Ga naar inhoud

Michelinde

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    24

  • Registratiedatum

  • Laatst bezocht

Michelinde's prestaties

Leerling

Leerling (3/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. Michelinde
    Excuses voor de late reactie, omdat de PC nog altijd actief in gebruik is kan ik er alleen tijdens de werkuren als mijn collega hem bij heeft aan werken. Comboix logje: ComboFix 11-10-04.02 - gebruiker 04/10/2011 13:16:24.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.32.1043.18.895.281 [GMT 2:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))) . . 2011-10-04 11:34 . 2011-10-04 11:34 -------- d-----w- c:\users\gebruiker\AppData\Local\temp 2011-10-04 11:34 . 2011-10-04 11:34 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-04 11:34 . 2011-10-04 11:34 -------- d-----w- c:\users\kinderen\AppData\Local\temp . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-01 06:51 . 2007-07-06 12:57 45056 ----a-w- c:\windows\system32\acovcnt.exe 2011-07-06 14:56 . 2011-08-11 08:30 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 1999-05-06 06:22 224150 --sha-r- c:\windows\ConfigSetRoot\IO.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-24 815104] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-04-19 33136] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-19 90191] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-19 7770112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-19 81920] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^gebruiker^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole PMB.lnk] path=c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole PMB.lnk backup=c:\windows\pss\Mediacontrole PMB.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-04-13 00:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA] 2006-11-02 15:27 61440 ----a-w- c:\program files\ASUS\ATK Media\DMedia.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd] 2007-03-12 13:51 663552 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-11-17 19:59 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2008-01-19 07:33 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-715927701-4278431236-864789838-1000] "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1108000.005\SYMDS.SYS [2009-11-05 328752] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS [2010-04-22 173104] S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20110920.001\BHDrvx86.sys [2011-09-09 816760] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1108000.005\ccHPx86.sys [2010-02-26 501888] S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20111001.030\IDSvix86.sys [2011-08-22 368248] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1108000.005\Ironx86.SYS [2010-04-29 116784] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS [2010-05-06 339504] S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392] S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-12 24576] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592] S3 itecir;ITE CIR Driver;c:\windows\system32\DRIVERS\itecir.sys [2004-04-13 6912] S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-20 1324544] S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhoud van de 'Gedeelde Taken' map . 2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:49] . 2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 19:49] . 2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-715927701-4278431236-864789838-1000Core.job - c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 10:47] . 2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-715927701-4278431236-864789838-1000UA.job - c:\users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 10:47] . 2011-09-18 c:\windows\Tasks\Norton Security Scan for gebruiker.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-28 07:48] . 2011-10-04 c:\windows\Tasks\User_Feed_Synchronization-{A35D18F0-2EBF-4499-9CD2-00AC9377976A}.job - c:\windows\system32\msfeedssync.exe [2011-06-16 04:32] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html TCP: DhcpNameServer = 195.238.2.21 195.238.2.22 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\rbp7sbgr.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn_2010_9_0_6 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-Norman ZANDA - c:\program files\Norman\Npm\bin\ZLH.EXE MSConfigStartUp-PowerForPhone - c:\program files\PowerForPhone\PowerForPhone.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-04 13:34 Windows 6.0.6001 Service Pack 1 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.8.0.5\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-10-04 13:44:52 ComboFix-quarantined-files.txt 2011-10-04 11:44 . Pre-Run: 16.217.571.328 bytes beschikbaar Post-Run: 15.977.508.864 bytes beschikbaar . - - End Of File - - 2EA0A6F654E10F53DEE106D3CA96DAEF Hijackthis log volgt ---------- Post toegevoegd om 13:51 ---------- Vorige post was om 13:50 ---------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:50:51, on 4/10/2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ASScrPro.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\ehome\ehmsas.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wuauclt.exe C:\ComboFix\PEV.exe C:\Windows\system32\notepad.exe C:\Windows\explorer.exe C:\Users\gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\gebruiker\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Startup: Network Shortcuts O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 5413 bytes
  2. Michelinde
    Blijkbaar is hij geleidelijk aan trager geworden. Ik denk dat enkel Norton actief is, van Mcaffee zie ik geen symbool staan en ook niets in het taakbeheer.
