08 07:54 706604 c:\windows\system32\perfh013.dat - 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-08 07:54 621036 c:\windows\system32\perfh009.dat + 2009-07-14 09:16 . 2012-03-08 07:54 135626 c:\windows\system32\perfc013.dat - 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-03-08 07:54 108256 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-03-08 11:27 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-05 23:58 . 2012-03-07 22:35 1415940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-12288.dat - 2010-11-05 23:58 . 2012-03-02 21:41 1415940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-12288.dat + 2010-07-14 22:44 . 2012-03-08 11:27 28901456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat + 2011-06-27 22:26 . 2012-03-08 11:27 26312012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R2 nlsX86cc;Nalpeiron Licensing Service; [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Inhoud van de 'Gedeelde Taken' map . 2012-03-07 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18] . 2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-08 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\SYSTEM32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: microsoft.com\oas.support Trusted Zone: microsoft.com\support Trusted Zone: nero.com TCP: DhcpNameServer = 192.168.2.254 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\ user_pref('extensions.dealply.partner', 'vita'); user_pref('extensions.dealply.channel', 'vitasuperfiles'); user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '2'); . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe . ************************************************************************** . Voltooingstijd: 2012-03-08 12:35:02 - machine werd herstart ComboFix-quarantined-files.txt 2012-03-08 11:35 ComboFix2.txt 2012-03-06 18:10 ComboFix3.txt 2012-03-06 13:16 ComboFix4.txt 2012-03-06 12:44 . Pre-Run: 20.972.441.600 bytes beschikbaar Post-Run: 21.056.069.632 bytes beschikbaar . - - End Of File - - 5C3921551498E67A7AF521F5BB4CCDDF Mijn register booster geeft deze fouten aan. Wat moet ik daar mee? Repareren? Groetjes Wilma [h=1]Scanresultaten[/h]Scandatum: 2012-03-08 12:58:47 Totaal aantal gevonden problemen: 59 Systeemgerelateerde foutenFouten die van invloed zijn op alle gebruikers op deze computer. Scansubsectie: Toepassingpaden Gevonden vermeldingen: 0 Scansubsectie: Instellingen systeemsoftware Gevonden vermeldingen: 0 Scansubsectie: ActiveX-, OLE-, COM-secties Gevonden vermeldingen: 6 De standaardwaarde in HKEY_CLASSES_ROOT/CLSID/{CC1AC828-BB47-4361-AFB5-96EEE259DD87}/InprocServer32 verwijst naar het ontbrekende bestand C:/PROGRA~2/WIA6EB~1/Datamngr/x64/IEBHO.dll De standaardwaarde in HKEY_CLASSES_ROOT/CLSID/{FEFD3AF5-A346-4451-AA23-A3AD54915515}/InprocServer32 verwijst naar het ontbrekende bestand C:/PROGRA~2/WIA6EB~1/Datamngr/x64/DnsBHO.dll De standaardwaarde in HKEY_CLASSES_ROOT/CLSID/{9D717F81-9148-4f12-8568-69135F087DB0}/InprocServer32 verwijst naar het ontbrekende bestand C:/PROGRA~2/WIA6EB~1/Datamngr/x64/BROWSE~1.DLL De standaardwaarde in HKEY_CLASSES_ROOT/TypeLib/{841D5A49-E48D-413C-9C28-EB3D9081D705}/1.0/0/win32 verwijst naar het ontbrekende bestand C:/PROGRA~2/WIA6EB~1/Datamngr/DnsBHO.dll De standaardwaarde in HKEY_CLASSES_ROOT/TypeLib/{5B4144E1-B61D-495A-9A50-CD1A95D86D15}/1.0/0/win32 verwijst naar het ontbrekende bestand C:/PROGRA~2/WIA6EB~1/Datamngr/BROWSE~1.DLL De standaardwaarde in HKEY_CLASSES_ROOT/TypeLib/{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}/1.0/0/win32 verwijst naar het ontbrekende bestand C:/PROGRA~2/WIA6EB~1/Datamngr/IEBHO.dll Scansubsectie: Ongeldige bestandskoppelingen Gevonden vermeldingen: 2 De sleutel HKEY_CLASSES_ROOT\SearchQUIEHelper.DNSGuard\CLSID verwijst naar een ontbrekende CLSID {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} De sleutel HKEY_CLASSES_ROOT\SearchQUIEHelper.DNSGuard.1\CLSID verwijst naar een ontbrekende CLSID {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} Scansubsectie: Systeemdrivers Gevonden vermeldingen: 1 De waarde ImagePath in HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/catchme bevat een ongeldig pad /??/C:/ComboFix/catchme.sys Scansubsectie: Opstartsectie Gevonden vermeldingen: 0 Scansubsectie: Gemeenschappelijke DLL's Gevonden vermeldingen: 0 Scansubsectie: Lettertypesectie Gevonden vermeldingen: 0 Scansubsectie: Help-sectie Gevonden vermeldingen: 0 Scansubsectie: Gedeelde mappen Gevonden vermeldingen: 0 Gebruikergerelateerde foutenFouten specifiek voor uw Windows-account. Scansubsectie: Ongeldige snelkoppelingen Gevonden vermeldingen: 33 Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Canon/MP Navigator EX V30/history/ap/hstr_0002.