Ga naar inhoud

dasjka

Lid
  • Items

    26
  • Registratiedatum

  • Laatst bezocht

dasjka's prestaties

  1. Het is gefixt, heb windows 7 opnieuw geïnstalleerd. Toch bedankt voor de hulp, tof dat jullie er zoveel tijd en werk in steken, chapeau!! Dus nog ne dikke merci, en ik weet waar ik de volgende keer moet zijn met m'n pc-probs:D
  2. Sterker nog, heb net nog gecheckt, nu is er geen systeemherstelpunt meer? Ik kan het allemaal niet meer volgen.
  3. Nee, geloof mij, ik spring eerst een gat in de lucht en daarna kom ik het hier met veel enthousiasme verkondigen:-)
  4. ComboFix 12-09-16.01 - Dasjka 17/09/2012 13:23:57.2.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1506 [GMT 2:00] Gestart vanuit: C:\Users\Dasjka\Desktop\ComboFix.exe gebruikte Opdracht switches :: C:\Users\Dasjka\Desktop\CFScript.txt AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\found.000 C:\found.000\file0000.chk C:\ProgramData\InstallMate C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\_Setup.dll C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.exe C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.ico C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\TsuDll.dll C:\ProgramData\InstallMate\7AC35F52\cfg\1.ini C:\ProgramData\InstallMate\7AC35F52\cfg\2.ini C:\ProgramData\InstallMate\7AC35F52\cfg\2_1.ini C:\ProgramData\InstallMate\7AC35F52\cfg\4.ini C:\ProgramData\InstallMate\7AC35F52\cfg\4_1.ini C:\ProgramData\InstallMate\7AC35F52\cfg\5.ini C:\ProgramData\InstallMate\7AC35F52\cfg\6.ini C:\ProgramData\InstallMate\7AC35F52\cfg\7.ini C:\ProgramData\InstallMate\7AC35F52\cfg\8.ini C:\ProgramData\InstallMate\7AC35F52\cfg\8_1.ini C:\ProgramData\InstallMate\7AC35F52\cfg\8_1_1.ini C:\ProgramData\InstallMate\E2A466DA\cfg\1.ini C:\ProgramData\InstallMate\E2A466DA\cfg\2.ini C:\ProgramData\InstallMate\E2A466DA\cfg\2_1.ini C:\ProgramData\InstallMate\E2A466DA\cfg\4.ini C:\ProgramData\InstallMate\E2A466DA\cfg\4_1.ini C:\ProgramData\InstallMate\E2A466DA\cfg\5.ini C:\ProgramData\InstallMate\E2A466DA\cfg\6.ini C:\ProgramData\InstallMate\E2A466DA\cfg\7.ini C:\ProgramData\InstallMate\E2A466DA\cfg\8.ini C:\ProgramData\InstallMate\E2A466DA\cfg\8_1.ini C:\ProgramData\OptimizerPro1 ---- Voorgaande Run ------- C:\ProgramData\Bcool\settings.ini C:\ProgramData\Bcool\uninstall.exe C:\Windows\SysWow64\Packet.dll C:\Windows\SysWow64\reghmf.exe C:\Windows\SysWow64\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF (((((((((((((((((((( Bestanden Gemaakt van 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))) 2012-09-17 11:29:19 . 2012-09-17 11:29:19 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2012-09-17 11:29:19 . 2012-09-17 11:29:19 -------- d-----w- C:\Users\UpdatusUser.Dasjka-PC\AppData\Local\temp 2012-09-17 11:29:19 . 2012-09-17 11:29:19 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2012-09-17 11:29:19 . 2012-09-17 11:29:19 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-09-17 09:26:49 . 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-16 13:03:16 . 2012-09-16 13:27:10 -------- d-----w- C:\Users\Dasjka\DoctorWeb 2012-09-16 12:05:42 . 2012-09-16 12:05:42 119808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll 2012-09-16 12:05:38 . 2012-09-16 12:05:38 -------- d-----w- C:\Program Files (x86)\Google 2012-09-16 11:25:12 . 2012-09-16 11:25:12 -------- d-----w- C:\Temp 2012-09-16 08:39:27 . 2012-09-16 08:39:27 -------- d-----w- C:\Windows\system32\drivers\N360x64 2012-09-15 18:27:42 . 2012-09-15 18:27:42 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\ImgBurn 2012-09-15 18:20:51 . 2012-09-15 18:20:51 -------- d-----w- C:\Program Files (x86)\ImgBurn 2012-09-15 13:03:51 . 2012-08-21 09:12:02 285328 ----a-w- C:\Windows\system32\aswBoot.exe 2012-09-15 13:03:29 . 2012-09-15 13:03:29 -------- d-----w- C:\Program Files\AVAST Software 2012-09-14 19:28:30 . 2012-09-14 19:28:30 -------- d-----w- C:\ProgramData\Lavasoft 2012-09-14 19:28:30 . 2012-09-14 19:28:30 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2012-09-14 19:28:07 . 2012-09-14 19:28:07 -------- d-----w- C:\Users\Dasjka\AppData\Local\adawarebp 2012-09-14 19:28:06 . 2012-09-15 11:36:22 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-09-14 19:27:39 . 2012-09-15 11:36:26 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2012-09-14 19:27:37 . 2012-09-15 11:36:46 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-09-14 19:27:13 . 2012-09-14 19:27:18 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\Ad-Aware Antivirus 2012-09-14 19:15:31 . 2012-09-15 11:36:21 -------- d-----w- C:\ProgramData\HitmanPro 2012-09-14 18:43:40 . 2012-09-14 18:43:40 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\Sammsoft 2012-09-14 18:43:26 . 2012-09-15 11:36:32 -------- d-----w- C:\Program Files (x86)\MemTurbo 4 2012-09-14 18:43:21 . 2012-09-15 11:36:37 -------- d-----w- C:\Program Files (x86)\ARO 2012 2012-09-14 18:07:31 . 2012-09-15 11:36:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-09-14 18:07:00 . 2012-09-15 11:36:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2012-09-14 13:58:41 . 2012-09-14 18:48:54 -------- d-----w- C:\Users\dasjka_2 2012-09-13 09:59:03 . 2012-09-17 09:26:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-12 14:32:22 . 2012-09-16 08:37:24 -------- d-----w- C:\ProgramData\AVAST Software 2012-09-12 13:05:45 . 2012-09-15 07:58:00 -------- d-----w- C:\Users\Dasjka\AppData\Local\Htc 2012-09-12 13:05:37 . 2012-09-12 13:05:48 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\HTC 2012-09-12 11:54:20 . 2012-09-12 11:54:20 -------- d-----w- C:\ProgramData\PCSettings 2012-09-11 09:33:29 . 2012-09-11 09:43:15 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard 2012-09-11 09:28:17 . 2012-09-11 09:43:32 -------- d-----w- C:\Users\Dasjka\AppData\Local\NPE 2012-08-27 17:08:25 . 2012-09-15 11:37:00 -------- d-----w- C:\Program Files (x86)\YourFileDownloader 2012-08-27 11:49:45 . 2012-09-15 11:25:37 -------- d-----w- C:\Users\Dasjka\bureaublad 2012-08-27 11:10:07 . 2012-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-08-26 23:11:51 . 2012-08-26 23:11:51 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2012-08-26 22:46:55 . 2012-09-15 18:54:43 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\uTorrent 2012-08-26 22:44:15 . 2012-08-26 22:45:47 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\.Tribler 2012-08-26 22:31:44 . 2012-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\smartdl . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-08-15 08:13:38 . 2012-01-04 13:47:45 62134624 ----a-w- C:\Windows\system32\MRT.exe 2012-08-14 22:29:14 . 2012-07-29 08:02:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:29:14 . 2012-02-11 09:23:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15:06 . 2012-08-14 20:57:01 3148800 ----a-w- C:\Windows\system32\win32k.sys 2012-07-04 22:16:43 . 2012-08-14 20:57:02 73216 ----a-w- C:\Windows\system32\netapi32.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 59392 ----a-w- C:\Windows\system32\browcli.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 136704 ----a-w- C:\Windows\system32\browser.dll 2012-07-04 21:14:34 . 2012-08-14 20:57:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-07-03 18:56:30 . 