dasjka
-
Items
26 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door dasjka
-
Het is gefixt, heb windows 7 opnieuw geïnstalleerd. Toch bedankt voor de hulp, tof dat jullie er zoveel tijd en werk in steken, chapeau!! Dus nog ne dikke merci, en ik weet waar ik de volgende keer moet zijn met m'n pc-probs:D
-
Sterker nog, heb net nog gecheckt, nu is er geen systeemherstelpunt meer? Ik kan het allemaal niet meer volgen.
-
Nee, helaas niet...
-
Nee, geloof mij, ik spring eerst een gat in de lucht en daarna kom ik het hier met veel enthousiasme verkondigen:-)
-
ComboFix 12-09-16.01 - Dasjka 17/09/2012 13:23:57.2.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1506 [GMT 2:00] Gestart vanuit: C:\Users\Dasjka\Desktop\ComboFix.exe gebruikte Opdracht switches :: C:\Users\Dasjka\Desktop\CFScript.txt AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\found.000 C:\found.000\file0000.chk C:\ProgramData\InstallMate C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\_Setup.dll C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.exe C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.ico C:\ProgramData\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\TsuDll.dll C:\ProgramData\InstallMate\7AC35F52\cfg\1.ini C:\ProgramData\InstallMate\7AC35F52\cfg\2.ini C:\ProgramData\InstallMate\7AC35F52\cfg\2_1.ini C:\ProgramData\InstallMate\7AC35F52\cfg\4.ini C:\ProgramData\InstallMate\7AC35F52\cfg\4_1.ini C:\ProgramData\InstallMate\7AC35F52\cfg\5.ini C:\ProgramData\InstallMate\7AC35F52\cfg\6.ini C:\ProgramData\InstallMate\7AC35F52\cfg\7.ini C:\ProgramData\InstallMate\7AC35F52\cfg\8.ini C:\ProgramData\InstallMate\7AC35F52\cfg\8_1.ini C:\ProgramData\InstallMate\7AC35F52\cfg\8_1_1.ini C:\ProgramData\InstallMate\E2A466DA\cfg\1.ini C:\ProgramData\InstallMate\E2A466DA\cfg\2.ini C:\ProgramData\InstallMate\E2A466DA\cfg\2_1.ini C:\ProgramData\InstallMate\E2A466DA\cfg\4.ini C:\ProgramData\InstallMate\E2A466DA\cfg\4_1.ini C:\ProgramData\InstallMate\E2A466DA\cfg\5.ini C:\ProgramData\InstallMate\E2A466DA\cfg\6.ini C:\ProgramData\InstallMate\E2A466DA\cfg\7.ini C:\ProgramData\InstallMate\E2A466DA\cfg\8.ini C:\ProgramData\InstallMate\E2A466DA\cfg\8_1.ini C:\ProgramData\OptimizerPro1 ---- Voorgaande Run ------- C:\ProgramData\Bcool\settings.ini C:\ProgramData\Bcool\uninstall.exe C:\Windows\SysWow64\Packet.dll C:\Windows\SysWow64\reghmf.exe C:\Windows\SysWow64\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF (((((((((((((((((((( Bestanden Gemaakt van 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))) 2012-09-17 11:29:19 . 2012-09-17 11:29:19 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2012-09-17 11:29:19 . 2012-09-17 11:29:19 -------- d-----w- C:\Users\UpdatusUser.Dasjka-PC\AppData\Local\temp 2012-09-17 11:29:19 . 2012-09-17 11:29:19 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2012-09-17 11:29:19 . 2012-09-17 11:29:19 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-09-17 09:26:49 . 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-16 13:03:16 . 2012-09-16 13:27:10 -------- d-----w- C:\Users\Dasjka\DoctorWeb 2012-09-16 12:05:42 . 2012-09-16 12:05:42 119808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll 2012-09-16 12:05:38 . 2012-09-16 12:05:38 -------- d-----w- C:\Program Files (x86)\Google 2012-09-16 11:25:12 . 2012-09-16 11:25:12 -------- d-----w- C:\Temp 2012-09-16 08:39:27 . 2012-09-16 08:39:27 -------- d-----w- C:\Windows\system32\drivers\N360x64 2012-09-15 18:27:42 . 2012-09-15 18:27:42 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\ImgBurn 2012-09-15 18:20:51 . 2012-09-15 18:20:51 -------- d-----w- C:\Program Files (x86)\ImgBurn 2012-09-15 13:03:51 . 2012-08-21 09:12:02 285328 ----a-w- C:\Windows\system32\aswBoot.exe 2012-09-15 13:03:29 . 2012-09-15 13:03:29 -------- d-----w- C:\Program Files\AVAST Software 2012-09-14 19:28:30 . 2012-09-14 19:28:30 -------- d-----w- C:\ProgramData\Lavasoft 2012-09-14 19:28:30 . 2012-09-14 19:28:30 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2012-09-14 19:28:07 . 2012-09-14 19:28:07 -------- d-----w- C:\Users\Dasjka\AppData\Local\adawarebp 2012-09-14 19:28:06 . 2012-09-15 11:36:22 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-09-14 19:27:39 . 2012-09-15 11:36:26 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2012-09-14 19:27:37 . 2012-09-15 11:36:46 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-09-14 19:27:13 . 2012-09-14 19:27:18 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\Ad-Aware Antivirus 2012-09-14 19:15:31 . 2012-09-15 11:36:21 -------- d-----w- C:\ProgramData\HitmanPro 2012-09-14 18:43:40 . 2012-09-14 18:43:40 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\Sammsoft 2012-09-14 18:43:26 . 2012-09-15 11:36:32 -------- d-----w- C:\Program Files (x86)\MemTurbo 4 2012-09-14 18:43:21 . 2012-09-15 11:36:37 -------- d-----w- C:\Program Files (x86)\ARO 2012 2012-09-14 18:07:31 . 2012-09-15 11:36:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-09-14 18:07:00 . 2012-09-15 11:36:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2012-09-14 13:58:41 . 2012-09-14 18:48:54 -------- d-----w- C:\Users\dasjka_2 2012-09-13 09:59:03 . 2012-09-17 09:26:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-12 14:32:22 . 2012-09-16 08:37:24 -------- d-----w- C:\ProgramData\AVAST Software 2012-09-12 13:05:45 . 2012-09-15 07:58:00 -------- d-----w- C:\Users\Dasjka\AppData\Local\Htc 2012-09-12 13:05:37 . 2012-09-12 13:05:48 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\HTC 2012-09-12 11:54:20 . 2012-09-12 11:54:20 -------- d-----w- C:\ProgramData\PCSettings 2012-09-11 09:33:29 . 2012-09-11 09:43:15 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard 2012-09-11 09:28:17 . 2012-09-11 09:43:32 -------- d-----w- C:\Users\Dasjka\AppData\Local\NPE 2012-08-27 17:08:25 . 2012-09-15 11:37:00 -------- d-----w- C:\Program Files (x86)\YourFileDownloader 2012-08-27 11:49:45 . 2012-09-15 11:25:37 -------- d-----w- C:\Users\Dasjka\bureaublad 2012-08-27 11:10:07 . 2012-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-08-26 23:11:51 . 2012-08-26 23:11:51 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2012-08-26 22:46:55 . 2012-09-15 18:54:43 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\uTorrent 2012-08-26 22:44:15 . 2012-08-26 22:45:47 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\.Tribler 2012-08-26 22:31:44 . 2012-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\smartdl . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-08-15 08:13:38 . 2012-01-04 13:47:45 62134624 ----a-w- C:\Windows\system32\MRT.exe 2012-08-14 22:29:14 . 2012-07-29 08:02:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:29:14 . 2012-02-11 09:23:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15:06 . 2012-08-14 20:57:01 3148800 ----a-w- C:\Windows\system32\win32k.sys 2012-07-04 22:16:43 . 2012-08-14 20:57:02 73216 ----a-w- C:\Windows\system32\netapi32.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 59392 ----a-w- C:\Windows\system32\browcli.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 136704 ----a-w- C:\Windows\system32\browser.dll 2012-07-04 21:14:34 . 2012-08-14 20:57:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-07-03 18:56:30 . 2012-07-03 18:56:30 73728 ----a-w- C:\Windows\SysWow64\afasrv64.exe 2012-06-29 04:55:23 . 2012-08-15 08:17:47 17809920 ----a-w- C:\Windows\system32\mshtml.dll 2012-06-29 04:09:35 . 