misteragga
-
Items
1.738 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door misteragga
-
hijackthislog 2
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
dat zou best kunnen dat ik caretaker antispam gebruik heb kan het zijn dat het van malwarebytes is? caretaker antispam portable virtualbox heb ik nooit gebruikt op deze computer zo ver ik weet. -
hijackthislog 2
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
hier bij stuur ik de twee bestandjes SysError.txt SysLog.txt -
hijackthislog 2
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
ik heb alle usb kabels uit de kast gehaald behalven de usb kabel voor me toetsenbord als nog blijft de melding terug komen ik dacht dat het de driver van de webcam was maar dat is het ook ik heb ook de drivers opnieuw geinstaleerd nog steeds het zelfde probleem ik heb ook de netwerk kaart terug ingeschakeld van onboard van ik heb ook een gigabit een los netwerk kaart maar als nog het zelfde ik kan geen herstel punt terug plaatsen van toen het geluid er niet was mischien dat er iets met een speccy log gedaan kan worden?. speccy klik -
zo ver ik weet heb ik niks van RRS feeds ingeschakeld dus dan zal ik door blijven klikken.
-
ik krijg deze melding als ik me aan meld bij windows live mail ik het alles af gezocht in google maar kom er nog steeds niet uit.
-
hijackthislog 2
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
weet iemand hier nog iets op? -
combofix is verwijderd
-
oke nou ja zal wel goed zijn.
-
ik had nog een klein vraagje steeds als combofix over mij computer is gegaan word ook dit lijntje verwijderd hoe kan dat? AddRemove-{D40EB009-0499-459c-A8AF-C9C110766215} - c:\program files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe .
-
hijackthislog 2
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
oke als de computer ook opstart hoor in de boksen een foutmelding net of een driver van een aparaat niet goed is geinstaleerd als ik dan bij aparaat beheer kijk zie ik niks met een uit roep teken wat zou het kunnen zijn?? -
combofixlog. ComboFix 12-12-28.01 - Brian 28-12-2012 12:13:53.14.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2636 [GMT 1:00] Gestart vanuit: c:\users\Brian\Desktop\ComboFix.exe AV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))) . . 2012-12-28 11:18 . 2012-12-28 11:18 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-28 11:18 . 2012-12-28 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-21 00:27 . 2012-12-21 00:29 -------- d-----r- c:\users\Brian\SkyDrive 2012-12-21 00:27 . 2012-12-21 00:27 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive 2012-12-21 00:27 . 2012-12-21 00:27 -------- d-----w- c:\programdata\Microsoft SkyDrive 2012-12-20 19:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-20 19:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-20 19:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-20 19:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 23:07 . 2012-12-19 23:10 -------- d-----w- c:\program files\Recuva 2012-12-18 18:29 . 2012-12-18 18:30 -------- d-----w- c:\users\Brian\AppData\Roaming\BitComet 2012-12-18 18:25 . 2012-12-18 18:25 -------- d-----w- C:\Downloads 2012-12-17 18:00 . 2012-12-17 18:00 388096 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-17 18:00 . 2012-12-17 18:00 -------- d-----w- c:\program files (x86)\Trend Micro 2012-12-15 01:37 . 2012-12-15 01:37 -------- d-----w- c:\program files (x86)\Auslogics 2012-12-13 02:54 . 2012-12-13 02:54 -------- d-----w- c:\program files (x86)\ESET 2012-12-13 02:18 . 2012-12-13 02:18 -------- d-----w- c:\program files\Macrium 2012-12-13 02:16 . 2012-12-13 02:16 308200 ----a-w- c:\windows\system32\javaws.exe 2012-12-13 02:16 . 2012-12-13 02:16 188392 ----a-w- c:\windows\system32\javaw.exe 2012-12-13 02:16 . 2012-12-13 02:16 188392 ----a-w- c:\windows\system32\java.exe 2012-12-13 02:16 . 2012-12-13 02:16 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-12-13 02:16 . 2012-12-13 02:16 -------- d-----w- c:\program files\Java 2012-12-12 19:59 . 2012-12-12 19:59 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2012-12-12 19:59 . 2012-12-12 19:59 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2012-12-12 00:58 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-12 00:58 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-12-12 00:58 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-12-12 00:56 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 00:56 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 00:56 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-12-10 18:12 . 2012-12-10 18:12 13504 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys 2012-12-10 18:11 . 2012-12-10 18:11 57024 ----a-w- c:\windows\system32\drivers\psmounterex.sys 2012-12-08 01:10 . 2012-12-08 01:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-12-05 21:36 . 