2012-07-03 18:56:30 73728 ----a-w- C:\Windows\SysWow64\afasrv64.exe 2012-06-29 04:55:23 . 2012-08-15 08:17:47 17809920 ----a-w- C:\Windows\system32\mshtml.dll 2012-06-29 04:09:35 . 2012-08-15 08:17:46 10925568 ----a-w- C:\Windows\system32\ieframe.dll 2012-06-29 04:01:35 . 2012-06-29 04:01:35 704136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-29 03:56:34 . 2012-08-15 08:17:53 2312704 ----a-w- C:\Windows\system32\jscript9.dll 2012-06-29 03:49:57 . 2012-08-15 08:17:55 1346048 ----a-w- C:\Windows\system32\urlmon.dll 2012-06-29 03:49:11 . 2012-08-15 08:17:52 1392128 ----a-w- C:\Windows\system32\wininet.dll 2012-06-29 03:48:07 . 2012-08-15 08:17:53 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl 2012-06-29 03:47:35 . 2012-08-15 08:17:55 237056 ----a-w- C:\Windows\system32\url.dll 2012-06-29 03:45:55 . 2012-08-15 08:17:52 85504 ----a-w- C:\Windows\system32\jsproxy.dll 2012-06-29 03:44:51 . 2012-08-15 08:17:50 816640 ----a-w- C:\Windows\system32\jscript.dll 2012-06-29 03:43:49 . 2012-08-15 08:17:54 173056 ----a-w- C:\Windows\system32\ieUnatt.exe 2012-06-29 03:42:23 . 2012-08-15 08:17:55 2144768 ----a-w- C:\Windows\system32\iertutil.dll 2012-06-29 03:40:11 . 2012-08-15 08:17:57 96768 ----a-w- C:\Windows\system32\mshtmled.dll 2012-06-29 03:39:48 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-06-29 03:35:21 . 2012-08-15 08:17:54 248320 ----a-w- C:\Windows\system32\ieui.dll 2012-06-29 00:16:58 . 2012-08-15 08:17:52 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 . 2012-08-15 08:17:53 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 . 2012-08-15 08:17:53 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 . 2012-08-15 08:17:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-25 14:04:24 . 2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. [7] 2010-11-21 03:24:29 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [-] 2010-08-14 09:37:49 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\winlogon.exe [7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-01-04 14:23:58 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll [-] 2012-01-04 14:23:57 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\SysWOW64\user32.dll [7] 2010-11-21 03:24:20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 10:30:40 59240] "Registry Mechanic"="C:\Users\Dasjka\Desktop\rminstall_RevenueWire207_10.0.1.140.exe" [2012-05-01 09:53:02 511968] "Norton Download Manager{N360P201102-SHPD-FSD31014}"="C:\Users\Public\Downloads\Norton\{N360P201102-SHPD-FSD31014}\N360Downloader (2).exe" [2012-09-16 08:35:04 916136] "uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe" [2012-08-27 11:10:07 896400] "Spotify Web Helper"="C:\Users\Dasjka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 07:06:59 1192664] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 18:06:18 59280] "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 17:17:52 207424] "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" [bU] "USBestCR"="C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 18:56:31 7377920] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 09:07:54 252296] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-18 18:56:22 421888] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 17:33:22 421776] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008] "Salling Media Sync"="C:\Program Files (x86)\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" [2011-01-07 13:55:14 333512] "Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2012-09-16 12:05:39 30192] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Dasjka\AppData\Local\Temp\Rar$EX58.400\Run\a2ddax64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 22:29:16 250056] R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 03:23:48 71168] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-09-16 12:05:39 30192] R3 HMFAxCore49faa33f15a1ac700ece463855b34160;HMFAxCore49faa33f15a1ac700ece463855b34160;C:\Windows\system32\drivers\HMFAxCore49faa33f15a1ac700ece463855b34160.sys [x] R3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 16:16:50 33736] R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 15:08:10 36928] R3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys [2010-09-15 06:46:14 60288] R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys [2011-08-02 16:38:44 22528] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-21 03:24:43 20992] R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [2010-11-21 03:23:48 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [2010-11-21 03:23:48 34816] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232] R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 03:23:48 117248] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 09:01:50 52736] R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x] S0 hotcore3;hotcore3;C:\Windows\SysWOW64\drivers\hotcore3.sys [2008-01-21 16:43:42 36368] S0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys [2011-12-01 10:42:44 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 10:42:44 15920] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 20:51:26 63960] S2 AfaService;Afa Card Reader Service;C:\Windows\system32\afasrv64.exe [x] S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-18 11:15:06 96768] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 15:04:46 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 15:04:46 676936] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 04:13:00 2348352] S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 12:25:24 87040] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 19:05:32 382272] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-07 15:04:46 25928] S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 20:35:36 867328] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 20:32:37 1627520] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920] Inhoud van de 'Gedeelde Taken' map 2012-09-16 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 08:02:26 . 2012-08-14 22:29:16] 2012-09-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000Core.job - C:\Users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57:16 . 2012-08-07 11:57:15] 2012-09-12 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000UA.job - C:\Users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57:16 . 2012-08-07 11:57:15] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USBestCR"="C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 18:56:31 7377920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 ------- Bijkomende Scan ------- uStart Page = hxxp://www.google.nl/ mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 195.130.131.131 FF - ProfilePath - C:\Users\Dasjka\AppData\Roaming\Mozilla\Firefox\Profiles\4oxvarww.default\ - - - - ORPHANS VERWIJDERD - - - - Toolbar-10 - (no file) Wow6432Node-HKLM-Run-DATAMNGR - C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE Toolbar-10 - (no file) HKLM-Run-combofix - C:\ComboFix\CF3403.3XE Ok, wat nu? Zal ik de rest ook opnieuw doen of terug stap voor stap? Ik hoop echt dat dit opgelost geraakt, zeker omdat er dringende betalingen zijn ondertussen, maar durf dit niet meteen te doen, of zou dit kunnen in veilige modus zonder probs?