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/2564 Frames.png.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/3 jarigen.ppsx.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/3 jarigen.pptx.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/Frame (1276).png.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/Frame (26).gif.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/Frame (74).gif.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/Gé.jpg.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/KADERS BLOEMEN 03 (2).png.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/Naamloos-1.png.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Office/Recent/truus.jpg.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/3 jarigen.ppsx.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/3 jarigen.pptx.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/BILD0054.JPG.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/BILD0065.JPG.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/BILD0083.JPG.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/BILD6445.JPG.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/BILD6458.JPG.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/BILD6460.JPG.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/certificaat.pptx.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/CFScript.txt.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/dossier Ann crols.docx.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/f72f4de35b62f646f6a7a265ec2d6e10cGlyYXRlIGJheS5wc2Q=.psd.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/felicitatie uitdaging.ppsx.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/Frame (26).gif.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/Frame (74).gif.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/ScraddTown.rar.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/Scraehaving.part06.1.rar.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/Scraehaving.part09.1.rar.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/Scraehaving.zip.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/ScrantageRoses.vol31+32.par2.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/Scrap kit of La Cenerentola by Priss Designs & Miss Behaving.lnk Ongeldige snelkoppelingC:/Users/Wilma/AppData/Roaming/Microsoft/Windows/Recent/scrap Voorjaar.jpg.lnk Scansubsectie: Software-instellingen gebruiker Gevonden vermeldingen: 16 De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Foxit Software/Foxit Reader/Recent File List bevat een ongeldig pad C:/Users/Wilma/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/MCVG6TSW/Ik Ben Blij dat Ik Je niet Vergeten Ben.pdf De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Foxit Software/Foxit Reader/Recent File List bevat een ongeldig pad C:/Users/Wilma/AppData/Local/Temp/Temp1_pdf_contactsheet.zip/pdf contactsheet/Durdauwers 2011.pdf De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Microsoft/MediaPlayer/Services/MediaGuide bevat een ongeldig pad C:/Users/Wilma/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/TOK53WXT/mg4_wmp12_30x30_2[1].png De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Microsoft/MediaPlayer/Services/MediaGuide bevat een ongeldig pad C:/Users/Wilma/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/IL79I8YM/media_guide_16x16[1].png De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Microsoft/Office/14.0/Common/Internet bevat een ongeldig pad D:/Gebruikers/Wilma/Desktop/3 jarigen.ppsx De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Microsoft/Internet Explorer/Main bevat een ongeldig pad C:/Windows/SYSTEM32/blank.htm De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Microsoft/MPEG2Demultiplexer bevat een ongeldig pad c:/dm.capture/ De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Ahead/Nero - Burning Rom/Settings bevat een ongeldig pad D:/Gebruikers/Wilma/Documents/downloads films en muziek/Johnny English (2003) De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/AppDataLow/Software/Adobe/Shockwave 11/location/coreplayerxtras bevat een ongeldig pad C:/Windows/system32/Adobe/Shockwave 11/xtras/ De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/AppDataLow/Software/Adobe/Shockwave 11/location/common bevat een ongeldig pad C:/Windows/system32/Adobe/ De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/AppDataLow/Software/Adobe/Shockwave 11/location/flash bevat een ongeldig pad C:/Windows/system32/Adobe/ De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/AppDataLow/Software/Adobe/Shockwave 11/location/coreplayer bevat een ongeldig pad C:/Windows/system32/Adobe/Shockwave 11/ De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Malwarebytes' Anti-Malware