  3. Michelinde
    De computer van een collega van me is bijzonder traag geworden. Het OS is windows Vista, bij deze al een hijackthislogje; aLogfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:00:52, on 30/09/2011 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.19088) Boot mode: Normal Running processes: C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ASUS\ASUS Live Update\ALU.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\ASScrPro.exe C:\Windows\ehome\ehtray.exe C:\Windows\system32\wuauclt.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\System32\rundll32.exe C:\Users\gebruiker\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldnl-be.cab O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 6147 bytes
  4. Michelinde
    Ander toetsenbord gevonden en erin geslaagd veilige modus op te starten. Jammer genoeg start de standaard defragmentatie van vista daar zelfs gewoon niet op. Ondertussen is de PC niet meer gecrashed, smart defrag heeft de schijf gedefragmenteerd, maar volgens zijn eigen normen niet voldoende. De waarschuwing van een niet-legitieme versie van windows is ondertussen ook verdwenen.
  5. Michelinde
    Ik heb idd een USB toetsenbord, zal gelijk eens zien of ik ergens nog een oud exemplaar van de klassieke vorm heb liggen.
  6. Michelinde
    Smart Defrag heeft de klus op een uurtje of 2 geklaard.
  7. Michelinde
    Heb nu herhaaldelijk de PC opnieuw opgestart en continu op de F8 getokkeld maar elke keer opnieuw is de PC gewoon opgestart, niet in veilige modus. Ben nu Smartdefrag aan het downloaden. Volgens mij heb ik 2 harde schijven van elk 500 GB, apparaatbeheer geeft 2 ATA devices weer.
  8. Michelinde
    Het werkt niet, F8 drukken doet niets. Ik heb 5à6 keer geprobeerd de computer opnieuw op te starten en voor het windowslogo op F8 te drukken, maar hij deed niks, het enige wat veranderd is is die waarschuwing van illegitimeit.
  9. Michelinde
    Zie update in vorige post.
  10. Michelinde
    Zal de PC nu opnieuw opstarten en hem overnacht laten defraggen, wish me luck! Update: Het lukt me niet windows in veilige modus te starten, herhaaldelijk de F8 toets indrukken verandert niks aan de opstartcyclus. Vroeger merkte ik ook wel eens dat ik na een foutieve afsluiting nooit kon kiezen tussen de verschillende opties in het opstartscherm, ik moest steeds wachten tot de timer afliep. Wel geeft Windows nu ineens in de rechteronderhoek aan dat ik geen legitieme versie van Windows heb. Even ter informatie, de overmatig gedecoreerde installatieCD ligt langs me in het originele hoesje, dus de melding is gewoon nonsens
  11. Michelinde
    Ik heb deze morgen rond half 11 een nieuwe defragmentatie opgestart, het is nu 11 uur 's avonds en hij is nog steeds bezig. Ik vrees dat de totnogtoe ondernomen stappen niet het gewenste effect hebben gehad. :s
  12. Michelinde
    De computer schakelde niet vanzelf uit, ik heb op de uitknop moeten duwen. ComboFix 11-09-16.01 - Gebruiker 17/09/2011 8:53.2.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.6141.3689 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\E177E04D548C4006A465EEB92D3DE021 c:\windows\SysWow64\E177E04D548C4006A465EEB92D3DE021\Runtime\Objects\prv_ee_6_4_65.dll c:\windows\SysWow64\E177E04D548C4006A465EEB92D3DE021\Runtime\Security\prv_ee_6_4_65.dll.sec . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-17 to 2011-09-17 )))))))))))))))))))))))))))))) . . 2011-09-17 07:03 . 2011-09-17 07:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-16 17:57 . 2011-09-16 17:57 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-16 02:40 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat 2011-09-16 02:40 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-08 16:05 . 2011-09-08 16:05 -------- d-----w- c:\programdata\ATI 2011-09-08 16:04 . 2011-09-08 16:04 -------- d-----w- c:\program files (x86)\AMD APP 2011-09-04 15:29 . 2011-09-04 15:32 -------- d-----w- c:\program files (x86)\Free FLV Converter 2011-09-04 15:29 . 2008-06-04 15:42 9728 ----a-w- c:\windows\SysWow64\PCCLPFR.DLL 2011-09-04 15:29 . 2008-06-04 15:42 84512 ----a-w- c:\windows\SysWow64\PICCLP32.OCX 2011-09-04 15:29 . 2008-06-04 15:42 364544 ----a-w- c:\windows\SysWow64\PropertyGrid.ocx 2011-09-04 15:29 . 2008-06-04 15:42 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL 2011-09-04 15:29 . 