Jacob Haitsma

28 september 2012

Yess, nu doet hij het wel!

logje adwcleaner:

# AdwCleaner v2.003 - Verslag gemaakt op 09/28/2012 om 15:36:59

# Geactualiseerd op 23/09/2012 door Xplode

# Besturingssysteem : Microsoft Windows XP Service Pack 2 (64 bits)

# Gebruiker : g7 1120sd - G71120SD-HP

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\g7 1120sd\Desktop\adwcleaner.exe

# Optie [Verwijderen]

***** [Diensten] *****

***** [Files / Mappen] *****

***** [Register] *****

***** [browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v15.0.1 (nl)

Profielnaam : default

File : C:\Users\g7 1120sd\AppData\Roaming\Mozilla\Firefox\Profiles\pkk2ga2s.default\prefs.js

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[s1].txt - [515 octets] - [28/09/2012 10:53:42]

AdwCleaner[s2].txt - [515 octets] - [28/09/2012 10:54:58]

AdwCleaner[R1].txt - [1047 octets] - [28/09/2012 15:30:11]

AdwCleaner[s3].txt - [505 octets] - [28/09/2012 15:30:18]

AdwCleaner[s4].txt - [1039 octets] - [28/09/2012 15:36:59]

########## EOF - C:\AdwCleaner[s4].txt - [1099 octets] ##########

Logje Hijack:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:26:34, on 21-9-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Users\g7 1120sd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\IPS\IPSBHO.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe

O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\g7 1120sd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=724

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13973 bytes

bijlage: melding voordat ik met Hijack ging scannen

28 september 2012

ja helaas wel... in de veilige modus van windows bedoel je toch? Dan geeft het dezelfde foutmelding. Sorry voor dit lastige probleem!

Misschien nog iets meer waar je wat mee kunt: gisteren tijdens het afspelen van youtube filmpjes gaf windows de melding dat windows verkenner niet meer werkte en startte windows verkenner automatisch opnieuw op. Ook heb ik via 'tune up utilities' een foutmelding gekregen die ik niet kan oplossen. Namelijk, in apparaatbeheer zit ergens een apparaat dat niet meer werkt, maar ik kan geen acties ondernemen wat betreft dit apparaat (zie bijlage). Ik weet niet of je hier iets mee kan.

27 september 2012

zodra ik bij adwcleaner op 'verwijderen' druk krijg ik een foutmelding..

27 september 2012

Aaaaah dit is niet eerlijk! Snelheid van het internetten is nog steeds prima, maar ik heb zo nu en dan nogsteeds dat als ik bij google een bepaalde site aan klik of ik in de adresbalk een site in typ en op enter druk ik naar een andere 'advertentie' site wordt geleid dan ik aanklik of heb ingetypt..

Zou het helpen om het voorgaande proces nog een keer te herhalen of heb je iets anders wat ik er mogelijk nog aan kan doen?

Wederom alvast bedankt!

Jacob

25 september 2012

De zaken staan er uitstekend voor! Ik kan op dit moment weer zonder me constant te ergeren internetten.

Bedankt voor al je hulp!

24 september 2012

Emsisoft Emergency Kit - Versie 2.0

Laatste Update: 24-9-2012 14:32:20

Scaninstellingen:

Scantype: Diepe scan

Objecten: Rootkits, Geheugen, Sporen, C:\, D:\, H:\

Scan archieven: Aan

ADS Scan: Aan

Scan gestart: 24-9-2012 14:33:35

C:\Users\g7 1120sd\Downloads\Voltooide downloads\TuneUp.Utilities.2012.v12.0.2120.7.Incl.Keygen-Lz0\Lz0\KeyMaker.exe Ontdekt: Riskware.Keygen.TuneUp2012!E2

C:\Users\g7 1120sd\AppData\Local\Temp\Av-test.txt Ontdekt: EICAR-Test-File!E1

C:\HP\Bin\EndProcess.exe Ontdekt: Riskware.Win32.KillApp!E1

C:\$RECYCLE.BIN\S-1-5-21-356567523-1777105027-1618555653-1000\$RXUK5WC.EXE Ontdekt: Trojan-Spy.Win32.Banker!E2