2012-08-15 08:17:46 10925568 ----a-w- C:\Windows\system32\ieframe.dll 2012-06-29 04:01:35 . 2012-06-29 04:01:35 704136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-29 03:56:34 . 2012-08-15 08:17:53 2312704 ----a-w- C:\Windows\system32\jscript9.dll 2012-06-29 03:49:57 . 2012-08-15 08:17:55 1346048 ----a-w- C:\Windows\system32\urlmon.dll 2012-06-29 03:49:11 . 2012-08-15 08:17:52 1392128 ----a-w- C:\Windows\system32\wininet.dll 2012-06-29 03:48:07 . 2012-08-15 08:17:53 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl 2012-06-29 03:47:35 . 2012-08-15 08:17:55 237056 ----a-w- C:\Windows\system32\url.dll 2012-06-29 03:45:55 . 2012-08-15 08:17:52 85504 ----a-w- C:\Windows\system32\jsproxy.dll 2012-06-29 03:44:51 . 2012-08-15 08:17:50 816640 ----a-w- C:\Windows\system32\jscript.dll 2012-06-29 03:43:49 . 2012-08-15 08:17:54 173056 ----a-w- C:\Windows\system32\ieUnatt.exe 2012-06-29 03:42:23 . 2012-08-15 08:17:55 2144768 ----a-w- C:\Windows\system32\iertutil.dll 2012-06-29 03:40:11 . 2012-08-15 08:17:57 96768 ----a-w- C:\Windows\system32\mshtmled.dll 2012-06-29 03:39:48 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-06-29 03:35:21 . 2012-08-15 08:17:54 248320 ----a-w- C:\Windows\system32\ieui.dll 2012-06-29 00:16:58 . 2012-08-15 08:17:52 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 . 2012-08-15 08:17:53 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 . 2012-08-15 08:17:53 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 . 2012-08-15 08:17:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-25 14:04:24 . 2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. [7] 2010-11-21 03:24:29 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [-] 2010-08-14 09:37:49 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\winlogon.exe [7] 2010-11-21 03:24:09 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-01-04 14:23:58 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\system32\user32.dll [-] 2012-01-04 14:23:57 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\SysWOW64\user32.dll [7] 2010-11-21 03:24:20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 10:30:40 59240] "Registry Mechanic"="C:\Users\Dasjka\Desktop\rminstall_RevenueWire207_10.0.1.140.exe" [2012-05-01 09:53:02 511968] "Norton Download Manager{N360P201102-SHPD-FSD31014}"="C:\Users\Public\Downloads\Norton\{N360P201102-SHPD-FSD31014}\N360Downloader (2).exe" [2012-09-16 08:35:04 916136] "uTorrent"="C:\Program Files (x86)\uTorrent\uTorrent.exe" [2012-08-27 11:10:07 896400] "Spotify Web Helper"="C:\Users\Dasjka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 07:06:59 1192664] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040] "APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 18:06:18 59280] "ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 17:17:52 207424] "beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" [bU] "USBestCR"="C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 18:56:31 7377920] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 09:07:54 252296] "QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2012-04-18 18:56:22 421888] "iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 17:33:22 421776] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 20:51:26 919008] "Salling Media Sync"="C:\Program Files (x86)\Salling Software AB\Salling Media Sync\Salling Media Sync.exe" [2011-01-07 13:55:14 333512] "Google Desktop Search"="C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" [2012-09-16 12:05:39 30192] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Dasjka\AppData\Local\Temp\Rar$EX58.400\Run\a2ddax64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576] R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 22:29:16 250056] R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 03:23:48 71168] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-09-16 12:05:39 30192] R3 HMFAxCore49faa33f15a1ac700ece463855b34160;HMFAxCore49faa33f15a1ac700ece463855b34160;C:\Windows\system32\drivers\HMFAxCore49faa33f15a1ac700ece463855b34160.sys [x] R3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 16:16:50 33736] R3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys [2010-06-25 15:08:10 36928] R3 MHIKEY10;MHIKEY10;C:\Windows\system32\Drivers\MHIKEY10x64.sys [2010-09-15 06:46:14 60288] R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys [2011-08-02 16:38:44 22528] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-21 03:24:43 20992] R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [2010-11-21 03:23:48 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [2010-11-21 03:23:48 34816] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232] R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 03:23:48 117248] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [2012-02-15 09:01:50 52736] R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x] S0 hotcore3;hotcore3;C:\Windows\SysWOW64\drivers\hotcore3.sys [2008-01-21 16:43:42 36368] S0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys [2011-12-01 10:42:44 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 10:42:44 15920] S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 20:51:26 63960] S2 AfaService;Afa Card Reader Service;C:\Windows\system32\afasrv64.exe [x] S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-18 11:15:06 96768] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 15:04:46 399432] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 15:04:46 676936] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 04:13:00 2348352] S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 12:25:24 87040] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 19:05:32 382272] S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-09-07 15:04:46 25928] S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 20:35:36 867328] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 20:32:37 1627520] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920] Inhoud van de 'Gedeelde Taken' map 2012-09-16 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 08:02:26 . 2012-08-14 22:29:16] 2012-09-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000Core.job - C:\Users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57:16 . 2012-08-07 11:57:15] 2012-09-12 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000UA.job - C:\Users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57:16 . 2012-08-07 11:57:15] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USBestCR"="C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 18:56:31 7377920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 ------- Bijkomende Scan ------- uStart Page = hxxp://www.google.nl/ mLocal Page = C:\Windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 195.130.131.131 FF - ProfilePath - C:\Users\Dasjka\AppData\Roaming\Mozilla\Firefox\Profiles\4oxvarww.default\ - - - - ORPHANS VERWIJDERD - - - - Toolbar-10 - (no file) Wow6432Node-HKLM-Run-DATAMNGR - C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE Toolbar-10 - (no file) HKLM-Run-combofix - C:\ComboFix\CF3403.3XE Ok, wat nu? Zal ik de rest ook opnieuw doen of terug stap voor stap? Ik hoop echt dat dit opgelost geraakt, zeker omdat er dringende betalingen zijn ondertussen, maar durf dit niet meteen te doen, of zou dit kunnen in veilige modus zonder probs?