2008-06-04 15:42 24576 ----a-w- c:\windows\SysWow64\ControlSubX.ocx 2011-09-04 15:29 . 2008-06-04 15:42 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL 2011-09-02 17:02 . 2011-09-02 17:02 -------- d-----w- c:\program files\iPod 2011-09-02 17:02 . 2011-09-02 17:03 -------- d-----w- c:\program files\iTunes 2011-09-02 17:02 . 2011-09-02 17:03 -------- d-----w- c:\program files (x86)\iTunes 2011-08-31 17:47 . 2011-08-31 17:47 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-31 17:47 . 2011-08-31 17:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-31 17:47 . 2011-08-31 17:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-08-31 17:47 . 2011-08-31 17:47 -------- d-----w- c:\program files (x86)\OpenAL 2011-08-24 18:19 . 2011-08-24 18:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2011-08-24 18:18 . 2011-08-24 18:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll 2011-08-24 15:37 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-20 07:05 . 2011-08-20 07:04 686426 ----a-w- c:\windows\unins000.exe 2011-08-20 00:02 . 2011-08-20 00:02 -------- d-----w- c:\users\Gebruiker\AppData\Local\Unity 2011-08-20 00:01 . 2011-08-20 00:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-08-19 18:53 . 2011-08-19 18:58 -------- d-----w- c:\users\Gebruiker\AppData\Local\Ubisoft Game Launcher 2011-08-19 18:50 . 2011-08-19 18:50 -------- d-----w- c:\program files (x86)\Ubisoft . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-13 15:10 . 2009-07-23 10:08 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2011-08-31 17:47 . 2011-08-31 17:47 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-08-31 15:00 . 2009-10-17 22:57 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-12 04:10 . 2011-09-16 10:22 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7FF70C3-A8C4-4FCF-9385-DD3E46688C32}\mpengine.dll 2011-07-28 22:23 . 2011-07-28 22:23 9980416 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-07-28 22:09 . 2011-07-08 03:54 23921664 ----a-w- c:\windows\system32\atio6axx.dll 2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe 2011-07-28 21:40 . 2011-01-26 23:00 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-07-28 21:39 . 2011-01-26 22:59 852992 ----a-w- c:\windows\system32\aticfx64.dll 2011-07-28 21:36 . 2011-07-08 03:25 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-07-28 21:36 . 2011-07-28 21:36 485376 ----a-w- c:\windows\system32\atieclxx.exe 2011-07-28 21:35 . 2011-07-28 21:35 204288 ----a-w- c:\windows\system32\atiesrxx.exe 2011-07-28 21:34 . 2011-07-28 21:34 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-07-28 21:34 . 2011-07-08 03:23 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-07-28 21:33 . 2011-07-28 21:33 21504 ----a-w- c:\windows\system32\atimuixx.dll 2011-07-28 21:33 . 2011-07-28 21:33 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-07-28 21:30 . 2011-01-26 22:49 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-07-28 21:20 . 2011-07-28 21:20 4943360 ----a-w- c:\windows\system32\atidxx64.dll 2011-07-28 21:12 . 2011-07-28 21:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2011-07-28 21:11 . 2011-07-08 03:05 3871744 ----a-w- c:\windows\system32\atiumd6a.dll 2011-07-28 21:11 . 2011-07-28 21:11 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-07-28 21:11 . 2011-07-28 21:11 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-07-28 21:10 . 2011-07-28 21:10 9644544 ----a-w- c:\windows\system32\aticaldd64.dll 2011-07-28 21:09 . 2011-01-26 22:28 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-07-28 21:03 . 2011-01-26 22:24 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-07-28 21:02 . 2009-05-16 03:03 5399040 ----a-w- c:\windows\system32\atiumd64.dll 2011-07-28 21:01 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll 2011-07-28 20:54 . 2011-07-08 02:47 378368 ----a-w- c:\windows\system32\atiadlxx.dll 2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-07-28 20:54 . 2011-07-08 02:47 15360 ----a-w- c:\windows\system32\atig6pxx.dll 2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll 2011-07-28 20:54 . 2011-07-08 02:47 39936 ----a-w- c:\windows\system32\atig6txx.dll 2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll 2011-07-28 20:54 . 2011-07-28 20:54 309248 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-07-28 20:53 . 