Gescand 593230

Gevonden 4

Scan geëindigd: 24-9-2012 15:18:29

Scantijd: 0:44:54

C:\$RECYCLE.BIN\S-1-5-21-356567523-1777105027-1618555653-1000\$RXUK5WC.EXE Verwijderd Trojan-Spy.Win32.Banker!E2

C:\HP\Bin\EndProcess.exe Verwijderd Riskware.Win32.KillApp!E1

C:\Users\g7 1120sd\AppData\Local\Temp\Av-test.txt Verwijderd EICAR-Test-File!E1

Verwijderd 3

24 september 2012

Ik heb alle stappen die je me voorschotelde weer uitgevoerd en het internet is inderdaad weer een stuk sneller geworden! Zeker toen ik Combofix weer van de computer had verwijderd ging het weer een stuk beter. Ik heb nu alleen nog af en toe dat als ik naar een site wil (bijvoorbeeld www.google.nl) en dit in de adresbalk typ en op enter druk, ik naar een hele andere site wordt toegeleid. Dit gebeurt dan 2 à 3 keer achter elkaar en daarna is het over.

In ieder geval super bedankt voor je hulp tot nu toe!

22 september 2012

het is zeker niet slechter geworden! Maar nog niet zo als ik wel gewend ben. Wat ook nog wel opmerkelijk is, is dat als ik google chrome als mijn browser gebruik en ik bij taakbeheer kijk (bij processen), er wel iets van 5 of 6 google chrome's aanstaan.

21 september 2012

Hierbij het logboek van combofix,

nogmaals bedankt voor de hulp

ComboFix 12-09-20.03 - g7 1120sd 21-09-2012 17:14:07.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4044.1253 [GMT 2:00]

Gestart vanuit: c:\users\g7 1120sd\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\prefs.js

c:\program files (x86)\Vid-Saver

c:\program files (x86)\Vid-Saver\Vid-Saver.ico

c:\program files (x86)\Vid-Saver\Vid-Saver.ini

c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe

c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log

c:\programdata\100

c:\programdata\boost_interprocess\20120921145017.125599

c:\users\g7 1120sd\AppData\Local\Vid-Saver

c:\users\g7 1120sd\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx

c:\users\g7 1120sd\AppData\Roaming\chrtmp

c:\windows\SysWow64\FlashPlayerInstaller.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-21 to 2012-09-21 ))))))))))))))))))))))))))))))

.

2012-09-21 15:47 . 2012-09-21 15:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-21 14:14 . 2012-09-21 15:46 -------- d-----w- c:\programdata\boost_interprocess

2012-09-21 14:13 . 2012-09-21 14:14 -------- d-----w- c:\users\g7 1120sd\AppData\Roaming\CometPlayer

2012-09-21 14:13 . 2012-09-21 14:15 -------- d-----w- c:\users\g7 1120sd\AppData\Roaming\tigerplayer

2012-09-21 14:13 . 2012-09-21 14:14 -------- d-----w- c:\program files (x86)\MpcStar

2012-09-21 13:08 . 2012-09-21 13:57 -------- d-----w- C:\Downloads

2012-09-21 13:07 . 2012-09-21 15:48 -------- d-----w- c:\users\g7 1120sd\AppData\Roaming\BitComet

2012-09-21 13:07 . 2012-09-21 13:08 -------- d-----w- c:\program files (x86)\BitComet

2012-09-21 13:05 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-09-21 13:05 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-09-21 13:05 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-09-21 10:43 . 2012-09-21 10:43 -------- d-----w- c:\users\g7 1120sd\AppData\Local\Macromedia

2012-09-20 22:40 . 2012-09-20 22:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-09-20 22:40 . 2012-09-20 22:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-09-20 22:40 . 2012-09-20 22:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-09-20 22:40 . 2012-09-20 22:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-09-20 22:40 . 2012-09-20 22:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-09-20 22:40 . 2012-09-20 22:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-09-20 22:40 . 2012-09-20 22:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-09-20 22:39 . 2012-09-21 12:44 -------- d-----w- c:\program files (x86)\QuickTime