-
Ok, ik heb dus ontdekt dat de pc naar een eerder herstelpunt is teruggebracht. Wanneer dit moge geweest zijn, ik weet het niet, maar ik ben helaas ook niet de enige die hier rondloopt... Ik heb de beginstappen opnieuw doorgelopen en alles zoals u al aangaf gedaan. Tot aan combofix. Ik heb daar een log van, zou je daar nog eens naar willen kijken aub? ComboFix 12-09-16.01 - Dasjka 17/09/2012 12:12:59.1.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1037 [GMT 2:00] Gestart vanuit: C:\Users\Dasjka\Desktop\ComboFix.exe AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\Bcool C:\ProgramData\Bcool\settings.ini C:\ProgramData\Bcool\uninstall.exe C:\Windows\SysWow64\Packet.dll C:\Windows\SysWow64\reghmf.exe C:\Windows\SysWow64\wpcap.dll ---- Voorgaande Run ------- C:\found.000\file0000.chk C:\found.001\file0000.chk C:\found.002\file0000.chk C:\found.003\dir0000.chk\dir0000.chk\31E.tmp C:\found.003\dir0000.chk\dir0000.chk\32F.tmp C:\found.003\dir0000.chk\dir0000.chk\330.tmp C:\found.003\dir0000.chk\dir0000.chk\331.tmp C:\found.003\dir0000.chk\dir0000.chk\341.tmp C:\found.003\dir0000.chk\dir0000.chk\342.tmp C:\found.003\dir0000.chk\dir0000.chk\343.tmp C:\found.003\dir0000.chk\dir0000.chk\354.tmp C:\found.003\dir0000.chk\dir0000.chk\355.tmp C:\found.003\dir0000.chk\dir0000.chk\356.tmp C:\found.003\dir0000.chk\dir0000.chk\366.tmp C:\found.003\dir0000.chk\dir0000.chk\367.tmp C:\found.003\dir0000.chk\dir0001.chk\Local State C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADB.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADC.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADD.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAEE.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAEF.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAF0.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB00.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB01.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB02.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB03.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB14.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB15.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB16.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB27.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB28.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB29.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB2A.tmp C:\found.003\dir0000.chk\file0000.chk C:\found.003\dir0000.chk\file0001.chk C:\found.004\dir0000.chk\F114.tmp C:\found.004\dir0000.chk\F125.tmp C:\found.004\dir0000.chk\F126.tmp C:\found.004\dir0000.chk\F136.tmp C:\found.004\dir0000.chk\F137.tmp C:\found.004\dir0000.chk\F148.tmp C:\found.004\dir0000.chk\F149.tmp C:\found.004\dir0000.chk\F15A.tmp C:\found.004\dir0000.chk\F15B.tmp C:\found.004\dir0001.chk\39AA.tmp C:\found.004\dir0001.chk\F9D0.tmp C:\found.004\dir0001.chk\F9D1.tmp C:\found.004\dir0001.chk\F9D2.tmp C:\found.004\dir0001.chk\F9E3.tmp C:\found.004\dir0001.chk\F9E4.tmp C:\found.004\dir0001.chk\F9F4.tmp C:\found.004\dir0001.chk\F9F6.tmp C:\found.004\dir0001.chk\FA07.tmp C:\found.004\dir0001.chk\FA08.tmp C:\found.004\dir0001.chk\FA19.tmp C:\found.004\dir0001.chk\FA1A.tmp C:\found.004\dir0001.chk\FA1B.tmp C:\found.004\dir0001.chk\FA2B.tmp C:\found.004\dir0001.chk\FA2C.tmp C:\found.004\dir0002.chk\JumpListIcons\7BE3.tmp C:\found.004\dir0002.chk\JumpListIcons\7BE4.tmp C:\found.004\dir0002.chk\JumpListIcons\7BF4.tmp C:\found.004\dir0002.chk\JumpListIcons\7BF5.tmp C:\found.004\dir0002.chk\JumpListIcons\7C06.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E1C.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E1D.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2D.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2E.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2F.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E40.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E41.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E52.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E53.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E54.tmp C:\found.004\dir0002.chk\Managed Mode Settings c:\program files (x86)\SweetIM\Messenger\default.xml c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png c:\program files (x86)\YourFileDownloader\Downloader.exe c:\program files (x86)\YourFileDownloader\htmlayout.dll c:\program files (x86)\YourFileDownloader\uninstall.exe c:\program files (x86)\YourFileDownloader\YourFile.exe c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\_Setup.dll c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.exe c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.ico c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\TsuDll.dll c:\programdata\InstallMate\7AC35F52\cfg\1.ini c:\programdata\InstallMate\7AC35F52\cfg\2.ini c:\programdata\InstallMate\7AC35F52\cfg\2_1.ini c:\programdata\InstallMate\7AC35F52\cfg\4.ini c:\programdata\InstallMate\7AC35F52\cfg\4_1.ini c:\programdata\InstallMate\7AC35F52\cfg\5.ini c:\programdata\InstallMate\7AC35F52\cfg\6.ini c:\programdata\InstallMate\7AC35F52\cfg\7.ini c:\programdata\InstallMate\7AC35F52\cfg\8.ini c:\programdata\InstallMate\7AC35F52\cfg\8_1.ini c:\programdata\InstallMate\7AC35F52\cfg\8_1_1.ini c:\programdata\InstallMate\E2A466DA\cfg\1.ini c:\programdata\InstallMate\E2A466DA\cfg\2.ini c:\programdata\InstallMate\E2A466DA\cfg\2_1.ini c:\programdata\InstallMate\E2A466DA\cfg\4.ini c:\programdata\InstallMate\E2A466DA\cfg\4_1.ini c:\programdata\InstallMate\E2A466DA\cfg\5.ini c:\programdata\InstallMate\E2A466DA\cfg\6.ini c:\programdata\InstallMate\E2A466DA\cfg\7.ini c:\programdata\InstallMate\E2A466DA\cfg\8.ini c:\programdata\InstallMate\E2A466DA\cfg\8_1.ini c:\programdata\SweetIM\Communicator\conf\communicator.xml c:\programdata\SweetIM\Messenger\conf\adapter.xml c:\programdata\SweetIM\Messenger\conf\autoupdate.xml c:\programdata\SweetIM\Messenger\conf\contentpackages.xml c:\programdata\SweetIM\Messenger\conf\logger.xml c:\programdata\SweetIM\Messenger\conf\messages.xml c:\programdata\SweetIM\Messenger\conf\sweetim.xml c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.swf c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat c:\programdata\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm c:\programdata\SweetIM\Messenger\data\packages\FailDialog\close_but.gif c:\programdata\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF (((((((((((((((((((( Bestanden Gemaakt van 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))) 2012-09-17 10:16:45 . 2012-09-17 10:16:45 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2012-09-17 10:16:45 . 2012-09-17 10:16:45 -------- d-----w- C:\Users\UpdatusUser.Dasjka-PC\AppData\Local\temp 2012-09-17 10:16:45 . 2012-09-17 10:16:45 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2012-09-17 10:16:45 . 2012-09-17 10:16:45 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-09-17 09:26:49 . 