  5. Ok, ik heb dus ontdekt dat de pc naar een eerder herstelpunt is teruggebracht. Wanneer dit moge geweest zijn, ik weet het niet, maar ik ben helaas ook niet de enige die hier rondloopt... Ik heb de beginstappen opnieuw doorgelopen en alles zoals u al aangaf gedaan. Tot aan combofix. Ik heb daar een log van, zou je daar nog eens naar willen kijken aub? ComboFix 12-09-16.01 - Dasjka 17/09/2012 12:12:59.1.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1037 [GMT 2:00] Gestart vanuit: C:\Users\Dasjka\Desktop\ComboFix.exe AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\Bcool C:\ProgramData\Bcool\settings.ini C:\ProgramData\Bcool\uninstall.exe C:\Windows\SysWow64\Packet.dll C:\Windows\SysWow64\reghmf.exe C:\Windows\SysWow64\wpcap.dll ---- Voorgaande Run ------- C:\found.000\file0000.chk C:\found.001\file0000.chk C:\found.002\file0000.chk C:\found.003\dir0000.chk\dir0000.chk\31E.tmp C:\found.003\dir0000.chk\dir0000.chk\32F.tmp C:\found.003\dir0000.chk\dir0000.chk\330.tmp C:\found.003\dir0000.chk\dir0000.chk\331.tmp C:\found.003\dir0000.chk\dir0000.chk\341.tmp C:\found.003\dir0000.chk\dir0000.chk\342.tmp C:\found.003\dir0000.chk\dir0000.chk\343.tmp C:\found.003\dir0000.chk\dir0000.chk\354.tmp C:\found.003\dir0000.chk\dir0000.chk\355.tmp C:\found.003\dir0000.chk\dir0000.chk\356.tmp C:\found.003\dir0000.chk\dir0000.chk\366.tmp C:\found.003\dir0000.chk\dir0000.chk\367.tmp C:\found.003\dir0000.chk\dir0001.chk\Local State C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADB.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADC.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADD.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAEE.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAEF.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAF0.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB00.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB01.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB02.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB03.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB14.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB15.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB16.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB27.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB28.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB29.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB2A.tmp C:\found.003\dir0000.chk\file0000.chk C:\found.003\dir0000.chk\file0001.chk C:\found.004\dir0000.chk\F114.tmp C:\found.004\dir0000.chk\F125.tmp C:\found.004\dir0000.chk\F126.tmp C:\found.004\dir0000.chk\F136.tmp C:\found.004\dir0000.chk\F137.tmp C:\found.004\dir0000.chk\F148.tmp C:\found.004\dir0000.chk\F149.tmp C:\found.004\dir0000.chk\F15A.tmp C:\found.004\dir0000.chk\F15B.tmp C:\found.004\dir0001.chk\39AA.tmp C:\found.004\dir0001.chk\F9D0.tmp C:\found.004\dir0001.chk\F9D1.tmp C:\found.004\dir0001.chk\F9D2.tmp C:\found.004\dir0001.chk\F9E3.tmp C:\found.004\dir0001.chk\F9E4.tmp C:\found.004\dir0001.chk\F9F4.tmp C:\found.004\dir0001.chk\F9F6.tmp C:\found.004\dir0001.chk\FA07.tmp C:\found.004\dir0001.chk\FA08.tmp C:\found.004\dir0001.chk\FA19.tmp C:\found.004\dir0001.chk\FA1A.tmp C:\found.004\dir0001.chk\FA1B.tmp C:\found.004\dir0001.chk\FA2B.tmp C:\found.004\dir0001.chk\FA2C.tmp C:\found.004\dir0002.chk\JumpListIcons\7BE3.tmp C:\found.004\dir0002.chk\JumpListIcons\7BE4.tmp C:\found.004\dir0002.chk\JumpListIcons\7BF4.tmp C:\found.004\dir0002.chk\JumpListIcons\7BF5.tmp C:\found.004\dir0002.chk\JumpListIcons\7C06.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E1C.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E1D.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2D.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2E.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2F.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E40.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E41.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E52.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E53.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E54.tmp C:\found.004\dir0002.chk\Managed Mode Settings c:\program files (x86)\SweetIM\Messenger\default.xml c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png c:\program files (x86)\YourFileDownloader\Downloader.exe c:\program files (x86)\YourFileDownloader\htmlayout.dll c:\program files (x86)\YourFileDownloader\uninstall.exe c:\program files (x86)\YourFileDownloader\YourFile.exe c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\_Setup.dll c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.exe c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.ico c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\TsuDll.dll c:\programdata\InstallMate\7AC35F52\cfg\1.ini c:\programdata\InstallMate\7AC35F52\cfg\2.ini c:\programdata\InstallMate\7AC35F52\cfg\2_1.ini c:\programdata\InstallMate\7AC35F52\cfg\4.ini c:\programdata\InstallMate\7AC35F52\cfg\4_1.ini c:\programdata\InstallMate\7AC35F52\cfg\5.ini c:\programdata\InstallMate\7AC35F52\cfg\6.ini c:\programdata\InstallMate\7AC35F52\cfg\7.ini c:\programdata\InstallMate\7AC35F52\cfg\8.ini c:\programdata\InstallMate\7AC35F52\cfg\8_1.ini c:\programdata\InstallMate\7AC35F52\cfg\8_1_1.ini c:\programdata\InstallMate\E2A466DA\cfg\1.ini c:\programdata\InstallMate\E2A466DA\cfg\2.ini c:\programdata\InstallMate\E2A466DA\cfg\2_1.ini c:\programdata\InstallMate\E2A466DA\cfg\4.ini c:\programdata\InstallMate\E2A466DA\cfg\4_1.ini c:\programdata\InstallMate\E2A466DA\cfg\5.ini c:\programdata\InstallMate\E2A466DA\cfg\6.ini c:\programdata\InstallMate\E2A466DA\cfg\7.ini c:\programdata\InstallMate\E2A466DA\cfg\8.ini c:\programdata\InstallMate\E2A466DA\cfg\8_1.ini c:\programdata\SweetIM\Communicator\conf\communicator.xml c:\programdata\SweetIM\Messenger\conf\adapter.xml c:\programdata\SweetIM\Messenger\conf\autoupdate.xml c:\programdata\SweetIM\Messenger\conf\contentpackages.xml c:\programdata\SweetIM\Messenger\conf\logger.xml c:\programdata\SweetIM\Messenger\conf\messages.xml c:\programdata\SweetIM\Messenger\conf\sweetim.xml c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.swf c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat c:\programdata\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm c:\programdata\SweetIM\Messenger\data\packages\FailDialog\close_but.gif c:\programdata\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF (((((((((((((((((((( Bestanden Gemaakt van 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))) 2012-09-17 10:16:45 . 