2011-07-28 20:53 40960 ----a-w- c:\windows\system32\atiuxp64.dll 2011-07-28 20:53 . 2011-01-26 22:12 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2011-07-28 20:53 . 2011-01-26 22:12 38912 ----a-w- c:\windows\system32\atiu9p64.dll 2011-07-28 20:53 . 2011-01-26 22:12 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-07-28 20:52 . 2011-01-26 22:12 45056 ----a-w- c:\windows\system32\atitmp64.dll 2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\atimpc64.dll 2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\amdpcom64.dll 2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll 2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2011-07-28 15:49 . 2011-07-28 15:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll 2011-07-28 15:48 . 2011-07-28 15:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll 2011-07-28 07:45 . 2011-07-28 07:45 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys 2011-07-28 07:45 . 2011-07-28 07:45 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys 2011-07-28 07:45 . 2011-07-28 07:45 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll 2011-07-28 07:45 . 2011-07-28 07:45 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll 2011-07-22 05:42 . 2011-08-11 20:02 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-11 20:02 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-11 20:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-11 20:02 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-11 20:02 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-11 20:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-13 12:12 . 2010-09-13 20:11 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll 2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-11 13:25 . 2011-08-24 15:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-07-08 17:16 . 2009-07-23 10:15 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-07-06 15:49 . 2011-08-11 07:41 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-06-27 14:23 . 2011-06-27 14:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll 2011-06-20 08:45 . 2011-08-11 07:41 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-19 16:32 . 2011-06-19 16:21 627600 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-09-16_21.10.47 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-23 07:26 . 2011-09-17 07:18 69424 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-22 15:07 . 2011-09-17 07:19 13446 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3916821183-536908603-691957483-1000_UserData.bin + 2011-09-17 07:16 . 2011-09-17 07:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-09-16 21:09 . 2011-09-16 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-09-17 07:16 . 2011-09-17 07:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-09-16 21:09 . 2011-09-16 21:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 15:45 . 2011-09-17 07:19 127348 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2010-01-06 21:13 . 2011-09-16 21:08 525720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-01-06 21:13 . 2011-09-17 07:04 525720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-09-25 16:45 . 2011-09-17 07:04 272076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-09-25 16:45 . 2011-09-16 21:08 272076 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-09-17 07:04 . 2011-09-17 07:04 392876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3916821183-536908603-691957483-1000-8192.dat - 2010-09-25 16:45 . 2011-09-16 21:08 7696240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3916821183-536908603-691957483-1000-12288.dat + 2010-09-25 16:45 . 2011-09-16 21:24 7696240 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3916821183-536908603-691957483-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-19 2969496] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-29 222496] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 138240] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-08-18 17360520] "WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-09-13 2076512] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624] "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-08 273544] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] MultiMon Taskbar.lnk - c:\program files (x86)\MMTaskbar\MultiMon.exe [2009-11-25 454656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 136176] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Aion (North America)\bin32\GameGuard\dump_wmimmc.