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-16 13:03:16 . 2012-09-16 13:27:10 -------- d-----w- C:\Users\Dasjka\DoctorWeb 2012-09-16 12:05:42 . 2012-09-16 12:05:42 119808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\GoogleDesktopMozilla.dll 2012-09-16 12:05:38 . 2012-09-16 12:05:38 -------- d-----w- C:\Program Files (x86)\Google 2012-09-16 11:25:12 . 2012-09-16 11:25:12 -------- d-----w- C:\Temp 2012-09-16 10:15:59 . 2012-09-16 10:15:59 -------- d-----w- C:\found.000 2012-09-16 08:39:27 . 2012-09-16 08:39:27 -------- d-----w- C:\Windows\system32\drivers\N360x64 2012-09-15 18:27:42 . 2012-09-15 18:27:42 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\ImgBurn 2012-09-15 18:20:51 . 2012-09-15 18:20:51 -------- d-----w- C:\Program Files (x86)\ImgBurn 2012-09-15 13:03:51 . 2012-08-21 09:12:02 285328 ----a-w- C:\Windows\system32\aswBoot.exe 2012-09-15 13:03:29 . 2012-09-15 13:03:29 -------- d-----w- C:\Program Files\AVAST Software 2012-09-14 19:28:30 . 2012-09-14 19:28:30 -------- d-----w- C:\ProgramData\Lavasoft 2012-09-14 19:28:30 . 2012-09-14 19:28:30 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus 2012-09-14 19:28:07 . 2012-09-14 19:28:07 -------- d-----w- C:\Users\Dasjka\AppData\Local\adawarebp 2012-09-14 19:28:06 . 2012-09-15 11:36:22 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection 2012-09-14 19:27:39 . 2012-09-15 11:36:26 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner 2012-09-14 19:27:37 . 2012-09-15 11:36:46 -------- d-----w- C:\Program Files (x86)\adawaretb 2012-09-14 19:27:13 . 2012-09-14 19:27:18 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\Ad-Aware Antivirus 2012-09-14 19:15:31 . 2012-09-15 11:36:21 -------- d-----w- C:\ProgramData\HitmanPro 2012-09-14 18:43:40 . 2012-09-14 18:43:40 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\Sammsoft 2012-09-14 18:43:26 . 2012-09-15 11:36:32 -------- d-----w- C:\Program Files (x86)\MemTurbo 4 2012-09-14 18:43:21 . 2012-09-15 11:36:37 -------- d-----w- C:\Program Files (x86)\ARO 2012 2012-09-14 18:07:31 . 2012-09-15 11:36:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-09-14 18:07:00 . 2012-09-15 11:36:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2 2012-09-14 13:58:41 . 2012-09-14 18:48:54 -------- d-----w- C:\Users\dasjka_2 2012-09-13 09:59:03 . 2012-09-17 09:26:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-12 14:32:22 . 2012-09-16 08:37:24 -------- d-----w- C:\ProgramData\AVAST Software 2012-09-12 13:05:45 . 2012-09-15 07:58:00 -------- d-----w- C:\Users\Dasjka\AppData\Local\Htc 2012-09-12 13:05:37 . 2012-09-12 13:05:48 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\HTC 2012-09-12 11:54:20 . 2012-09-12 11:54:20 -------- d-----w- C:\ProgramData\PCSettings 2012-09-11 09:33:29 . 2012-09-11 09:43:15 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard 2012-09-11 09:28:17 . 2012-09-11 09:43:32 -------- d-----w- C:\Users\Dasjka\AppData\Local\NPE 2012-08-27 17:08:25 . 2012-09-15 11:37:00 -------- d-----w- C:\Program Files (x86)\YourFileDownloader 2012-08-27 11:49:45 . 2012-09-15 11:25:37 -------- d-----w- C:\Users\Dasjka\bureaublad 2012-08-27 11:10:07 . 2012-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-08-27 10:55:34 . 2012-09-17 09:29:54 -------- d-----w- C:\ProgramData\OptimizerPro1 2012-08-27 10:53:52 . 2012-09-15 11:37:03 -------- d-----w- C:\ProgramData\InstallMate 2012-08-26 23:11:51 . 2012-08-26 23:11:51 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2012-08-26 22:46:55 . 2012-09-15 18:54:43 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\uTorrent 2012-08-26 22:44:15 . 2012-08-26 22:45:47 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\.Tribler 2012-08-26 22:31:44 . 2012-09-15 11:36:59 -------- d-----w- C:\Program Files (x86)\smartdl . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-08-15 08:13:38 . 2012-01-04 13:47:45 62134624 ----a-w- C:\Windows\system32\MRT.exe 2012-08-14 22:29:14 . 2012-07-29 08:02:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:29:14 . 2012-02-11 09:23:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15:06 . 2012-08-14 20:57:01 3148800 ----a-w- C:\Windows\system32\win32k.sys 2012-07-04 22:16:43 . 2012-08-14 20:57:02 73216 ----a-w- C:\Windows\system32\netapi32.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 59392 ----a-w- C:\Windows\system32\browcli.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 136704 ----a-w- C:\Windows\system32\browser.dll 2012-07-04 21:14:34 . 2012-08-14 20:57:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-07-03 18:56:30 . 2012-07-03 18:56:30 73728 ----a-w- C:\Windows\SysWow64\afasrv64.exe 2012-06-29 04:55:23 . 2012-08-15 08:17:47 17809920 ----a-w- C:\Windows\system32\mshtml.dll 2012-06-29 04:09:35 . 2012-08-15 08:17:46 10925568 ----a-w- C:\Windows\system32\ieframe.dll 2012-06-29 04:01:35 . 2012-06-29 04:01:35 704136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-29 03:56:34 . 2012-08-15 08:17:53 2312704 ----a-w- C:\Windows\system32\jscript9.dll 2012-06-29 03:49:57 . 2012-08-15 08:17:55 1346048 ----a-w- C:\Windows\system32\urlmon.dll 2012-06-29 03:49:11 . 2012-08-15 08:17:52 1392128 ----a-w- C:\Windows\system32\wininet.dll 2012-06-29 03:48:07 . 2012-08-15 08:17:53 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl 2012-06-29 03:47:35 . 2012-08-15 08:17:55 237056 ----a-w- C:\Windows\system32\url.dll 2012-06-29 03:45:55 . 2012-08-15 08:17:52 85504 ----a-w- C:\Windows\system32\jsproxy.dll 2012-06-29 03:44:51 . 2012-08-15 08:17:50 816640 ----a-w- C:\Windows\system32\jscript.dll 2012-06-29 03:43:49 . 2012-08-15 08:17:54 173056 ----a-w- C:\Windows\system32\ieUnatt.exe 2012-06-29 03:42:23 . 2012-08-15 08:17:55 2144768 ----a-w- C:\Windows\system32\iertutil.dll 2012-06-29 03:40:11 . 2012-08-15 08:17:57 96768 ----a-w- C:\Windows\system32\mshtmled.dll 2012-06-29 03:39:48 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-06-29 03:35:21 . 2012-08-15 08:17:54 248320 ----a-w- C:\Windows\system32\ieui.dll 2012-06-29 00:16:58 . 2012-08-15 08:17:52 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 . 2012-08-15 08:17:53 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 . 2012-08-15 08:17:53 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 . 2012-08-15 08:17:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-25 14:04:24 . 2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
-
Nee, nog niks opgeleverd, maar, hij heeft een aantal zaken niet verwijderd of verplaatst: OptimizerPro1.exe;C:\Documents and Settings\All Users\Application Data\OptimizerPro1;Program.Unwanted.6;; OptimizerPro1.exe;C:\Documents and Settings\All Users\OptimizerPro1;Program.Unwanted.6;; speedupmypc.exe;C:\Documents and Settings\Dasjka\Downloads;Program.Uniblue.8;; OptimizerPro1.exe;C:\ProgramData\OptimizerPro1;Program.Unwanted.6;; OptimizerPro1.exe;C:\Users\All Users\OptimizerPro1;Program.Unwanted.6;; speedupmypc.exe;C:\Users\Dasjka\Downloads;Program.Uniblue.8;; Wat hiermee doen?