2012-09-17 10:16:45 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2012-09-17 10:16:45 . 2012-09-17 10:16:45 -------- d-----w- C:\Users\UpdatusUser.Dasjka-PC\AppData\Local\temp 2012-09-17 10:16:45 . 2012-09-17 10:16:45 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2012-09-17 10:16:45 . 2012-09-17 10:16:45 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-09-17 09:26:49 . 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-16 13:03:16 . 2012-09-16 13:27:10 -------- d-----w- C:\Users\Dasjka\DoctorWeb 2012-09-16 12:05:42 . 2012-09-16 12:05:42 119808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll 2012-09-16 12:05:38 . 2012-09-16 12:05:38 -------- d-----w- C:\Program Files (x86)\Google 2012-09-16 11:25:12 . 2012-09-16 11:25:12 -------- d-----w- C:\Temp 2012-09-16 10:15:59 . 2012-09-16 10:15:59 -------- d-----w- C:\found.000 2012-09-16 08:39:27 . 2012-09-16 08:39:27 -------- d-----w- C:\Windows\system32\drivers\N360x64 2012-09-15 18:27:42 . 2012-09-15 18:27:42 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\ImgBurn 2012-09-15 18:20:51 . 2012-09-15 18:20:51 -------- d-----w- C:\Program Files (x86)\ImgBurn 2012-09-15 13:03:51 . 2012-08-21 09:12:02 285328 ----a-w- C:\Windows\system32\aswBoot.exe 2012-09-15 13:03:29 . 2012-09-15 13:03:29 -------- d-----w- C:\Program Files\AVAST Software 2012-09-14 19:28:30 . 2012-09-14 19:28:30 -------- d-----w- C:\ProgramData\Lavasoft 2012-09-14 19:28:30 . 2012-09-14 19:28:30 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2012-09-14 19:28:07 . 2012-09-14 19:28:07 -------- d-----w- C:\Users\Dasjka\AppData\Local\adawarebp 2012-09-14 19:28:06 . 2012-09-15 11:36:22 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-09-14 19:27:39 . 2012-09-15 11:36:26 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2012-09-14 19:27:37 . 2012-09-15 11:36:46 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-09-14 19:27:13 . 2012-09-14 19:27:18 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\Ad-Aware Antivirus 2012-09-14 19:15:31 . 2012-09-15 11:36:21 -------- d-----w- C:\ProgramData\HitmanPro 2012-09-14 18:43:40 . 2012-09-14 18:43:40 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\Sammsoft 2012-09-14 18:43:26 . 2012-09-15 11:36:32 -------- d-----w- C:\Program Files (x86)\MemTurbo 4 2012-09-14 18:43:21 . 2012-09-15 11:36:37 -------- d-----w- C:\Program Files (x86)\ARO 2012 2012-09-14 18:07:31 . 2012-09-15 11:36:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-09-14 18:07:00 . 2012-09-15 11:36:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2012-09-14 13:58:41 . 2012-09-14 18:48:54 -------- d-----w- C:\Users\dasjka_2 2012-09-13 09:59:03 . 2012-09-17 09:26:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-12 14:32:22 . 2012-09-16 08:37:24 -------- d-----w- C:\ProgramData\AVAST Software 2012-09-12 13:05:45 . 2012-09-15 07:58:00 -------- d-----w- C:\Users\Dasjka\AppData\Local\Htc 2012-09-12 13:05:37 . 2012-09-12 13:05:48 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\HTC 2012-09-12 11:54:20 . 2012-09-12 11:54:20 -------- d-----w- C:\ProgramData\PCSettings 2012-09-11 09:33:29 . 2012-09-11 09:43:15 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard 2012-09-11 09:28:17 . 2012-09-11 09:43:32 -------- d-----w- C:\Users\Dasjka\AppData\Local\NPE 2012-08-27 17:08:25 . 2012-09-15 11:37:00 -------- d-----w- C:\Program Files (x86)\YourFileDownloader 2012-08-27 11:49:45 . 2012-09-15 11:25:37 -------- d-----w- C:\Users\Dasjka\bureaublad 2012-08-27 11:10:07 . 2012-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-08-27 10:55:34 . 2012-09-17 09:29:54 -------- d-----w- C:\ProgramData\OptimizerPro1 2012-08-27 10:53:52 . 2012-09-15 11:37:03 -------- d-----w- C:\ProgramData\InstallMate 2012-08-26 23:11:51 . 2012-08-26 23:11:51 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2012-08-26 22:46:55 . 2012-09-15 18:54:43 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\uTorrent 2012-08-26 22:44:15 . 2012-08-26 22:45:47 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\.Tribler 2012-08-26 22:31:44 . 2012-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\smartdl . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-08-15 08:13:38 . 2012-01-04 13:47:45 62134624 ----a-w- C:\Windows\system32\MRT.exe 2012-08-14 22:29:14 . 2012-07-29 08:02:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:29:14 . 2012-02-11 09:23:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15:06 . 2012-08-14 20:57:01 3148800 ----a-w- C:\Windows\system32\win32k.sys 2012-07-04 22:16:43 . 2012-08-14 20:57:02 73216 ----a-w- C:\Windows\system32\netapi32.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 59392 ----a-w- C:\Windows\system32\browcli.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 136704 ----a-w- C:\Windows\system32\browser.dll 2012-07-04 21:14:34 . 2012-08-14 20:57:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-07-03 18:56:30 . 2012-07-03 18:56:30 73728 ----a-w- C:\Windows\SysWow64\afasrv64.exe 2012-06-29 04:55:23 . 2012-08-15 08:17:47 17809920 ----a-w- C:\Windows\system32\mshtml.dll 2012-06-29 04:09:35 . 2012-08-15 08:17:46 10925568 ----a-w- C:\Windows\system32\ieframe.dll 2012-06-29 04:01:35 . 2012-06-29 04:01:35 704136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-29 03:56:34 . 2012-08-15 08:17:53 2312704 ----a-w- C:\Windows\system32\jscript9.dll 2012-06-29 03:49:57 . 2012-08-15 08:17:55 1346048 ----a-w- C:\Windows\system32\urlmon.dll 2012-06-29 03:49:11 . 2012-08-15 08:17:52 1392128 ----a-w- C:\Windows\system32\wininet.dll 2012-06-29 03:48:07 . 