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 136176] R3 RTL85n64;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\system32\DRIVERS\RTL85n64.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x] S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x] S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-21 921952] S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-29 296808] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 16:06] . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 16:06] . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3916821183-536908603-691957483-1000Core.job - c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-23 17:40] . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3916821183-536908603-691957483-1000UA.job - c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-23 17:40] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\avgrssta.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm Trusted Zone: fgov.be Trusted Zone: fgov.be\ccff02.minfin TCP: DhcpNameServer = 195.130.131.3 195.130.130.131 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\onkiutk9.default\ FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files (x86)\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG9\Firefox FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-{d8a32f4b-0310-48cd-a223-da3ee92c7cca} - (no file) WebBrowser-{CE18769B-C7FA-42D2-860D-17C4662C70AD} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3916821183-536908603-691957483-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-3916821183-536908603-691957483-1000\Software\SecuROM\License information*] "datasecu"=hex:11,fb,c6,bf,a6,3d,66,00,0f,fa,11,a0,5d,73,82,cc,a5,42,52,ed,ee, ec,15,56,37,30,ac,52,70,4a,b3,9d,e7,cc,18,5c,7a,d4,d4,48,00,68,9d,d6,e9,7a,\ "rkeysecu"=hex:ae,52,fc,71,24,85,e5,6b,57,c4,de,a1,91,c5,11,a7 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\Windows Media Player\wmplayer.exe c:\program files (x86)\AVG\AVG9\avgcsrvx.exe c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\Windows Live\Contacts\wlcomm.exe c:\program files (x86)\AVG\AVG9\avgtray.exe c:\program files (x86)\Common Files\Steam\SteamService.exe c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe . ************************************************************************** . Voltooingstijd: 2011-09-17 09:24:39 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-17 07:24 ComboFix2.txt 2011-09-16 21:18 . Pre-Run: 278.737.932.288 bytes beschikbaar Post-Run: 277.854.113.792 bytes beschikbaar . - - End Of File - - EAFB0C2921330B7254EAA4B72BD68DE2 Voorlopig lijkt hij terug op redelijke snelheid te werken, maar ik weet niet in welke mate dit een placebo effect is
  13. Michelinde
    Combo-fix ComboFix 11-09-16.01 - Gebruiker 16/09/2011 22:59:02.1.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.6141.3859 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\INSTALL.LOG c:\users\Gebruiker\AppData\Local\ApplicationHistory c:\users\Gebruiker\AppData\Local\ApplicationHistory\Comrade.exe.cb24ae8d.ini c:\users\Gebruiker\AppData\Local\ApplicationHistory\csc.exe.3e4ac0af.ini c:\users\Gebruiker\AppData\Local\ApplicationHistory\dndlauncher.exe.885161f9.ini c:\users\Gebruiker\AppData\Local\ApplicationHistory\Launcher.exe.2b4f1592.ini c:\users\Gebruiker\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini c:\users\Gebruiker\AppData\Local\ApplicationHistory\TurbineInvoker.exe.1c42b334.ini c:\users\Gebruiker\AppData\Local\ApplicationHistory\TurbineLauncher.exe.60fa714e.ini c:\users\Gebruiker\AppData\Roaming\inst.exe c:\users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1 .lnk c:\windows\SysWow64\mfc100deu.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-16 to 2011-09-16 )))))))))))))))))))))))))))))) . . 2011-09-16 21:08 . 2011-09-16 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-09-16 17:57 . 2011-09-16 17:57 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-09-16 10:22 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D7FF70C3-A8C4-4FCF-9385-DD3E46688C32}\mpengine.dll 2011-09-16 02:40 . 2011-08-10 12:14 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat 2011-09-16 02:40 . 