-
Het heeft volgens mij bijna 4u geduurd, en er is toch wat zichtbaar precies... Log was in excel opgeslagen om de 1 of andere reden, heb het in kladblok proberen openen: browserconnection.dll;c:\program files (x86)\windows ilivid toolbar\datamngr\x64;Adware.Bandoo.4;Verwijderd.; datamngr.dll;c:\program files (x86)\windows ilivid toolbar\datamngr\x64;Adware.Bandoo.4;Niet repareerbaar.Verplaatst.; iebho.dll;c:\program files (x86)\windows ilivid toolbar\datamngr\x64;Adware.Bandoo.4;Verwijderd.; OptimizerPro1.exe;C:\Documents and Settings\All Users\Application Data\OptimizerPro1;Program.Unwanted.6;; OptimizerPro1.exe;C:\Documents and Settings\All Users\OptimizerPro1;Program.Unwanted.6;; SoftonicDownloader_voor_google-desktop.exe;C:\Documents and Settings\Dasjka\Desktop;Adware.Downware.451;Verplaatst.; datamngr.dll;C:\Documents and Settings\Dasjka\DoctorWeb\Quarantine;Adware.Bandoo.4;Verplaatst.; SoftonicDownloader_voor_google-desktop.exe;C:\Documents and Settings\Dasjka\DoctorWeb\Quarantine;Adware.Downware.451;Verplaatst.; DownloadManagerSetup.exe;C:\Documents and Settings\Dasjka\Downloads;Adware.InstallCore.53;Verplaatst.; DownloadSetup (1).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (2).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (3).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (4).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (5).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup (6).exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; DownloadSetup.exe;C:\Documents and Settings\Dasjka\Downloads;Adware.Downware.448;Verplaatst.; PDFReaderSetup.exe;C:\Documents and Settings\Dasjka\Downloads;Adware.InstallCore.38;Verplaatst.; speedupmypc.exe;C:\Documents and Settings\Dasjka\Downloads;Program.Uniblue.8;; cnet_ccsetup309_exe.exe;C:\Documents and Settings\Dasjka\Downloads\Downloads;Adware.InstallCore.2;Verplaatst.; mainpackfa.exe;C:\Program Files (x86)\1ClickDownload;Adware.Downware.380;Verplaatst.; DnsBHO.dll;C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64;Adware.Bandoo.4;Verplaatst.; OptimizerPro1.exe;C:\ProgramData\OptimizerPro1;Program.Unwanted.6;; OptimizerPro1.exe;C:\Users\All Users\OptimizerPro1;Program.Unwanted.6;; speedupmypc.exe;C:\Users\Dasjka\Downloads;Program.Uniblue.8;; cnet_ccsetup309_exe.exe;D:\Downloads;Adware.InstallCore.2;Verplaatst.; cnet_ccsetup309_exe.exe;D:\Karen\Downloads;Adware.InstallCore.2;Verplaatst.;
-
Emsisoft Emergency Kit - Versie 2.0 Laatste Update: 16/09/2012 12:39:49 Scaninstellingen: Scantype: Diepe scan Objecten: Rootkits, Geheugen, Sporen, C:\, D:\ Scan archieven: Aan ADS Scan: Aan Scan gestart: 16/09/2012 12:40:33 C:\torrent.exe Ontdekt: Riskware.Win32.BundleInstaller!E1 C:\Qoobox\Quarantine\C\ProgramData\Bcool\content.js.vir Ontdekt: JS.MultiPlug!E2 C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll Ontdekt: Adware.Win32.Yontoo.AMN!E1 C:\ProgramData\Bcool\content.js Ontdekt: JS.MultiPlug!E2 C:\Program Files (x86)\Yontoo\YontooIEClient.dll Ontdekt: Adware.Win32.Yontoo.AMN!E1 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Ontdekt: Riskware.Win32.Toolbar.SearchSuite.AMN!E1 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Ontdekt: Riskware.Win32.Toolbar.SearchSuite.AMN!E1 Gescand 610238 Gevonden 7 Scan geëindigd: 16/09/2012 13:25:07 Scantijd: 0:44:34 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll Verwijderd Riskware.Win32.Toolbar.SearchSuite.AMN!E1 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe Verwijderd Riskware.Win32.Toolbar.SearchSuite.AMN!E1 C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll Verwijderd Adware.Win32.Yontoo.AMN!E1 C:\Program Files (x86)\Yontoo\YontooIEClient.dll Verwijderd Adware.Win32.Yontoo.AMN!E1 C:\Qoobox\Quarantine\C\ProgramData\Bcool\content.js.vir Verwijderd JS.MultiPlug!E2 C:\ProgramData\Bcool\content.js Verwijderd JS.MultiPlug!E2 C:\torrent.exe Verwijderd Riskware.Win32.BundleInstaller!E1 Verwijderd 7
-
Net kon ik de pc niet meer in veilige modus opstarten. Wel 'systeemherstel', wat naderhand een boodschap gaf dat het systeemvolume beschadigd is. Daarna wel veilige modus, maar bleef hangen. Na veel pogingen er toch terug in geraakt. Ik ga proberen het bovenstaande uit te voeren, maar bij herstarten pc heb ik een beetje bang dat het niet meer al te lang gaat duren vooraleer veilige modus niet meer gaat lukken en dan is het einde verhaal natuurlijk.
-
Lukt ook niet. Heb geprobeerd met een herstel-cd van windows 7, maar vindt geen problemen... Ik weet niet meer wat te doen, zou er evt toch een virus verscholen kunnen zitten?
-
Zijn er nog opties die ik kan proberen?
-
Neen, helaas niet...
-
ComboFix 12-09-13.03 - Dasjka 14/09/2012 12:27:15.6.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1258 [GMT 2:00] Gestart vanuit: C:\Users\Dasjka\Downloads\ComboFix.exe gebruikte Opdracht switches :: C:\Users\Dasjka\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\found.000 C:\found.000\file0000.chk C:\found.001 C:\found.001\file0000.chk C:\found.002 C:\found.002\file0000.chk C:\found.003 C:\found.003\dir0000.chk\dir0000.chk\31E.tmp C:\found.003\dir0000.chk\dir0000.chk\32F.tmp C:\found.003\dir0000.chk\dir0000.chk\330.tmp C:\found.003\dir0000.chk\dir0000.chk\331.tmp C:\found.003\dir0000.chk\dir0000.chk\341.tmp C:\found.003\dir0000.chk\dir0000.chk\342.tmp C:\found.003\dir0000.chk\dir0000.chk\343.tmp C:\found.003\dir0000.chk\dir0000.chk\354.tmp C:\found.003\dir0000.chk\dir0000.chk\355.tmp C:\found.003\dir0000.chk\dir0000.chk\356.tmp C:\found.003\dir0000.chk\dir0000.chk\366.tmp C:\found.003\dir0000.chk\dir0000.chk\367.tmp C:\found.003\dir0000.chk\dir0001.chk\Local State C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADB.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADC.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FADD.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAEE.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAEF.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FAF0.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB00.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB01.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB02.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB03.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB14.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB15.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB16.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB27.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB28.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB29.tmp C:\found.003\dir0000.chk\dir0002.chk\JumpListIcons\FB2A.tmp C:\found.003\dir0000.chk\file0000.chk C:\found.003\dir0000.chk\file0001.chk C:\found.004 C:\found.004\dir0000.chk\F114.tmp C:\found.004\dir0000.chk\F125.tmp C:\found.004\dir0000.chk\F126.tmp C:\found.004\dir0000.chk\F136.tmp C:\found.004\dir0000.chk\F137.tmp C:\found.004\dir0000.chk\F148.tmp C:\found.004\dir0000.chk\F149.tmp C:\found.004\dir0000.chk\F15A.tmp C:\found.004\dir0000.chk\F15B.tmp C:\found.004\dir0001.chk\39AA.tmp C:\found.004\dir0001.chk\F9D0.tmp C:\found.004\dir0001.chk\F9D1.tmp C:\found.004\dir0001.chk\F9D2.tmp C:\found.004\dir0001.chk\F9E3.tmp C:\found.004\dir0001.chk\F9E4.tmp C:\found.004\dir0001.chk\F9F4.tmp C:\found.004\dir0001.chk\F9F6.tmp C:\found.004\dir0001.chk\FA07.tmp C:\found.004\dir0001.chk\FA08.tmp C:\found.004\dir0001.chk\FA19.tmp C:\found.004\dir0001.chk\FA1A.tmp C:\found.004\dir0001.chk\FA1B.tmp C:\found.004\dir0001.chk\FA2B.tmp C:\found.004\dir0001.chk\FA2C.tmp C:\found.004\dir0002.chk\JumpListIcons\7BE3.tmp C:\found.004\dir0002.chk\JumpListIcons\7BE4.tmp C:\found.004\dir0002.chk\JumpListIcons\7BF4.tmp C:\found.004\dir0002.chk\JumpListIcons\7BF5.tmp C:\found.004\dir0002.chk\JumpListIcons\7C06.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E1C.