2012-12-05 21:36 -------- d-----w- c:\programdata\{26D901A1-2540-4430-81DC-0317F01BD7BE} 2012-12-05 21:35 . 2012-12-05 21:36 -------- d-----w- c:\programdata\{B7FA0661-862B-4AE4-A12A-F08D226ED546} 2012-12-05 18:15 . 2012-12-05 18:16 -------- d-----w- c:\users\Brian\AppData\Roaming\Creative 2012-12-05 18:07 . 2012-12-05 18:07 -------- d-----w- c:\programdata\Creative 2012-12-05 18:07 . 2012-12-05 21:36 -------- d-----w- c:\program files (x86)\Creative 2012-11-29 01:11 . 2012-11-29 01:11 -------- d-----w- c:\program files\Soluto 2012-11-28 22:45 . 2012-11-28 22:45 -------- d-----w- C:\McAfee . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 15:49 . 2012-11-04 19:01 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-13 02:16 . 2012-09-14 16:51 959976 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-13 02:16 . 2012-09-14 16:51 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-12-13 02:13 . 2012-09-14 16:50 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-13 02:13 . 2012-09-14 16:50 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 00:59 . 2012-09-14 15:19 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-27 16:46 . 2012-11-26 20:34 82816 ----a-w- c:\users\Brian\AppData\Roaming\pcouffin.sys 2012-11-21 11:42 . 2012-09-20 22:47 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-11-10 23:57 . 2012-11-10 23:57 25216 ----a-w- c:\windows\system32\drivers\droidcam.sys 2012-11-09 05:40 . 2012-09-14 22:26 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 05:37 . 2012-06-22 05:38 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 05:37 . 2012-09-14 15:48 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 05:36 . 2012-09-14 22:26 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 05:36 . 2012-09-14 22:26 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 05:35 . 2012-06-22 05:36 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 05:34 . 2012-09-14 22:26 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 05:34 . 2012-09-14 22:26 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 05:33 . 2012-06-22 05:34 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-10-17 20:35 . 2012-10-17 20:35 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-17 20:35 . 2012-09-14 16:53 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-17 20:35 . 2012-09-14 16:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-16 08:38 . 2012-11-28 20:07 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 20:07 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 20:07 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-13 19:19 . 2012-10-13 19:19 574 ----a-w- C:\cleanup.bat 2012-10-09 18:17 . 2012-11-17 01:27 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-17 01:27 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-17 01:27 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-17 01:27 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 22:33 . 2012-10-04 22:33 53248 ----a-r- c:\users\Brian\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-10-04 16:40 . 2012-12-12 00:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-17 01:27 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-17 01:27 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-17 01:27 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-17 01:27 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-17 01:27 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-17 01:27 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-17 01:27 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-17 01:27 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-17 01:27 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-17 01:27 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-17 01:27 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) "UacDisableNotify"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\test programma's\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2012-11-10 25216] R3 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-14 1255736] R4 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528] R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-09-22 56016] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-11-21 54728] S2 MBAMScheduler;MBAMScheduler;c:\test programma's\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\test programma's\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-12-10 301760] S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2012-11-21 182840] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-11-21 644152] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-12-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 02:13] . 2012-12-21 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4085980671-1877415730-1580475011-1000Core.job - c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 22:24] . 