2011-08-10 12:14 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-09-08 16:05 . 2011-09-08 16:05 -------- d-----w- c:\programdata\ATI 2011-09-08 16:04 . 2011-09-08 16:04 -------- d-----w- c:\program files (x86)\AMD APP 2011-09-04 15:29 . 2009-03-27 18:36 290816 ----a-w- c:\windows\SysWow64\TubeFinder.exe 2011-09-04 15:29 . 2011-09-04 15:32 -------- d-----w- c:\program files (x86)\Free FLV Converter 2011-09-04 15:29 . 2008-06-04 15:42 9728 ----a-w- c:\windows\SysWow64\PCCLPFR.DLL 2011-09-04 15:29 . 2008-06-04 15:42 84512 ----a-w- c:\windows\SysWow64\PICCLP32.OCX 2011-09-04 15:29 . 2008-06-04 15:42 364544 ----a-w- c:\windows\SysWow64\PropertyGrid.ocx 2011-09-04 15:29 . 2008-06-04 15:42 32768 ----a-w- c:\windows\SysWow64\CMDLGFR.DLL 2011-09-04 15:29 . 2008-06-04 15:42 24576 ----a-w- c:\windows\SysWow64\ControlSubX.ocx 2011-09-04 15:29 . 2008-06-04 15:42 141312 ----a-w- c:\windows\SysWow64\MSCMCFR.DLL 2011-09-04 15:29 . 2008-06-04 15:42 119568 ----a-w- c:\windows\SysWow64\VB6FR.DLL 2011-09-04 15:29 . 2008-06-04 15:42 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL 2011-09-02 17:02 . 2011-09-02 17:02 -------- d-----w- c:\program files\iPod 2011-09-02 17:02 . 2011-09-02 17:03 -------- d-----w- c:\program files\iTunes 2011-09-02 17:02 . 2011-09-02 17:03 -------- d-----w- c:\program files (x86)\iTunes 2011-08-31 17:47 . 2011-08-31 17:47 466456 ----a-w- c:\windows\system32\wrap_oal.dll 2011-08-31 17:47 . 2011-08-31 17:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll 2011-08-31 17:47 . 2011-08-31 17:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2011-08-31 17:47 . 2011-08-31 17:47 -------- d-----w- c:\program files (x86)\OpenAL 2011-08-29 18:53 . 2011-08-29 18:53 -------- d-----w- c:\windows\SysWow64\E177E04D548C4006A465EEB92D3DE021 2011-08-24 18:19 . 2011-08-24 18:19 56320 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2011-08-24 18:18 . 2011-08-24 18:18 13601280 ----a-w- c:\windows\SysWow64\amdocl.dll 2011-08-24 15:37 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 15:37 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-20 07:05 . 2011-08-20 07:04 686426 ----a-w- c:\windows\unins000.exe 2011-08-20 00:02 . 2011-08-20 00:02 -------- d-----w- c:\users\Gebruiker\AppData\Local\Unity 2011-08-20 00:01 . 2011-08-20 00:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-08-19 18:53 . 2011-08-19 18:58 -------- d-----w- c:\users\Gebruiker\AppData\Local\Ubisoft Game Launcher 2011-08-19 18:50 . 2011-08-19 18:50 -------- d-----w- c:\program files (x86)\Ubisoft . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-09-13 15:10 . 2009-07-23 10:08 35664 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2011-08-31 17:47 . 2011-08-31 17:47 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2011-08-31 15:00 . 2009-10-17 22:57 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-28 22:23 . 2011-07-28 22:23 9980416 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2011-07-28 22:09 . 2011-07-08 03:54 23921664 ----a-w- c:\windows\system32\atio6axx.dll 2011-07-28 21:44 . 2011-07-28 21:44 18388480 ----a-w- c:\windows\SysWow64\atioglxx.dll 2011-07-28 21:40 . 2011-07-28 21:40 151552 ----a-w- c:\windows\system32\atiapfxx.exe 2011-07-28 21:40 . 2011-01-26 23:00 726528 ----a-w- c:\windows\SysWow64\aticfx32.dll 2011-07-28 21:39 . 2011-01-26 22:59 852992 ----a-w- c:\windows\system32\aticfx64.dll 2011-07-28 21:36 . 2011-07-08 03:25 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll 2011-07-28 21:36 . 2011-07-28 21:36 485376 ----a-w- c:\windows\system32\atieclxx.exe 2011-07-28 21:35 . 2011-07-28 21:35 204288 ----a-w- c:\windows\system32\atiesrxx.exe 2011-07-28 21:34 . 2011-07-28 21:34 120320 ----a-w- c:\windows\system32\atitmm64.dll 2011-07-28 21:34 . 2011-07-08 03:23 423424 ----a-w- c:\windows\system32\atipdl64.dll 2011-07-28 21:33 . 2011-07-28 21:33 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll 2011-07-28 21:33 . 2011-07-28 21:33 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll 2011-07-28 21:33 . 2011-07-28 21:33 21504 ----a-w- c:\windows\system32\atimuixx.dll 2011-07-28 21:33 . 2011-07-28 21:33 59392 ----a-w- c:\windows\system32\atiedu64.dll 2011-07-28 21:33 . 2011-07-28 21:33 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2011-07-28 21:30 . 2011-01-26 22:49 4198912 ----a-w- c:\windows\SysWow64\atidxx32.dll 2011-07-28 21:20 . 