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E1D.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2D.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2E.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E2F.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E40.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E41.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E52.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E53.tmp C:\found.004\dir0002.chk\JumpListIconsOld\6E54.tmp C:\found.004\dir0002.chk\Managed Mode Settings c:\program files (x86)\SweetIM c:\program files (x86)\SweetIM\Messenger\default.xml c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png c:\program files (x86)\YourFileDownloader c:\program files (x86)\YourFileDownloader\Downloader.exe c:\program files (x86)\YourFileDownloader\htmlayout.dll c:\program files (x86)\YourFileDownloader\uninstall.exe c:\program files (x86)\YourFileDownloader\YourFile.exe c:\programdata\InstallMate c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\_Setup.dll c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.exe c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\Setup.ico c:\programdata\InstallMate\{0E931A51-A183-4E66-8562-D82896E74C67}\TsuDll.dll c:\programdata\InstallMate\7AC35F52\cfg\1.ini c:\programdata\InstallMate\7AC35F52\cfg\2.ini c:\programdata\InstallMate\7AC35F52\cfg\2_1.ini c:\programdata\InstallMate\7AC35F52\cfg\4.ini c:\programdata\InstallMate\7AC35F52\cfg\4_1.ini c:\programdata\InstallMate\7AC35F52\cfg\5.ini c:\programdata\InstallMate\7AC35F52\cfg\6.ini c:\programdata\InstallMate\7AC35F52\cfg\7.ini c:\programdata\InstallMate\7AC35F52\cfg\8.ini c:\programdata\InstallMate\7AC35F52\cfg\8_1.ini c:\programdata\InstallMate\7AC35F52\cfg\8_1_1.ini c:\programdata\InstallMate\E2A466DA\cfg\1.ini c:\programdata\InstallMate\E2A466DA\cfg\2.ini c:\programdata\InstallMate\E2A466DA\cfg\2_1.ini c:\programdata\InstallMate\E2A466DA\cfg\4.ini c:\programdata\InstallMate\E2A466DA\cfg\4_1.ini c:\programdata\InstallMate\E2A466DA\cfg\5.ini c:\programdata\InstallMate\E2A466DA\cfg\6.ini c:\programdata\InstallMate\E2A466DA\cfg\7.ini c:\programdata\InstallMate\E2A466DA\cfg\8.ini c:\programdata\InstallMate\E2A466DA\cfg\8_1.ini c:\programdata\OptimizerPro1 c:\programdata\SweetIM c:\programdata\SweetIM\Communicator\conf\communicator.xml c:\programdata\SweetIM\Messenger\conf\adapter.xml c:\programdata\SweetIM\Messenger\conf\autoupdate.xml c:\programdata\SweetIM\Messenger\conf\contentpackages.xml c:\programdata\SweetIM\Messenger\conf\logger.xml c:\programdata\SweetIM\Messenger\conf\messages.xml c:\programdata\SweetIM\Messenger\conf\sweetim.xml c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.swf c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat c:\programdata\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm c:\programdata\SweetIM\Messenger\data\packages\FailDialog\close_but.gif c:\programdata\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg c:\users\Dasjka\AppData\Roaming\YourFileDownloader (((((((((((((((((((( Bestanden Gemaakt van 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))) 2012-09-14 10:31:12 . 2012-09-14 10:31:12 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2012-09-14 10:31:12 . 2012-09-14 10:31:12 -------- d-----w- C:\Users\UpdatusUser.Dasjka-PC\AppData\Local\temp 2012-09-14 10:31:12 . 2012-09-14 10:31:12 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2012-09-14 10:31:12 . 2012-09-14 10:31:12 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-09-13 10:11:27 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-09-13 10:11:26 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys 2012-09-13 10:11:25 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll 2012-09-13 10:11:25 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-13 10:11:13 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-09-13 10:11:13 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-09-13 10:11:13 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-09-13 09:59:03 . 2012-09-13 09:59:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-13 09:59:03 . 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-09-12 14:32:22 . 2012-09-12 14:32:22 -------- d-----w- C:\ProgramData\AVAST Software 2012-09-12 13:05:45 . 2012-09-14 08:07:26 -------- d-----w- C:\Users\Dasjka\AppData\Local\Htc 2012-09-12 13:05:37 . 2012-09-12 13:05:48 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\HTC 2012-09-12 11:54:20 . 2012-09-12 11:54:20 -------- d-----w- C:\ProgramData\PCSettings 2012-09-11 09:33:29 . 2012-09-11 09:43:15 -------- d-----w- C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard 2012-09-11 09:28:17 . 2012-09-11 09:43:32 -------- d-----w- C:\Users\Dasjka\AppData\Local\NPE 2012-08-27 11:49:45 . 2012-09-13 08:13:11 -------- d-----w- C:\Users\Dasjka\bureaublad 2012-08-27 11:10:07 . 2012-09-13 08:14:38 -------- d-----w- C:\Program Files (x86)\uTorrent 2012-08-26 23:11:51 . 2012-08-26 23:11:51 -------- d-----w- C:\Program Files (x86)\Gophoto.it 2012-08-26 22:46:55 . 2012-09-14 08:08:12 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\uTorrent 2012-08-26 22:44:15 . 2012-08-26 22:45:47 -------- d-----w- C:\Users\Dasjka\AppData\Roaming\.Tribler 2012-08-26 22:31:44 . 2012-09-13 08:14:38 -------- d-----w- C:\Program Files (x86)\smartdl 2012-08-22 20:22:00 . 2012-08-22 20:22:00 209269 ----a-w- C:\torrent.exe . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-09-14 09:14:59 . 2012-01-04 13:47:45 64462936 ----a-w- C:\Windows\system32\MRT.exe 2012-08-14 22:29:14 . 2012-07-29 08:02:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:29:14 . 2012-02-11 09:23:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15:06 . 2012-08-14 20:57:01 3148800 ----a-w- C:\Windows\system32\win32k.sys 2012-07-04 22:16:43 . 2012-08-14 20:57:02 73216 ----a-w- C:\Windows\system32\netapi32.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 59392 ----a-w- C:\Windows\system32\browcli.dll 2012-07-04 22:13:27 . 2012-08-14 20:57:02 136704 ----a-w- C:\Windows\system32\browser.dll 2012-07-04 21:14:34 . 2012-08-14 20:57:02 41984 ----a-w- C:\Windows\SysWow64\browcli.dll 2012-07-03 18:56:30 . 2012-07-03 18:56:30 73728 ----a-w- C:\Windows\SysWow64\afasrv64.exe 2012-06-29 04:55:23 . 2012-08-15 08:17:47 17809920 ----a-w- C:\Windows\system32\mshtml.dll 2012-06-29 04:09:35 . 2012-08-15 08:17:46 10925568 ----a-w- C:\Windows\system32\ieframe.dll 2012-06-29 04:01:35 . 2012-06-29 04:01:35 704136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-29 03:56:34 . 2012-08-15 08:17:53 2312704 ----a-w- C:\Windows\system32\jscript9.dll 2012-06-29 03:49:57 . 2012-08-15 08:17:55 1346048 ----a-w- C:\Windows\system32\urlmon.dll 2012-06-29 03:49:11 . 2012-08-15 08:17:52 1392128 ----a-w- C:\Windows\system32\wininet.dll 2012-06-29 03:48:07 . 2012-08-15 08:17:53 1494528 ----a-w- C:\Windows\system32\inetcpl.cpl 2012-06-29 03:47:35 . 2012-08-15 08:17:55 237056 ----a-w- C:\Windows\system32\url.dll 2012-06-29 03:45:55 . 2012-08-15 08:17:52 85504 ----a-w- C:\Windows\system32\jsproxy.dll 2012-06-29 03:44:51 . 2012-08-15 08:17:50 816640 ----a-w- C:\Windows\system32\jscript.dll 2012-06-29 03:43:49 . 2012-08-15 08:17:54 173056 ----a-w- C:\Windows\system32\ieUnatt.exe 2012-06-29 03:42:23 . 2012-08-15 08:17:55 2144768 ----a-w- C:\Windows\system32\iertutil.dll 2012-06-29 03:40:11 . 2012-08-15 08:17:57 96768 ----a-w- C:\Windows\system32\mshtmled.dll 2012-06-29 03:39:48 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2012-06-29 03:35:21 . 2012-08-15 08:17:54 248320 ----a-w- C:\Windows\system32\ieui.dll 2012-06-29 00:16:58 . 2012-08-15 08:17:52 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-29 00:09:01 . 2012-08-15 08:17:53 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-29 00:08:59 . 2012-08-15 08:17:53 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-29 00:04:43 . 2012-08-15 08:17:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-29 00:00:45 . 2012-08-15 08:17:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-25 14:04:24 . 2012-06-25 14:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