2012-12-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4085980671-1877415730-1580475011-1000UA.job - c:\users\Brian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-21 22:24] . 2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 16:29] . 2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 16:29] . 2012-12-26 c:\windows\Tasks\HPCeeScheduleForBRIAN-PC$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-12-20 c:\windows\Tasks\HPCeeScheduleForBrian.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096] "Soluto"="c:\program files\soluto\soluto.exe" [2012-11-21 1278008] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube Download - c:\users\Brian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Brian\Desktop\mbar\mbar.exe Wow6432Node-HKLM-RunOnce-1 - c:\users\Brian\Desktop\mbam-chameleon.exe AddRemove-Fences - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe AddRemove-{D40EB009-0499-459c-A8AF-C9C110766215} - c:\program files (x86)\Common Files\LogiShrd\Installer\{D40EB009-0499-459c-A8AF-C9C110766215}\setup.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-4085980671-1877415730-1580475011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4085980671-1877415730-1580475011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "v5Licence0"="15-BDQC-7UK5-EXJX-PX69-4H1M-NKYDU2H" "Activated"="N" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-12-28 12:20:36 ComboFix-quarantined-files.txt 2012-12-28 11:20 . Pre-Run: 1.438.312.701.952 bytes beschikbaar Post-Run: 1.438.017.990.656 bytes beschikbaar . - - End Of File - - 040FC1CEAB796AF98D9944A1CAB90744
-
hijackthislog 2
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
kan hier ook nog de combofixlog na gekeken worden het duurde wel een half uur voor dat het klaar was. combofix. ComboFix 12-12-29.02 - rajni 30-12-2012 0:13.13.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3839.2321 [GMT 1:00] Gestart vanuit: c:\users\rajni\Desktop\ComboFix.exe AV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))) . . 2012-12-29 23:25 . 2012-12-29 23:25 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-12-29 23:25 . 2012-12-29 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-29 00:51 . 2012-12-29 00:51 -------- d-----w- c:\users\rajni\AppData\Local\Programs 2012-12-21 00:47 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 00:47 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 00:47 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-21 00:47 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-19 19:00 . 2012-12-19 19:00 388096 ----a-r- c:\users\rajni\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-12-12 01:08 . 2012-12-12 01:08 -------- d-----w- c:\program files\Macrium 2012-12-12 00:54 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 00:54 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 00:52 . 2012-10-04 17:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 16:40 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 14:41 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 14:41 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 14:41 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 14:41 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 17:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 16:40 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 16:40 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2012-12-12 00:52 . 2012-10-04 14:46 2048 ----a-w- c:\windows\SysWow64\user.exe 2012-12-12 00:52 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 00:52 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-08 15:57 . 2012-12-08 15:57 13504 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys 2012-12-08 15:57 . 2012-12-08 15:57 57024 ----a-w- c:\windows\system32\drivers\psmounterex.sys 2012-12-05 22:06 . 2012-12-05 22:07 -------- d-----w- c:\users\rajni\AppData\Roaming\Creative 2012-12-05 21:54 . 2012-12-05 21:55 -------- d-----w- c:\programdata\Creative 2012-12-05 21:54 . 2012-12-05 21:54 -------- d-----w- c:\programdata\{26D901A1-2540-4430-81DC-0317F01BD7BE} 2012-12-05 21:54 . 2012-12-05 21:54 -------- d-----w- c:\program files (x86)\Creative 2012-12-05 21:54 . 2012-12-05 21:54 -------- d-----w- c:\programdata\{5086CFFE-02D3-48D7-8A7C-169CFF056F88} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-15 02:53 . 2012-04-10 18:47 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-15 02:53 . 2011-11-20 01:15 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-14 15:49 . 2012-11-22 00:38 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 01:09 . 2011-11-19 20:16 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-21 11:42 . 2012-08-22 20:16 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-11-09 05:40 . 2012-11-05 13:05 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 05:37 . 2012-07-17 13:52 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 05:37 . 