2012-08-15 08:17:53 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl 2012-06-29 03:47:35 . 2012-08-15 08:17:55 237056 ----a-w- C:\Windows\system32\url.dll 2012-06-29 03:45:55 . 2012-08-15 08:17:52 85504 ----a-w- C:\Windows\system32\jsproxy.dll 2012-06-29 03:44:51 . 2012-08-15 08:17:50 816640 ----a-w- C:\Windows\system32\jscript.dll 2012-06-29 03:43:49 . 2012-08-15 08:17:54 173056 ----a-w- C:\Windows\system32\ieUnatt.exe 2012-06-29 03:42:23 . 2012-08-15 08:17:55 2144768 ----a-w- C:\Windows\system32\iertutil.dll 2012-06-29 03:40:11 . 2012-08-15 08:17:57 96768 ----a-w- C:\Windows\system32\mshtmled.dll 2012-06-29 03:39:48 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-06-29 03:35:21 . 2012-08-15 08:17:54 248320 ----a-w- C:\Windows\system32\ieui.dll 2012-06-29 00:16:58 . 2012-08-15 08:17:52 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 . 2012-08-15 08:17:53 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 . 2012-08-15 08:17:53 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 . 2012-08-15 08:17:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-25 14:04:24 . 2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
  6. Nee, nog niks opgeleverd, maar, hij heeft een aantal zaken niet verwijderd of verplaatst: OptimizerPro1.exe;C:\Documents and Settings\All Users\Application Data\OptimizerPro1;Program.Unwanted.6;; OptimizerPro1.exe;C:\Documents and Settings\All Users\OptimizerPro1;Program.Unwanted.6;; speedupmypc.exe;C:\Documents and Settings\Dasjka\Downloads;Program.Uniblue.8;; OptimizerPro1.exe;C:\ProgramData\OptimizerPro1;Program.Unwanted.6;; OptimizerPro1.exe;C:\Users\All Users\OptimizerPro1;Program.Unwanted.6;; speedupmypc.exe;C:\Users\Dasjka\Downloads;Program.Uniblue.8;; Wat hiermee doen?
  7. Het heeft volgens mij bijna 4u geduurd, en er is toch wat zichtbaar precies... Log was in excel opgeslagen om de 1 of andere reden, heb het in kladblok proberen openen: browserconnection.dll;c:\program files (x86)\windows ilivid toolbar\datamngr\x64;Adware.Bandoo.4;Verwijderd.; datamngr.dll;c:\program files (x86)\windows ilivid toolbar\datamngr\x64;Adware.Bandoo.4;Niet repareerbaar.Verplaatst.; iebho.dll;c:\program files (x86)\windows ilivid toolbar\datamngr\x64;Adware.Bandoo.4;Verwijderd.; OptimizerPro1.exe;C:\Documents and Settings\All Users\Application Data\OptimizerPro1;Program.Unwanted.6;; OptimizerPro1.exe;C:\Documents and Settings\All Users\OptimizerPro1;Program.Unwanted.6;; SoftonicDownloader_voor_google-desktop.exe;C:\Documents and Settings\Dasjka\Desktop;Adware.Downware.451;Verplaatst.; datamngr.dll;C:\Documents and Settings\Dasjka\DoctorWeb\Quarantine;Adware.Bandoo.4;Verplaatst.; SoftonicDownloader_voor_google-desktop.exe;C:\Documents and Settings\Dasjka\DoctorWeb\Quarantine;Adware.Downware.451;Verplaatst.; DownloadManagerSetup.exe;C:\Documents and Settings\Dasjka\Downloads;Adware.InstallCore.53;Verplaatst.; DownloadSetup (1).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (2).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (3).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (4).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (5).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (6).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup.exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; PDFReaderSetup.exe;C:\Documents and Settings\Dasjka\Downloads;Adware.InstallCore.38;Verplaatst.; speedupmypc.exe;C:\Documents and Settings\Dasjka\Downloads;Program.Uniblue.8;; cnet_ccsetup309_exe.exe;C:\Documents and Settings\Dasjka\Downloads\Downloads;Adware.InstallCore.2;Verplaatst.; mainpackfa.exe;C:\Program Files (x86)\1ClickDownload;Adware.Downware.380;Verplaatst.; DnsBHO.dll;C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64;Adware.Bandoo.4;Verplaatst.; OptimizerPro1.exe;C:\ProgramData\OptimizerPro1;Program.Unwanted.6;; OptimizerPro1.exe;C:\Users\All Users\OptimizerPro1;Program.Unwanted.6;; speedupmypc.exe;C:\Users\Dasjka\Downloads;Program.Uniblue.8;; cnet_ccsetup309_exe.exe;D:\Downloads;Adware.InstallCore.2;Verplaatst.; cnet_ccsetup309_exe.exe;D:\Karen\Downloads;Adware.InstallCore.2;Verplaatst.;
  8. Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 16/09/2012 12:39:49 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 16/09/2012 12:40:33 C:\torrent.exe Ontdekt: Riskware.Win32.BundleInstaller!E1 C:\Qoobox\Quarantine\C\ProgramData\Bcool\content.js.vir Ontdekt: JS.MultiPlug!E2 C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll Ontdekt: Adware.Win32.Yontoo.AMN!E1 C:\ProgramData\Bcool\content.js Ontdekt: JS.MultiPlug!E2 C:\Program Files (x86)\Yontoo\YontooIEClient.dll Ontdekt: Adware.Win32.Yontoo.AMN!E1 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Ontdekt: Riskware.Win32.Toolbar.SearchSuite.AMN!E1 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Ontdekt: Riskware.Win32.Toolbar.SearchSuite.AMN!E1 Gescand 610238 Gevonden 7 Scan geëindigd: 16/09/2012 13:25:07 Scantijd: 0:44:34 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Verwijderd Riskware.Win32.Toolbar.SearchSuite.AMN!E1 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Verwijderd Riskware.Win32.Toolbar.SearchSuite.AMN!E1 C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll Verwijderd Adware.Win32.Yontoo.AMN!E1 C:\Program Files (x86)\Yontoo\YontooIEClient.dll Verwijderd Adware.Win32.Yontoo.AMN!E1 C:\Qoobox\Quarantine\C\ProgramData\Bcool\content.js.vir Verwijderd JS.MultiPlug!E2 C:\ProgramData\Bcool\content.js Verwijderd JS.MultiPlug!E2 C:\torrent.exe Verwijderd Riskware.Win32.BundleInstaller!E1 Verwijderd 7
  9. Net kon ik de pc niet meer in veilige modus opstarten. Wel 'systeemherstel', wat naderhand een boodschap gaf dat het systeemvolume beschadigd is. Daarna wel veilige modus, maar bleef hangen. Na veel pogingen er toch terug in geraakt. Ik ga proberen het bovenstaande uit te voeren, maar bij herstarten pc heb ik een beetje bang dat het niet meer al te lang gaat duren vooraleer veilige modus niet meer gaat lukken en dan is het einde verhaal natuurlijk.