bevat een ongeldig pad C:/|D:/| De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Canon/MP Navigator EX/3.0/MP990 series/Folders bevat een ongeldig pad C:/Users/Wilma/AppData/Roaming/Canon/MP Navigator EX V30/temp/scan De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Adobe/MediaBrowser/MRU/Photoshop/FileList/2012-03-03T18:16:22.54679Z bevat een ongeldig pad D:/Gebruikers/Wilma/Desktop/f72f4de35b62f646f6a7a265ec2d6e10cGlyYXRlIGJheS5wc2Q=.psd De waarde PackagePath in HKEY_CURRENT_USER/SOFTWARE/Adobe/MediaBrowser/MRU/Photoshop/FileList/2012-03-03T18:16:22.32378Z bevat een ongeldig pad D:/Gebruikers/Wilma/Desktop/f72f4de35b62f646f6a7a265ec2d6e10cGlyYXRlIGJheS5wc2Q=.psd Scansubsectie: Bestandsextensies Gevonden vermeldingen: 1 De sleutel .tmp onder HKEY_USERS\S-1-5-21-2198332262-1327379940-2121351170-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp bevat een foutief pad voor de waarde Scansubsectie: Geluids- en toepassingsgebeurtenissen Gevonden vermeldingen: 0 Aan derden gerelateerdeFouten die van invloed zijn op de geïnstalleerd programma’s van uw pc. Scansubsectie: Deïnstalleer-sectie Gevonden vermeldingen: 0
  6. Bedankt voor de hulp tot nu toe. Ik heb dealply verwijderd. Is er verder nog iets wat ik moet doen? Groetjes Wilma
  7. Wat late reactie,maar ik was bijna de hele dag weg. De extensie dealply zegt me niets en waarvoor wordt die eigenlijk gebruikt? Is firefox dan niet goed? En waar kan ik dat bestand vinden en verwijderen? Groetjes Wilma
  8. ComboFix 12-03-04.02 - Wilma 06-03-2012 18:58:51.4.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4365 [GMT 1:00] Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe gebruikte Opdracht switches :: d:\gebruikers\Wilma\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))) . . 2012-03-06 18:02 . 2012-03-06 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital 2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters 2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz 2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys 2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll 2012-02-24 10:29 . 2012-03-06 10:30 -------- d-----w- c:\program files (x86)\DealPly 2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-03 08:16 . 2012-03-06 18:05 56414 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-06 18:05 32276 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-06-01 16:33 . 2012-03-06 13:21 12450 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin + 2010-06-01 16:02 . 2012-03-06 14:35 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-06-01 16:02 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-06-01 16:02 . 2012-03-06 14:35 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-06-01 16:02 . 2012-03-06 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-03-06 14:35 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-03-06 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-06 18:03 . 2012-03-06 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-06 18:03 . 2012-03-06 18:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 09:16 . 2012-03-06 13:25 706604 c:\windows\system32\perfh013.dat - 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-06 13:25 621036 c:\windows\system32\perfh009.dat - 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat + 2009-07-14 09:16 . 2012-03-06 13:25 135626 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-03-06 13:25 108256 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-03-06 18:03 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-07-14 22:44 . 2012-03-06 18:03 28853600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat - 2010-07-14 22:44 . 2012-03-06 12:36 28853600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat + 2011-06-27 22:26 . 2012-03-06 18:03 26211548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R2 nlsX86cc;Nalpeiron Licensing Service; [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Inhoud van de 'Gedeelde Taken' map . 2012-03-06 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-06 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\SYSTEM32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: microsoft.com\oas.support Trusted Zone: microsoft.com\support Trusted Zone: nero.com TCP: DhcpNameServer = 192.168.2.254 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\ user_pref('extensions.dealply.partner', 'vita'); user_pref('extensions.dealply.channel', 'vitasuperfiles'); user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '2'); . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe . ************************************************************************** . Voltooingstijd: 2012-03-06 19:10:26 - machine werd herstart ComboFix-quarantined-files.txt 2012-03-06 18:10 ComboFix2.txt 2012-03-06 13:16 ComboFix3.txt 2012-03-06 12:44 . Pre-Run: 19.434.844.160 bytes beschikbaar Post-Run: 19.161.157.632 bytes beschikbaar . - - End Of File - - B3B52CA48542CBA43432733D16FEB644 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:21:40, on 6-3-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe D:\Gebruikers\Wilma\Downloads\HijackThis.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - Global Startup: Camera Monitor HD.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.nero.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - (no file) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9558 bytes Ik hoop dat ik alles goed gedaan heb. Ik heb het in kladblok moeten hernoemen , want in het uitrolmenu stond de optie cfsript niet bij. Het bestand in combifix slepen ging niet, maar wel combifix naar het tekst bestand. Toen begon het programma te werken. Ik hoor het wel. Bedankt alvast tot zover. Ps. Ik werk als ambassadeur vooe her seniorweb. Kan ik daar gewoon even met doorgaag? Groetjes Wilma
  9. ComboFix 12-03-04.02 - Wilma 06-03-2012 14:05:00.3.8 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6135.4484 [GMT 1:00] Gestart vanuit: d:\gebruikers\Wilma\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))) . . 2012-03-06 13:09 . 2012-03-06 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-06 13:03 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A962B36-4716-4840-8FD8-32362FB6BBC2}\mpengine.dll 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\users\Wilma\AppData\Roaming\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\programdata\Malwarebytes 2012-03-05 20:18 . 2012-03-05 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-05 20:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-04 22:22 . 2012-03-04 22:22 -------- d-----w- c:\users\Wilma\AppData\Roaming\NeroDigital 2012-02-26 20:19 . 2012-03-02 12:20 -------- d-----w- c:\programdata\boost_interprocess 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\programdata\UAB 2012-02-26 18:18 . 2012-02-26 18:18 -------- d-----w- c:\users\Wilma\AppData\Local\PC_Drivers_Headquarters 2012-02-26 18:17 . 2012-02-26 18:17 -------- d-----w- c:\program files (x86)\Driver Whiz 2012-02-25 10:24 . 2011-07-13 12:59 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys 2012-02-25 10:24 . 2011-07-13 12:59 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys 2012-02-25 10:23 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-02-25 10:23 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll 2012-02-24 11:00 . 2012-02-24 11:00 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-02-24 11:00 . 2012-02-24 11:00 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\Plugins\npdeployJava1.dll 2012-02-24 10:30 . 2012-02-16 15:12 801752 ----a-w- c:\program files (x86)\Mozilla Firefox\sqlite3.dll 2012-02-24 10:29 . 2012-03-06 10:30 -------- d-----w- c:\program files (x86)\DealPly 2012-02-23 14:31 . 2012-02-16 15:12 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll 2012-02-23 14:31 . 2012-02-16 10:41 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll 2012-02-23 14:31 . 2012-02-16 10:41 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll 2012-02-23 14:31 . 2012-02-16 10:41 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll 2012-02-16 08:49 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-16 08:49 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll 2012-02-16 08:49 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-02-16 08:49 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-02-16 08:49 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-02-16 08:49 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys 2012-02-16 08:49 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-16 08:49 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll 2012-02-10 09:31 . 2012-02-10 09:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A29FD7B2-02AD-414C-A482-4CA68456EBB4}\gapaengine.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-24 11:00 . 2010-06-13 11:22 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-24 10:27 . 2012-01-09 09:35 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-16 12:01 . 2010-06-13 11:23 525544 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-08 07:13 . 2011-06-16 07:49 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-01-31 12:44 . 2010-06-01 16:20 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-03-06_12.38.47 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-03 08:16 . 2012-03-06 13:12 56184 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-03-06 13:12 32244 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-06-01 16:33 . 