2012-11-05 12:59 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 05:36 . 2012-11-05 13:05 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-11-09 05:36 . 2012-11-05 13:05 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-11-09 05:35 . 2012-07-17 13:50 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 05:34 . 2012-11-05 13:05 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 05:34 . 2012-11-05 13:05 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 05:33 . 2012-07-17 13:48 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-10-22 00:43 . 2012-10-22 00:43 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-22 00:43 . 2012-09-02 23:49 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-22 00:43 . 2011-11-20 00:49 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-22 00:40 . 2012-10-22 00:41 289768 ----a-w- c:\windows\system32\javaws.exe 2012-10-22 00:40 . 2012-10-22 00:40 189416 ----a-w- c:\windows\system32\javaw.exe 2012-10-22 00:40 . 2012-10-22 00:40 188904 ----a-w- c:\windows\system32\java.exe 2012-10-22 00:40 . 2012-10-22 00:40 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-10-22 00:40 . 2011-12-13 22:08 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-10-22 00:40 . 2011-11-20 01:21 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-10-16 08:38 . 2012-11-28 00:12 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-28 00:12 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-28 00:12 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 18:17 . 2012-11-14 01:55 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 01:55 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 01:55 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 01:55 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 16:40 . 2012-12-12 00:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-14 01:55 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-14 01:55 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-14 01:55 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-14 01:55 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-14 01:55 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-14 01:55 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-14 01:55 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-14 01:55 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 01:55 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-14 01:55 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-14 01:55 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-10-05 23:37 220632 ----a-w- c:\users\rajni\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-10-05 23:37 220632 ----a-w- c:\users\rajni\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-10-05 23:37 220632 ----a-w- c:\users\rajni\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-02 98304] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-04-30 5235608] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112] . c:\users\rajni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Facebook Messenger.lnk - c:\users\rajni\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . R1 ctredr15.sys;ctredr15.sys;c:\windows\system32\drivers\ctredr15.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 VBoxDRV;PortableVBoxDRV;j:\virtualbox\Portable-VirtualBox\app64\drivers\VBoxDrv\VBoxDrv.sys [x] R2 VBoxUSBMon;PortableVBoxUSBMon;j:\virtualbox\Portable-VirtualBox\app64\drivers\USB\filter\VBoxUSBMon.sys [x] R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-03-09 1849856] R3 btiaa2dp;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btiaa2dp.sys [2008-09-16 82944] R3 BTiAPan;Bluetooth PAN Miniport;c:\windows\system32\DRIVERS\btiapan.sys [2008-09-16 37888] R3 btiarcp;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btiarcp.sys [2008-07-30 10880] R3 btiaspp;Bluetooth Serial driver;c:\windows\system32\DRIVERS\btiaspp.sys [2008-09-16 92160] R3 BTIAUSB;Generic Bluetooth Device;c:\windows\system32\DRIVERS\btiausb.sys [2008-11-14 31744] R3 BTPROT;Generic Bluetooth Filter;c:\windows\system32\DRIVERS\btprot.sys [2008-11-14 517632] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 iAnywhere_btAudio;Bluetooth Virtual SCO Device;c:\windows\system32\drivers\btiasco.sys [2008-07-30 25088] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112] R3 netr7364;Stuurprogramma voor RT73 USB draadloze LAN-kaart voor Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-19 1255736] R3 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [x] R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776] S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-11-21 54728] S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys [2008-05-15 26624] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-02-02 202752] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-11-09 177680] S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-12-08 301760] S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2012-11-21 182840] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-11-21 644152] S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768] S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-04-24 1150368] S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-04-11 247704] S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-04-11 1177496] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672] S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 02:53] . 