  10. Lukt ook niet. Heb geprobeerd met een herstel-cd van windows 7, maar vindt geen problemen... Ik weet niet meer wat te doen, zou er evt toch een virus verscholen kunnen zitten?
  11. ComboFix 12-09-13.03 - Dasjka 14/09/2012 12:27:15.6.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1258 [GMT 2:00] Gestart vanuit: C:\Users\Dasjka\Downloads\ComboFix.exe gebruikte Opdracht switches :: C:\Users\Dasjka\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\found.000 C:\found.000\file0000.chk C:\found.001 C:\found.001\file0000.chk C:\found.002 C:\found.002\file0000.chk C:\found.003 C:\found.003\dir0000.chk\dir0000.chk\31E.tmp C:\found.003\dir0000.chk\dir0000.chk\32F.tmp C:\found.003\dir0000.chk\dir0000.chk\330.tmp C:\found.003\dir0000.chk\dir0000.chk\331.tmp C:\found.003\dir0000.chk\dir0000.chk\341.tmp C:\found.003\dir0000.chk\dir0000.chk\342.tmp C:\found.003\dir0000.chk\dir0000.chk\343.tmp C:\found.003\dir0000.chk\dir0000.chk\354.tmp C:\found.003\dir0000.chk\dir0000.chk\355.tmp C:\found.003\dir0000.chk\dir0000.chk\356.tmp C:\found.003\dir0000.chk\dir0000.chk\366.tmp C:\found.003\dir0000.chk\dir0000.chk\367.tmp C:\found.003\dir0000.chk\dir0001.chk\Local State C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADB.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADC.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADD.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAEE.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAEF.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAF0.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB00.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB01.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB02.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB03.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB14.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB15.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB16.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB27.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB28.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB29.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB2A.tmp C:\found.003\dir0000.chk\file0000.chk C:\found.003\dir0000.chk\file0001.chk C:\found.004 C:\found.004\dir0000.chk\F114.tmp C:\found.004\dir0000.chk\F125.tmp C:\found.004\dir0000.chk\F126.tmp C:\found.004\dir0000.chk\F136.tmp C:\found.004\dir0000.chk\F137.tmp C:\found.004\dir0000.chk\F148.tmp C:\found.004\dir0000.chk\F149.tmp C:\found.004\dir0000.chk\F15A.tmp C:\found.004\dir0000.chk\F15B.tmp C:\found.004\dir0001.chk\39AA.tmp C:\found.004\dir0001.chk\F9D0.tmp C:\found.004\dir0001.chk\F9D1.tmp C:\found.004\dir0001.chk\F9D2.tmp C:\found.004\dir0001.chk\F9E3.tmp C:\found.004\dir0001.chk\F9E4.tmp C:\found.004\dir0001.chk\F9F4.tmp C:\found.004\dir0001.chk\F9F6.tmp C:\found.004\dir0001.chk\FA07.tmp C:\found.004\dir0001.chk\FA08.tmp C:\found.004\dir0001.chk\FA19.tmp C:\found.004\dir0001.chk\FA1A.tmp C:\found.004\dir0001.chk\FA1B.tmp C:\found.004\dir0001.chk\FA2B.tmp C:\found.004\dir0001.chk\FA2C.tmp C:\found.004\dir0002.chk\JumpListIcons\7BE3.tmp C:\found.004\dir0002.chk\JumpListIcons\7BE4.tmp C:\found.004\dir0002.chk\JumpListIcons\7BF4.tmp C:\found.004\dir0002.chk\JumpListIcons\7BF5.tmp C:\found.004\dir0002.chk\JumpListIcons\7C06.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E1C.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E1D.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2D.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2E.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2F.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E40.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E41.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E52.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E53.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E54.tmp C:\found.004\dir0002.chk\Managed Mode Settings c:\program files (x86)\SweetIM c:\program files (x86)\SweetIM\Messenger\default.xml c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png c:\program files (x86)\YourFileDownloader c:\program files (x86)\YourFileDownloader\Downloader.exe c:\program files (x86)\YourFileDownloader\htmlayout.dll c:\program files (x86)\YourFileDownloader\uninstall.exe c:\program files (x86)\YourFileDownloader\YourFile.exe c:\programdata\InstallMate c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\_Setup.dll c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.exe c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.ico c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\TsuDll.dll c:\programdata\InstallMate\7AC35F52\cfg\1.ini c:\programdata\InstallMate\7AC35F52\cfg\2.ini c:\programdata\InstallMate\7AC35F52\cfg\2_1.ini c:\programdata\InstallMate\7AC35F52\cfg\4.ini c:\programdata\InstallMate\7AC35F52\cfg\4_1.ini c:\programdata\InstallMate\7AC35F52\cfg\5.ini c:\programdata\InstallMate\7AC35F52\cfg\6.ini c:\programdata\InstallMate\7AC35F52\cfg\7.ini c:\programdata\InstallMate\7AC35F52\cfg\8.ini c:\programdata\InstallMate\7AC35F52\cfg\8_1.ini c:\programdata\InstallMate\7AC35F52\cfg\8_1_1.ini c:\programdata\InstallMate\E2A466DA\cfg\1.ini c:\programdata\InstallMate\E2A466DA\cfg\2.ini c:\programdata\InstallMate\E2A466DA\cfg\2_1.ini c:\programdata\InstallMate\E2A466DA\cfg\4.ini c:\programdata\InstallMate\E2A466DA\cfg\4_1.ini c:\programdata\InstallMate\E2A466DA\cfg\5.ini c:\programdata\InstallMate\E2A466DA\cfg\6.ini c:\programdata\InstallMate\E2A466DA\cfg\7.ini c:\programdata\InstallMate\E2A466DA\cfg\8.ini c:\programdata\InstallMate\E2A466DA\cfg\8_1.ini c:\programdata\OptimizerPro1 c:\programdata\SweetIM c:\programdata\SweetIM\Communicator\conf\communicator.xml c:\programdata\SweetIM\Messenger\conf\adapter.xml c:\programdata\SweetIM\Messenger\conf\autoupdate.xml c:\programdata\SweetIM\Messenger\conf\contentpackages.xml c:\programdata\SweetIM\Messenger\conf\logger.xml c:\programdata\SweetIM\Messenger\conf\messages.xml c:\programdata\SweetIM\Messenger\conf\sweetim.xml c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.swf c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat c:\programdata\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm c:\programdata\SweetIM\Messenger\data\packages\FailDialog\close_but.gif c:\programdata\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg c:\users\Dasjka\AppData\Roaming\YourFileDownloader (((((((((((((((((((( Bestanden Gemaakt van 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))) 2012-09-14 10:31:12 . 2012-09-14 10:31:12 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2012-09-14 10:31:12 . 