2011-07-28 21:20 4943360 ----a-w- c:\windows\system32\atidxx64.dll 2011-07-28 21:12 . 2011-07-28 21:12 1113088 ----a-w- c:\windows\system32\atiumd6v.dll 2011-07-28 21:11 . 2011-07-28 21:11 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll 2011-07-28 21:11 . 2011-07-08 03:05 3871744 ----a-w- c:\windows\system32\atiumd6a.dll 2011-07-28 21:11 . 2011-07-28 21:11 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2011-07-28 21:11 . 2011-07-28 21:11 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2011-07-28 21:11 . 2011-07-28 21:11 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2011-07-28 21:11 . 2011-07-28 21:11 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2011-07-28 21:10 . 2011-07-28 21:10 9644544 ----a-w- c:\windows\system32\aticaldd64.dll 2011-07-28 21:09 . 2011-01-26 22:28 4256768 ----a-w- c:\windows\SysWow64\atiumdag.dll 2011-07-28 21:07 . 2011-07-28 21:07 8247296 ----a-w- c:\windows\SysWow64\aticaldd.dll 2011-07-28 21:03 . 2011-01-26 22:24 4056064 ----a-w- c:\windows\SysWow64\atiumdva.dll 2011-07-28 21:02 . 2009-05-16 03:03 5399040 ----a-w- c:\windows\system32\atiumd64.dll 2011-07-28 21:01 . 2011-01-26 22:20 58880 ----a-w- c:\windows\system32\coinst.dll 2011-07-28 20:54 . 2011-07-08 02:47 378368 ----a-w- c:\windows\system32\atiadlxx.dll 2011-07-28 20:54 . 2011-07-28 20:54 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2011-07-28 20:54 . 2011-07-08 02:47 15360 ----a-w- c:\windows\system32\atig6pxx.dll 2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2011-07-28 20:54 . 2011-07-28 20:54 13312 ----a-w- c:\windows\system32\atiglpxx.dll 2011-07-28 20:54 . 2011-07-08 02:47 39936 ----a-w- c:\windows\system32\atig6txx.dll 2011-07-28 20:54 . 2011-07-28 20:54 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll 2011-07-28 20:54 . 2011-07-28 20:54 309248 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2011-07-28 20:53 . 2011-07-28 20:53 40960 ----a-w- c:\windows\system32\atiuxp64.dll 2011-07-28 20:53 . 2011-01-26 22:12 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2011-07-28 20:53 . 2011-01-26 22:12 38912 ----a-w- c:\windows\system32\atiu9p64.dll 2011-07-28 20:53 . 2011-01-26 22:12 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2011-07-28 20:52 . 2011-01-26 22:12 45056 ----a-w- c:\windows\system32\atitmp64.dll 2011-07-28 20:52 . 2011-07-28 20:52 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\atimpc64.dll 2011-07-28 20:51 . 2011-07-28 20:51 53760 ----a-w- c:\windows\system32\amdpcom64.dll 2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll 2011-07-28 20:51 . 2011-07-28 20:51 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2011-07-28 15:49 . 2011-07-28 15:49 60416 ----a-w- c:\windows\system32\OVDecode64.dll 2011-07-28 15:48 . 2011-07-28 15:48 16552960 ----a-w- c:\windows\system32\amdocl64.dll 2011-07-28 07:45 . 2011-07-28 07:45 22408 ----a-w- c:\windows\system32\drivers\LGBusEnum.sys 2011-07-28 07:45 . 2011-07-28 07:45 16008 ----a-w- c:\windows\system32\drivers\LGVirHid.sys 2011-07-28 07:45 . 2011-07-28 07:45 374792 ----a-w- c:\windows\system32\drivers\UMDF\lgSSQVGA.dll 2011-07-28 07:45 . 2011-07-28 07:45 157704 ----a-w- c:\windows\system32\drivers\UMDF\lgSSBW.dll 2011-07-22 05:42 . 2011-08-11 20:02 2303488 ----a-w- c:\windows\system32\jscript9.dll 2011-07-22 05:36 . 2011-08-11 20:02 1389056 ----a-w- c:\windows\system32\wininet.dll 2011-07-22 05:32 . 2011-08-11 20:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-22 02:54 . 2011-08-11 20:02 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll 2011-07-22 02:48 . 2011-08-11 20:02 1126912 ----a-w- c:\windows\SysWow64\wininet.dll 2011-07-22 02:44 . 2011-08-11 20:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-07-13 12:12 . 2010-09-13 20:11 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll 2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-07-08 17:16 . 2009-07-23 10:15 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-07-06 15:49 . 2011-08-11 07:41 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2011-06-27 14:23 . 2011-06-27 14:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll 2011-06-20 08:45 . 2011-08-11 07:41 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-06-19 16:32 . 