2012-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3079376381-2054548843-520714141-1000Core.job - c:\users\rajni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28 00:16] . 2012-12-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3079376381-2054548843-520714141-1000UA.job - c:\users\rajni\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-28 00:16] . 2012-12-06 c:\windows\Tasks\vtscheduletask.job - c:\program files (x86)\McAfee\Supportability\MVT\MvtApp.exe [2012-07-10 19:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-10-05 23:38 244696 ----a-w- c:\users\rajni\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-10-05 23:38 244696 ----a-w- c:\users\rajni\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-10-05 23:38 244696 ----a-w- c:\users\rajni\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Soluto"="c:\program files\soluto\soluto.exe" [2012-11-21 1278008] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3079376381-2054548843-520714141-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3079376381-2054548843-520714141-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "v5Licence0"="15-6U3M-KEE7-AXHQ-472S-RK3Z-169NYH1" "Activated"="N" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe c:\program files (x86)\TeamViewer\Version8\tv_w32.exe . ************************************************************************** . Voltooingstijd: 2012-12-30 00:48:08 - machine werd herstart ComboFix-quarantined-files.txt 2012-12-29 23:47 . Pre-Run: 275.598.774.272 bytes beschikbaar Post-Run: 275.273.658.368 bytes beschikbaar . - - End Of File - - FA87C5A63A79E66D1663B31B5A3300C2 - - - Updated - - - als de computer ook opstart hoor in de boksen een foutmelding net of een driver van een aparaat niet goed is geinstaleerd als ik dan bij aparaat beheer kijk zie ik niks met een uit roep teken wat zou het kunnen zijn?? -
oke dan neem ik aan dat het is en zou ook de combofixlog na gekeken kunnen worden??
-
combofixlog ook nog even er bij. [ATTACH]23284[/ATTACH] combolog.txt
-
ik heb een scan uit gevoerd met mbam chameleon het lijkt er op dat een driver is verwijderd of ik iets dergelijks kan dat nog even na gekeken worden? en ik heb deze 2 raare icoontjes er bij gekregen na die scan. icoontjes. mbam chameleon melding.
-
nee ik heb er geen problemen mee de icoontje is verwijderd van mij bureaublad.
-
ik heb wel de samsung galaxy tab 2 dus ik denk dat de bestand daar van afkomstig is.
-
de icoontjes zijn terug.
-
oke en wat kan ik nu doen?
-
weet hier iemand iets over deze bericht van #5
-
hijackthislog 2
misteragga reageerde op misteragga's topic in Archief Bestrijding malware & virussen
nee hoor dat niet. -
wilde graag een computer opschoning virus vrij. hijackthislog. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:02:59, on 19-12-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe C:\Users\rajni\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\tijdelijke\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [softAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe" O4 - Startup: Facebook Messenger.lnk = rajni\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD Backup (WDBackup) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe O23 - Service: WD Drive Manager (WDDriveService) - Western Digital - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe O23 - Service: WD Rules (WDRulesService) - Western Digital - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe (file missing) -- End of file - 11216 bytes
-
ja zekkers dit icoontje zie hier onder is te voorschein gekomen klopt het dat de computer sneller reageerd? en wat houd dit in is afkomstig van unhide tekst bestand. 1. 2. Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * Start_TrackDocs was set to 0! It was set back to 1! * Start_TrackProgs was set to 0! It was set back to 1!
-
dit is de melding die ik heb gekregen en ook een tekst documen met als tekst unhide zie hier de resultaat. unhide melding. unhide tekstbestand. [ATTACH]23074[/ATTACH] unhide.txt
-
hallo forum leden ik heb het een probleem met mij computer als ik mij computer op start komen niet alle icoontjes te voor schijn soms na 3 min wachten wel en vaak moet ik dan me power knop in gedrukt houde tot dat de computer weer goed werkt zou het een virus zijn? hijackthislog. [ATTACH]23053[/ATTACH] hijackthis.log