2012-09-14 10:31:12 -------- d-----w- C:\Users\UpdatusUser.Dasjka-PC\AppData\Local\temp 2012-09-14 10:31:12 . 2012-09-14 10:31:12 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2012-09-14 10:31:12 . 2012-09-14 10:31:12 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-09-13 10:11:27 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-09-13 10:11:26 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys 2012-09-13 10:11:25 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll 2012-09-13 10:11:25 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-13 10:11:13 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-09-13 10:11:13 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-09-13 10:11:13 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-09-13 09:59:03 . 2012-09-13 09:59:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-13 09:59:03 . 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-12 14:32:22 . 2012-09-12 14:32:22 -------- d-----w- C:\ProgramData\AVAST Software 2012-09-12 13:05:45 . 2012-09-14 08:07:26 -------- d-----w- C:\Users\Dasjka\AppData\Local\Htc 2012-09-12 13:05:37 . 2012-09-12 13:05:48 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\HTC 2012-09-12 11:54:20 . 2012-09-12 11:54:20 -------- d-----w- C:\ProgramData\PCSettings 2012-09-11 09:33:29 . 2012-09-11 09:43:15 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard 2012-09-11 09:28:17 . 2012-09-11 09:43:32 -------- d-----w- C:\Users\Dasjka\AppData\Local\NPE 2012-08-27 11:49:45 . 2012-09-13 08:13:11 -------- d-----w- C:\Users\Dasjka\bureaublad 2012-08-27 11:10:07 . 2012-09-13 08:14:38 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-08-26 23:11:51 . 2012-08-26 23:11:51 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2012-08-26 22:46:55 . 2012-09-14 08:08:12 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\uTorrent 2012-08-26 22:44:15 . 2012-08-26 22:45:47 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\.Tribler 2012-08-26 22:31:44 . 2012-09-13 08:14:38 -------- d-----w- C:\Program Files (x86)\smartdl 2012-08-22 20:22:00 . 2012-08-22 20:22:00 209269 ----a-w- C:\torrent.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-09-14 09:14:59 . 2012-01-04 13:47:45 64462936 ----a-w- C:\Windows\system32\MRT.exe 2012-08-14 22:29:14 . 2012-07-29 08:02:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:29:14 . 2012-02-11 09:23:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15:06 . 2012-08-14 20:57:01 3148800 ----a-w- C:\Windows\system32\win32k.sys 2012-07-04 22:16:43 . 2012-08-14 20:57:02 73216 ----a-w- C:\Windows\system32\netapi32.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 59392 ----a-w- C:\Windows\system32\browcli.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 136704 ----a-w- C:\Windows\system32\browser.dll 2012-07-04 21:14:34 . 2012-08-14 20:57:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-07-03 18:56:30 . 2012-07-03 18:56:30 73728 ----a-w- C:\Windows\SysWow64\afasrv64.exe 2012-06-29 04:55:23 . 2012-08-15 08:17:47 17809920 ----a-w- C:\Windows\system32\mshtml.dll 2012-06-29 04:09:35 . 2012-08-15 08:17:46 10925568 ----a-w- C:\Windows\system32\ieframe.dll 2012-06-29 04:01:35 . 2012-06-29 04:01:35 704136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-29 03:56:34 . 2012-08-15 08:17:53 2312704 ----a-w- C:\Windows\system32\jscript9.dll 2012-06-29 03:49:57 . 2012-08-15 08:17:55 1346048 ----a-w- C:\Windows\system32\urlmon.dll 2012-06-29 03:49:11 . 2012-08-15 08:17:52 1392128 ----a-w- C:\Windows\system32\wininet.dll 2012-06-29 03:48:07 . 2012-08-15 08:17:53 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl 2012-06-29 03:47:35 . 2012-08-15 08:17:55 237056 ----a-w- C:\Windows\system32\url.dll 2012-06-29 03:45:55 . 2012-08-15 08:17:52 85504 ----a-w- C:\Windows\system32\jsproxy.dll 2012-06-29 03:44:51 . 2012-08-15 08:17:50 816640 ----a-w- C:\Windows\system32\jscript.dll 2012-06-29 03:43:49 . 2012-08-15 08:17:54 173056 ----a-w- C:\Windows\system32\ieUnatt.exe 2012-06-29 03:42:23 . 2012-08-15 08:17:55 2144768 ----a-w- C:\Windows\system32\iertutil.dll 2012-06-29 03:40:11 . 2012-08-15 08:17:57 96768 ----a-w- C:\Windows\system32\mshtmled.dll 2012-06-29 03:39:48 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-06-29 03:35:21 . 2012-08-15 08:17:54 248320 ----a-w- C:\Windows\system32\ieui.dll 2012-06-29 00:16:58 . 2012-08-15 08:17:52 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 . 2012-08-15 08:17:53 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 . 2012-08-15 08:17:53 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 . 2012-08-15 08:17:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-25 14:04:24 . 2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
  12. Gevonden! Ja sorry, pc-leek ComboFix 12-09-13.03 - Dasjka 14/09/2012 11:01:25.5.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1461 [GMT 2:00] Gestart vanuit: c:\users\Dasjka\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))) . . 2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\UpdatusUser.Dasjka-PC\AppData\Local\temp 2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\Gast\AppData\Local\temp 2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-13 09:59 . 2012-09-13 09:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-13 09:59 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-12 14:32 . 2012-09-12 14:32 -------- d-----w- c:\programdata\AVAST Software 2012-09-12 13:05 . 2012-09-14 08:07 -------- d-----w- c:\users\Dasjka\AppData\Local\Htc 2012-09-12 13:05 . 2012-09-12 13:05 -------- d-----w- c:\users\Dasjka\AppData\Roaming\HTC 2012-09-12 11:54 . 2012-09-12 11:54 -------- d-----w- c:\programdata\PCSettings 2012-09-11 09:33 . 2012-09-11 09:43 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard 2012-09-11 09:28 . 2012-09-11 09:43 -------- d-----w- c:\users\Dasjka\AppData\Local\NPE 2012-09-08 13:18 . 2012-09-11 08:35 -------- d-----w- c:\program files (x86)\SweetIM 2012-09-08 13:18 . 2012-09-08 13:18 -------- d-----w- c:\programdata\SweetIM 2012-08-27 17:08 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\YourFileDownloader 2012-08-27 17:08 . 2012-08-27 17:08 -------- d-----w- c:\users\Dasjka\AppData\Roaming\YourFileDownloader 2012-08-27 11:49 . 2012-09-13 08:13 -------- d-----w- c:\users\Dasjka\bureaublad 2012-08-27 11:10 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\uTorrent 2012-08-27 10:55 . 2012-09-13 10:02 -------- d-----w- c:\programdata\OptimizerPro1 2012-08-27 10:53 . 2012-09-13 08:14 -------- d-----w- c:\programdata\InstallMate 2012-08-26 23:11 . 