-
Gevonden! Ja sorry, pc-leek ComboFix 12-09-13.03 - Dasjka 14/09/2012 11:01:25.5.2 - x64 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.2046.1461 [GMT 2:00] Gestart vanuit: c:\users\Dasjka\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))) . . 2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\UpdatusUser.Dasjka-PC\AppData\Local\temp 2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\Gast\AppData\Local\temp 2012-09-14 09:06 . 2012-09-14 09:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-13 09:59 . 2012-09-13 09:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-13 09:59 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-12 14:32 . 2012-09-12 14:32 -------- d-----w- c:\programdata\AVAST Software 2012-09-12 13:05 . 2012-09-14 08:07 -------- d-----w- c:\users\Dasjka\AppData\Local\Htc 2012-09-12 13:05 . 2012-09-12 13:05 -------- d-----w- c:\users\Dasjka\AppData\Roaming\HTC 2012-09-12 11:54 . 2012-09-12 11:54 -------- d-----w- c:\programdata\PCSettings 2012-09-11 09:33 . 2012-09-11 09:43 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard 2012-09-11 09:28 . 2012-09-11 09:43 -------- d-----w- c:\users\Dasjka\AppData\Local\NPE 2012-09-08 13:18 . 2012-09-11 08:35 -------- d-----w- c:\program files (x86)\SweetIM 2012-09-08 13:18 . 2012-09-08 13:18 -------- d-----w- c:\programdata\SweetIM 2012-08-27 17:08 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\YourFileDownloader 2012-08-27 17:08 . 2012-08-27 17:08 -------- d-----w- c:\users\Dasjka\AppData\Roaming\YourFileDownloader 2012-08-27 11:49 . 2012-09-13 08:13 -------- d-----w- c:\users\Dasjka\bureaublad 2012-08-27 11:10 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\uTorrent 2012-08-27 10:55 . 2012-09-13 10:02 -------- d-----w- c:\programdata\OptimizerPro1 2012-08-27 10:53 . 2012-09-13 08:14 -------- d-----w- c:\programdata\InstallMate 2012-08-26 23:11 . 2012-08-26 23:11 -------- d-----w- c:\program files (x86)\Gophoto.it 2012-08-26 22:46 . 2012-09-14 08:08 -------- d-----w- c:\users\Dasjka\AppData\Roaming\uTorrent 2012-08-26 22:44 . 2012-08-26 22:45 -------- d-----w- c:\users\Dasjka\AppData\Roaming\.Tribler 2012-08-26 22:31 . 2012-09-13 08:14 -------- d-----w- c:\program files (x86)\smartdl 2012-08-22 20:22 . 2012-08-22 20:22 209269 ----a-w- C:\torrent.exe 2012-08-17 21:03 . 2012-08-17 21:03 -------- d-----w- C:\found.004 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 08:13 . 2012-01-04 13:47 62134624 ----a-w- c:\windows\system32\MRT.exe 2012-08-14 22:29 . 2012-07-29 08:02 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-14 22:29 . 2012-02-11 09:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-18 18:15 . 2012-08-14 20:57 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-04 22:16 . 2012-08-14 20:57 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-07-04 22:13 . 2012-08-14 20:57 59392 ----a-w- c:\windows\system32\browcli.dll 2012-07-04 22:13 . 2012-08-14 20:57 136704 ----a-w- c:\windows\system32\browser.dll 2012-07-04 21:14 . 2012-08-14 20:57 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-07-03 18:56 . 2012-07-03 18:56 73728 ----a-w- c:\windows\SysWow64\afasrv64.exe 2012-06-29 04:55 . 2012-08-15 08:17 17809920 ----a-w- c:\windows\system32\mshtml.dll 2012-06-29 04:09 . 2012-08-15 08:17 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-06-29 04:01 . 2012-06-29 04:01 704136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-06-29 03:56 . 2012-08-15 08:17 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 03:49 . 2012-08-15 08:17 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-29 03:49 . 2012-08-15 08:17 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 03:48 . 2012-08-15 08:17 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 03:47 . 2012-08-15 08:17 237056 ----a-w- c:\windows\system32\url.dll 2012-06-29 03:45 . 2012-08-15 08:17 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-29 03:44 . 2012-08-15 08:17 816640 ----a-w- c:\windows\system32\jscript.dll 2012-06-29 03:43 . 2012-08-15 08:17 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 03:42 . 2012-08-15 08:17 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-29 03:40 . 2012-08-15 08:17 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-29 03:39 . 2012-08-15 08:17 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-29 03:35 . 2012-08-15 08:17 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-29 00:16 . 2012-08-15 08:17 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-29 00:09 . 2012-08-15 08:17 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-29 00:08 . 2012-08-15 08:17 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-29 00:04 . 2012-08-15 08:17 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-29 00:00 . 2012-08-15 08:17 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe . [7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll [-] 2012-01-04 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll . [-] 2012-01-04 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll . ((((((((((((((((((((((((((((( SnapShot@2012-09-13_15.34.05 ))))))))))))))))))))))))))))))))))))))))) . + 2010-11-21 03:09 . 2012-09-14 08:36 45182 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-09-14 08:36 45404 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-01-04 14:01 . 2012-09-14 08:36 13886 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2723141858-125272428-662678617-1000_UserData.bin - 2009-07-14 04:46 . 2012-09-13 15:35 92560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-09-14 09:10 92560 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2012-09-13 15:32 . 2012-09-13 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-09-14 09:07 . 2012-09-14 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-09-13 15:32 . 2012-09-13 15:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-09-14 09:07 . 2012-09-14 09:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-11-21 16:48 . 2012-09-13 16:36 701548 c:\windows\system32\perfh013.dat - 2010-11-21 16:48 . 2012-09-05 07:16 701548 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-09-05 07:16 616032 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-09-13 16:36 616032 c:\windows\system32\perfh009.dat + 2010-11-21 16:48 . 2012-09-13 16:36 133580 c:\windows\system32\perfc013.dat - 2010-11-21 16:48 . 2012-09-05 07:16 133580 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-09-13 16:36 106412 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-09-05 07:16 106412 c:\windows\system32\perfc009.dat - 2009-07-14 04:45 . 2012-09-13 15:35 7083571 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-09-14 09:10 7083571 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Registry Mechanic"="c:\users\Dasjka\Desktop\rminstall_RevenueWire207_10.0.1.140.exe" [bU] "Spotify Web Helper"="c:\users\Dasjka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-06-30 1192664] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-27 896400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [bU] "USBestCR"="c:\program files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 7377920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168] R3 HMFAxCore49faa33f15a1ac700ece463855b34160;HMFAxCore49faa33f15a1ac700ece463855b34160;c:\windows\system32\drivers\HMFAxCore49faa33f15a1ac700ece463855b34160.