2012-09-20 22:19 . 2012-09-20 22:19 -------- d-----w- c:\users\g7 1120sd\AppData\Local\Mozilla

2012-09-20 22:19 . 2012-09-20 22:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-09-18 16:52 . 2012-05-29 18:46 25952 ----a-w- c:\windows\system32\authuitu.dll

2012-09-18 16:52 . 2012-05-29 18:46 21344 ----a-w- c:\windows\SysWow64\authuitu.dll

2012-09-18 16:52 . 2012-05-29 18:46 35680 ----a-w- c:\windows\system32\uxtuneup.dll

2012-09-18 16:52 . 2012-05-29 18:46 29024 ----a-w- c:\windows\SysWow64\uxtuneup.dll

2012-09-18 16:49 . 2012-05-29 18:46 34656 ----a-w- c:\windows\system32\TURegOpt.exe

2012-09-18 16:48 . 2012-09-18 16:51 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012

2012-09-18 15:52 . 2012-09-18 15:52 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation

2012-09-18 15:41 . 2012-09-18 15:41 -------- d-----w- c:\users\g7 1120sd\AppData\Roaming\TuneUp Software

2012-09-18 15:40 . 2012-09-18 15:42 -------- d-----w- c:\programdata\TuneUp Software

2012-09-18 15:39 . 2012-09-18 15:39 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

2012-09-18 09:48 . 2012-09-18 09:48 -------- d-----w- c:\program files (x86)\Hitman Pro

2012-09-13 14:25 . 2012-09-13 14:25 304 ----a-w- C:\user.js

2012-09-12 12:37 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 12:37 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 12:37 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 12:37 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 12:37 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 12:37 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 12:37 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 13:24 . 2012-09-12 16:04 -------- d-----w- c:\program files\Symantec

2012-09-11 13:24 . 2012-09-12 16:04 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-09-11 13:24 . 2012-09-11 13:24 -------- d-----w- c:\program files\Common Files\Symantec Shared

2012-09-11 13:22 . 2012-09-12 17:07 -------- d-----w- c:\windows\system32\drivers\NAVx64

2012-09-11 13:21 . 2012-09-11 13:22 -------- d-----w- c:\program files (x86)\Norton AntiVirus

2012-09-11 13:21 . 2012-09-11 13:21 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-09-11 13:19 . 2012-09-11 13:19 -------- d-----w- c:\program files (x86)\NortonInstaller

2012-09-11 09:53 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{980ACD4E-5B15-4A16-A50F-5F0F76363E6E}\mpengine.dll

2012-09-10 15:51 . 2012-09-10 15:51 -------- d-----w- c:\users\g7 1120sd\AppData\Roaming\ParetoLogic

2012-09-10 15:51 . 2012-09-10 15:53 -------- d-----w- c:\programdata\ParetoLogic

2012-09-02 04:29 . 2012-09-02 04:29 -------- d-----w- C:\AVG2012

2012-09-01 13:43 . 2012-09-01 13:43 -------- d-----w- c:\programdata\GFI Software

2012-08-30 13:28 . 2012-08-30 13:28 -------- d-----w- c:\users\g7 1120sd\AppData\Local\adawarebp

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-21 10:41 . 2012-04-03 12:36 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-09-21 10:41 . 2011-10-25 07:48 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-13 08:29 . 2011-09-05 14:41 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-10 16:32 . 2012-08-10 16:32 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-08-10 16:32 . 2011-05-28 03:07 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-18 18:15 . 2012-08-14 21:01 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-12 14:50 . 2011-09-11 13:00 87488 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2012-07-12 14:50 . 2011-09-11 13:00 34720 ----a-w- c:\windows\system32\LMIport.dll

2012-07-12 14:50 . 2011-09-11 13:00 80800 ----a-w- c:\windows\system32\LMIinit.dll

2012-07-06 20:07 . 2012-08-16 08:27 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-14 21:01 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-14 21:01 59392 ----a-w- c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-14 21:01 136704 ----a-w- c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-14 21:01 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-06-29 04:55 . 2012-08-16 08:25 17809920 ----a-w- c:\windows\system32\mshtml.dll