2012-08-26 23:11 -------- d-----w- c:\program files (x86)\Gophoto.it 2012-08-26 22:46 . 2012-09-14 08:08 -------- d-----w- c:\users\Dasjka\AppData\Roaming\uTorrent 2012-08-26 22:44 . 2012-08-26 22:45 -------- d-----w- c:\users\Dasjka\AppData\Roaming\.Tribler 2012-08-26 22:31 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\smartdl 2012-08-22 20:22 . 2012-08-22 20:22 209269 ----a-w- C:\torrent.exe 2012-08-17 21:03 . 2012-08-17 21:03 -------- d-----w- C:\found.004 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 08:13 . 2012-01-04 13:47 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-14 22:29 . 2012-07-29 08:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:29 . 2012-02-11 09:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15 . 2012-08-14 20:57 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 22:16 . 2012-08-14 20:57 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:13 . 2012-08-14 20:57 59392 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:13 . 2012-08-14 20:57 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:14 . 2012-08-14 20:57 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-07-03 18:56 . 2012-07-03 18:56 73728 ----a-w- c:\windows\SysWow64\afasrv64.exe 2012-06-29 04:55 . 2012-08-15 08:17 17809920 ----a-w- c:\windows\system32\mshtml.dll 2012-06-29 04:09 . 2012-08-15 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-06-29 04:01 . 2012-06-29 04:01 704136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-29 03:56 . 2012-08-15 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 03:49 . 2012-08-15 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-29 03:49 . 2012-08-15 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 03:48 . 2012-08-15 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 03:47 . 2012-08-15 08:17 237056 ----a-w- c:\windows\system32\url.dll 2012-06-29 03:45 . 2012-08-15 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-29 03:44 . 2012-08-15 08:17 816640 ----a-w- c:\windows\system32\jscript.dll 2012-06-29 03:43 . 2012-08-15 08:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 03:42 . 2012-08-15 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-29 03:40 . 2012-08-15 08:17 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-29 03:39 . 2012-08-15 08:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-29 03:35 . 2012-08-15 08:17 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-29 00:16 . 2012-08-15 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-29 00:09 . 2012-08-15 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-29 00:08 . 2012-08-15 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 08:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 08:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-01-04 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-01-04 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((( SnapShot@2012-09-13_15.34.05 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-09-14 08:36 45182 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-14 08:36 45404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-01-04 14:01 . 2012-09-14 08:36 13886 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2723141858-125272428-662678617-1000_UserData.bin - 2009-07-14 04:46 . 2012-09-13 15:35 92560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-09-14 09:10 92560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-09-13 15:32 . 2012-09-13 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-14 09:07 . 2012-09-14 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-13 15:32 . 2012-09-13 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-09-14 09:07 . 2012-09-14 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-11-21 16:48 . 2012-09-13 16:36 701548 c:\windows\system32\perfh013.dat - 2010-11-21 16:48 . 2012-09-05 07:16 701548 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-09-05 07:16 616032 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-13 16:36 616032 c:\windows\system32\perfh009.dat + 2010-11-21 16:48 . 2012-09-13 16:36 133580 c:\windows\system32\perfc013.dat - 2010-11-21 16:48 . 2012-09-05 07:16 133580 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-09-13 16:36 106412 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-09-05 07:16 106412 c:\windows\system32\perfc009.dat - 2009-07-14 04:45 . 2012-09-13 15:35 7083571 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-09-14 09:10 7083571 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Registry Mechanic"="c:\users\Dasjka\Desktop\rminstall_RevenueWire207_10.0.1.140.exe" [bU] "Spotify Web Helper"="c:\users\Dasjka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 1192664] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-27 896400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [bU] "USBestCR"="c:\program files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 7377920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 HMFAxCore49faa33f15a1ac700ece463855b34160;HMFAxCore49faa33f15a1ac700ece463855b34160;c:\windows\system32\drivers\HMFAxCore49faa33f15a1ac700ece463855b34160.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-09-15 60288] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotcore3.sys [2008-01-21 36368] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe [x] S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-18 96768] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Inhoud van de 'Gedeelde Taken' map . 2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 22:29] . 2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000Core.job - c:\users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57] . 2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000UA.job - c:\users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USBestCR"="c:\program files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 7377920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 195.130.131.131 FF - ProfilePath - c:\users\Dasjka\AppData\Roaming\Mozilla\Firefox\Profiles\4oxvarww.default\ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2723141858-125272428-662678617-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2723141858-125272428-662678617-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Voltooingstijd: 2012-09-14 11:14:14 - machine werd herstart ComboFix-quarantined-files.txt 2012-09-14 09:14 ComboFix2.txt 2012-09-13 16:18 . Pre-Run: 287.978.958.848 bytes beschikbaar Post-Run: 287.669.080.064 bytes beschikbaar . - - End Of File - - 6011D360C04A25C34513540B7FBDE6B3
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.