2012-03-06 12:51 12450 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2198332262-1327379940-2121351170-1001_UserData.bin - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-03-06 13:10 . 2012-03-06 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-06 12:38 . 2012-03-06 12:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-06 13:10 . 2012-03-06 13:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 09:16 . 2012-03-06 12:54 706604 c:\windows\system32\perfh013.dat - 2009-07-14 09:16 . 2012-03-06 07:31 706604 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-03-06 07:31 621036 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-03-06 12:54 621036 c:\windows\system32\perfh009.dat + 2009-07-14 09:16 . 2012-03-06 12:54 135626 c:\windows\system32\perfc013.dat - 2009-07-14 09:16 . 2012-03-06 07:31 135626 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-03-06 12:54 108256 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-03-06 07:31 108256 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-03-06 13:09 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-03-06 12:36 655728 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-07-14 22:44 . 2012-03-06 13:09 28853600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat - 2010-07-14 22:44 . 2012-03-06 12:36 28853600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-8192.dat + 2011-06-27 22:26 . 2012-03-06 13:09 26197962 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat - 2011-06-27 22:26 . 2012-03-06 12:36 26197962 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2198332262-1327379940-2121351170-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-07-15 1485096] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Camera Monitor HD.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe [2010-8-30 541976] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R2 nlsX86cc;Nalpeiron Licensing Service; [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 135664] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-09-27 240232] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2010-06-13 44088] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] 2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe . Inhoud van de 'Gedeelde Taken' map . 2012-03-06 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-01 10:18] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-24 11:48] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001Core.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2198332262-1327379940-2121351170-1001UA.job - c:\users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29 09:45] . 2012-03-06 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-07 08:26] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] c:\progra~2\WIA6EB~1\Datamngr\x64\BROWSE~1.DLL [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\SYSTEM32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm Trusted Zone: microsoft.com\oas.support Trusted Zone: microsoft.com\support Trusted Zone: nero.com TCP: DhcpNameServer = 192.168.2.254 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\Wilma\AppData\Roaming\Mozilla\Firefox\Profiles\rpo6zsgk.default\ FF - prefs.js: browser.search.selectedEngine - Search Results FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102 FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=102&sr=0&q= user_pref('extensions.dealply.partner', 'vita'); user_pref('extensions.dealply.channel', 'vitasuperfiles'); user_pref('extensions.dealply.installId', 'v23500235515865632970452012022411295722'); user_pref('extensions.dealply.installIdSource', 'inst'); user_pref('extensions.dealply.sampleGroup', '2'); . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe . ************************************************************************** . Voltooingstijd: 2012-03-06 14:16:23 - machine werd herstart ComboFix-quarantined-files.txt 2012-03-06 13:16 ComboFix2.txt 2012-03-06 12:44 . Pre-Run: 19.728.195.584 bytes beschikbaar Post-Run: 19.429.404.672 bytes beschikbaar . - - End Of File - - 4260D9800F1CB0C3C78297D8718C08E5 Dag kweezie Wabbit Ik ben me rot geschrokken, het programma ging geheel zijn eigen weg, er werd niet gvraagd om de computer opnieuw op te starten. Het starte vanzelf opnieuw op, ik kon het logboek niet verzenden naar jullie toe. Kon geen verbinding meer krijgen en ook geen verbinding meer maken met internet. Ik heb toen de computer opnieuw opgestart en het programma opnieuw laten uitvoeren. Dit is in feite het 2e log bestand. Ik laat jullie dit even weten voordat een ander er zich er een ongeluk van schrikt. Tot nu toe heb ik niet het idee dat er iets niet meer goed werkt. Tot zover dit bericht. Groetjes Wilma PS.Was mijn computer dan besmet?