2012-06-29 04:09 . 2012-08-16 08:25 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-06-29 03:56 . 2012-08-16 08:25 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-06-29 03:49 . 2012-08-16 08:25 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-29 03:49 . 2012-08-16 08:25 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-29 03:48 . 2012-08-16 08:25 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-29 03:47 . 2012-08-16 08:25 237056 ----a-w- c:\windows\system32\url.dll

2012-06-29 03:45 . 2012-08-16 08:25 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-29 03:44 . 2012-08-16 08:25 816640 ----a-w- c:\windows\system32\jscript.dll

2012-06-29 03:43 . 2012-08-16 08:25 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-29 03:42 . 2012-08-16 08:25 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-29 03:40 . 2012-08-16 08:25 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-29 03:39 . 2012-08-16 08:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-29 03:35 . 2012-08-16 08:25 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-29 00:16 . 2012-08-16 08:25 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-29 00:09 . 2012-08-16 08:25 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-29 00:08 . 2012-08-16 08:25 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-29 00:04 . 2012-08-16 08:25 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-29 00:00 . 2012-08-16 08:25 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\g7 1120sd\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\g7 1120sd\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\g7 1120sd\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Spotify Web Helper"="c:\users\g7 1120sd\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-16 1193176]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"BitComet"="c:\program files (x86)\BitComet\BitComet.exe" [2012-03-14 12761392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1043 /heur:80 /RA:ask /pup /archives /IA:0 /KBD:2 /wow /dir:C:\Program

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime

.

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-31 17152]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-01 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-17 14464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1308000.00E\SYMDS64.SYS [2011-07-25 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1308000.00E\SYMEFA64.SYS [2012-05-22 1129120]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-09-04 1385120]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1308000.00E\ccSetx64.sys [2012-06-07 167072]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-04 271424]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120920.002\IDSvia64.sys [2012-09-08 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1308000.00E\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1308000.00E\SYMNETS.SYS [2012-04-18 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-02-18 2372096]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-07-12 375208]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-01-11 15928]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe [2012-06-16 138272]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-03-09 288768]

S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-03-09 1066896]

S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-03-09 491920]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-20 138912]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-03 317440]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-04 1041760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-24 11856]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:41]

.

2012-08-28 c:\windows\Tasks\HPCeeScheduleForg7 1120sd.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

2012-09-17 c:\windows\Tasks\HPCeeScheduleForG71120SD-HP$.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\g7 1120sd\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\g7 1120sd\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\g7 1120sd\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\g7 1120sd\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-03 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-03 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-03 419096]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-01-11 57928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.atcomet.com/m/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &D&ownload &met BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload alles met BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\g7 1120sd\AppData\Roaming\Mozilla\Firefox\Profiles\3fhr5rfp.default\

FF - prefs.js: browser.startup.homepage - Google

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{5B5048FD-C6B8-438B-81FB-D6E10AF86354} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.8.0.14\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-356567523-1777105027-1618555653-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_USERS\S-1-5-21-356567523-1777105027-1618555653-1000\Software\SecuROM\License information*]

"datasecu"=hex:e5,10,b2,a3,bd,6d,03,b0,4f,de,59,f0,8d,db,23,64,f5,da,29,08,aa,

41,b1,ae,4a,05,d0,aa,02,8f,ec,56,f9,7a,ea,1b,36,69,54,6e,0c,84,f0,ec,4e,fc,\

"rkeysecu"=hex:7d,9a,36,f9,97,f7,5a,18,dd,82,e4,3e,61,55,92,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\SysWOW64\ezSharedSvcHost.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe

c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-09-21 18:18:41 - machine werd herstart

ComboFix-quarantined-files.txt 2012-09-21 16:18

.

Pre-Run: 349.249.372.160 bytes beschikbaar

Post-Run: 348.730.761.216 bytes beschikbaar

.

- - End Of File - - 3D1CD6C2961330C9CFDAAC6E04CEA592

21 september 2012

Hallo,

Mijn net nieuwe laptop doet het uitstekend, behalve tijdens het internetten. Dan is hij heel erg traag. Ik gok dus dat het te maken heeft met één of ander virus. Hieronder is het logje van Hijack.

Alvast super bedankt voor de moeite!