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928] R3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys [2010-09-15 60288] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 hotcore3;hotcore3;c:\windows\SysWOW64\drivers\hotcore3.sys [2008-01-21 36368] S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240] S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe [x] S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-06-18 96768] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-09 382272] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 netr28ux;Stuurprogramma voor RT2870 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328] S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . Inhoud van de 'Gedeelde Taken' map . 2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 22:29] . 2012-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000Core.job - c:\users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57] . 2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2723141858-125272428-662678617-1000UA.job - c:\users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-07 11:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "USBestCR"="c:\program files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe" [2012-07-03 7377920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 195.130.131.131 FF - ProfilePath - c:\users\Dasjka\AppData\Roaming\Mozilla\Firefox\Profiles\4oxvarww.default\ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2723141858-125272428-662678617-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2723141858-125272428-662678617-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe . ************************************************************************** . Voltooingstijd: 2012-09-14 11:14:14 - machine werd herstart ComboFix-quarantined-files.txt 2012-09-14 09:14 ComboFix2.txt 2012-09-13 16:18 . Pre-Run: 287.978.958.848 bytes beschikbaar Post-Run: 287.669.080.064 bytes beschikbaar . - - End Of File - - 6011D360C04A25C34513540B7FBDE6B3
-
Helaas, dit lukt niet... als hij opnieuw opstart krijg ik opnieuw leeg bureaublad, geen logje, niets.
-
Ik heb het een tweede maal gedaan, voor zekerheid ivm administrator functie. Log: Unhide by Lawrence Abrams (Grinler) Bleeping Computer - Computer Help and Discussion Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: Unhide.exe - A introduction as to what this program does Program started at: 09/13/2012 03:31:20 PM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 179649 files processed. Processing the D:\ drive Finished processing the D:\ drive. 17008 files processed. Processing the F:\ drive Finished processing the F:\ drive. 0 files processed. Processing the G:\ drive Finished processing the G:\ drive. 0 files processed. Processing the H:\ drive Finished processing the H:\ drive. 0 files processed. The C:\Users\Dasjka\AppData\Local\Temp\smtmp\ folder does not exist!! Unhide cannot restore your missing shortcuts!! Please see this topic in order to learn how to restore default Start Menu shortcuts: Unhide.exe - A introduction as to what this program does Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced No registry changes detected. Restarting Explorer.exe in order to apply changes. Program finished at: 09/13/2012 03:32:07 PM Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s) Als ik pc opnieuw opstart krijg ik niets meer, enkel nog zwart scherm. Veilige modus nog steeds ok.
-
Ik heb dit bericht ( langere versie) gekregen!
-
Helaas, hetzelfde probleem!!! Zit nu weer in veilige modus...
-
Pc is braafkes. Ik zou eens moeten heropstarten, maar durf het bijna niet. Ik ga het doen, en laat je dan iets weten!
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:21:26, on 13/09/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Users\Dasjka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Dasjka\AppData\Local\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\Downloads\HijackThis (2).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\coIEPlg.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [uSBestCR] C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe RunFromReg O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Registry Mechanic] C:\Users\Dasjka\Desktop\rminstall_RevenueWire207_10.0.1.140.exe -min O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Dasjka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: FreemakeVideoCapture - Unknown owner - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11465 bytes
-
Dit is de malwarebytes log: Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400 Malwarebytes : Free anti-malware download Databaseversie: v2012.05.04.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dasjka :: DASJKA-PC [administrator] Realtime bescherming: Ingeschakeld 4/05/2012 12:35:43 mbam-log-2012-05-04 (12-35-43).txt Scantype: Volledige scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 390150 Verstreken tijd: 51 minuut/minuten, 40 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 7 C:\Users\Dasjka\Downloads\FLVPlayerSetup.exe (Adware.Agent) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dasjka\Downloads\installer_adobe_photoshop (1).exe (PUP.Adbunbler) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dasjka\Downloads\installer_adobe_photoshop.exe (PUP.Adbunbler) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dasjka\Downloads\SoftonicDownloader_voor_karaokemedia.exe (PUP.ToolbarDownloader) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\Dasjka\Downloads\Downloads\goedeenkelchirurg.com (Trojan.FakeMS.VxGen) -> Succesvol in quarantaine geplaatst en verwijderd. D:\Downloads\goedeenkelchirurg.com (Trojan.FakeMS.VxGen) -> Succesvol in quarantaine geplaatst en verwijderd. D:\Karen\Downloads\goedeenkelchirurg.com (Trojan.FakeMS.VxGen) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Ik ga asap de hijack scan doen en posten. Alvast bedankt voor de moeite, de pc startte in elk geval al normaal op, dus ik heb goede hoop:-)
-
Dank je wel!!
-
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:26:43, on 13/09/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16448) Boot mode: Safe mode with network support Running processes: C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dasjka\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {adca5064-9e30-43fe-9856-58b07a3149fe} - (no file) R3 - URLSearchHook: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\coIEPlg.dll O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\IPS\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: uTorrentBar_NL - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL O2 - BHO: Bcool - {C877699B-D33C-EAA5-95C5-CCCCD18B3C73} - C:\ProgramData\Bcool\bhoclass.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\coIEPlg.dll O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll O3 - Toolbar: uTorrentBar_NL Toolbar - {87775fdb-6972-41f9-ae51-8326e38cb206} - C:\Program Files (x86)\uTorrentBar_NL\prxtbuTor.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [uSBestCR] C:\Program Files (x86)\Sitecom MD-020 SIM Editor\iconcs31462843.exe RunFromReg O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe O4 - HKCU\..\Run: [Registry Mechanic] C:\Users\Dasjka\Desktop\rminstall_RevenueWire207_10.0.1.140.exe -min O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Dasjka\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Dasjka\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\Windows\system32\afasrv64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: FreemakeVideoCapture - Unknown owner - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (file missing) O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\6.3.0.14\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12071 bytes
-
Ik krijg het niet voor mekaar in veilige modus. Ik probeer weer herstelpunten op andere data om er toch in te geraken, tot nu toe zonder resultaat...