  10. Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.03.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wilma :: MAN-PC [administrator] 5-3-2012 21:21:58 mbam-log-2012-03-05 (21-21-58).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 199597 Verstreken tijd: 4 minuut/minuten, 3 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:36:16, on 5-3-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe D:\Gebruikers\Wilma\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost #[iPv6] O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Google Update] "C:\Users\Wilma\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Camera Monitor HD.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.nero.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploader5.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - (no file) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10292 bytes Tot zover de logs Ik heb de computer niet opnieuw hoeven opstarten omdat er niets gevonden werd. Groetjes Wilma
  11. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:59:04, on 5-3-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\PIXELA\Everio MediaBrowser HD Edition \MBCameraMonitor.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager \CS5ServiceManager.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe D:\Gebruikers\Wilma\Downloads\HijackThis.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows \SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C: \PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C: \PROGRA~2\WIA6EB~1\Datamngr\BROWSE~1.DLL O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C: \Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C: \PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe \SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files \Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files \ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM \1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office \Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java \Java Update\jusched.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp \NBAgent.exe" /WinStart O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WIA6EB~1\Datamngr \DATAMN~1.EXE O4 - HKCU\..\Run: [Google Update] "C:\Users\Wilma\AppData\Local\Google \Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Global Startup: Camera Monitor HD.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion \companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer \WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer \WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081- 5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849- EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office \Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1- 9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office \Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.nero.com O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://verkopen.marktplaats.nl/js/widgets/imageUploader/aurigma/5_7_24_0/ImageUploade r5.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\WIA6EB~1\Datamngr\datamngr.dll C: \PROGRA~2\WIA6EB~1\Datamngr\IEBHO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C: \Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C: \Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C: \Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google \Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows \system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows \System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - (no file) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows \system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C: \Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C: \Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C: \Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C: \Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player \wmpnetwk.exe (file missing) -- End of file - 10973 bytes groetjes Wilma
  12. Bedankt Kweezie wabbit. Dit was de oplossing, alles werkt nu weer. Ik ben hier erg blij mee!! Iedereen bedankt vor jullie hulp. Hartelijke groeten Wilma
  13. Ik heb al eerder aangegeven dat ik de dvd gekocht had en ik heb gisteren alle oude versie's verwijderd en de cc cleaner er weer overheen laten gaan. Helaas heeft het de oplossing nog niet gebracht. Ik kan niet de dvd uploaden omdat mijn computer geen contact maakt met nero.com. Niet vanuit het programma en niet via de browser. Natuurlijk volg ik jullie raad op!! Het is net of iets in mijn computer de site van nero blokkeert. Groetjes Wilma
  14. Ik heb al eerder aangegeven dat ook de linken die je erin geplakt hebben niet werken bij mij. Kan geen contact leggen met nero .com Krijg dan dit bericht bijlage 1 Als ik naar control ga in nero en op update klik zoekt hij naar de updates en dan krijg ik dit bericht in bijlage 2 Ik heb de oude neros nog niet verwijderd omdat ik dan bang ben dat ik niets meer kan. Ik dacht dat de nieuw nero 11 alles zou overschrijven. Ik heb al in andere forums gelezen dat er meeerdere zijn die hier mee worstelen. En je kunt alleen in het engels reageren in een email en dat beheers ik niet genoeg. Daarom die hotline gebeld. Groetjes Wilma PS. Als ik de oide Nero verwijder heb ik dan geen verwijder tools nodig?
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.