2011-06-19 16:21 627600 ----a-w- c:\windows\system32\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-10-15 202024] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2010-09-19 2969496] "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-02 1242448] "ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2010-07-29 222496] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 138240] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-08-18 17360520] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240] "PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208] "AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-09-13 2076512] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2007-04-16 259624] "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-07-08 273544] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-18 421736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 336384] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] MultiMon Taskbar.lnk - c:\program files (x86)\MMTaskbar\MultiMon.exe [2009-11-25 454656] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 136176] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x] R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Aion (North America)\bin32\GameGuard\dump_wmimmc.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-20 136176] R3 RTL85n64;Stuurprogramma voor Realtek 8180/8185 Extensible 802.11-draadloos apparaat;c:\windows\system32\DRIVERS\RTL85n64.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [x] S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [x] S1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\System32\Drivers\avgtdia.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [2010-07-21 921952] S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-17 308136] S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-29 296808] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x] S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x] S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 16:06] . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-13 16:06] . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3916821183-536908603-691957483-1000Core.job - c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-23 17:40] . 2011-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3916821183-536908603-691957483-1000UA.job - c:\users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-23 17:40] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 97792 ----a-w- c:\users\Gebruiker\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504] "Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-06-14 110360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\avgrssta.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm Trusted Zone: fgov.be Trusted Zone: fgov.be\ccff02.minfin TCP: DhcpNameServer = 195.130.131.3 195.130.130.131 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\onkiutk9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542 FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=19946&mntrId=4a840205000000000000002586cf53555355 FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files (x86)\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - c:\program files (x86)\Mozilla Firefox\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files (x86)\AVG\AVG9\Firefox FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-{d8a32f4b-0310-48cd-a223-da3ee92c7cca} - (no file) Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe Wow6432Node-HKLM-Run-Flashget - c:\program files (x86)\FlashGet\FlashGet.exe WebBrowser-{CE18769B-C7FA-42D2-860D-17C4662C70AD} - (no file) WebBrowser-{D8A32F4B-0310-48CD-A223-DA3EE92C7CCA} - (no file) HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe AddRemove-Cheat Engine 6.0_is1 - c:\program files (x86)\Cheat Engine 6\unins000.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-3916821183-536908603-691957483-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-3916821183-536908603-691957483-1000\Software\SecuROM\License information*] "datasecu"=hex:11,fb,c6,bf,a6,3d,66,00,0f,fa,11,a0,5d,73,82,cc,a5,42,52,ed,ee, ec,15,56,37,30,ac,52,70,4a,b3,9d,e7,cc,18,5c,7a,d4,d4,48,00,68,9d,d6,e9,7a,\ "rkeysecu"=hex:ae,52,fc,71,24,85,e5,6b,57,c4,de,a1,91,c5,11,a7 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Windows Media Player\wmplayer.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files (x86)\AVG\AVG9\avgtray.exe c:\program files (x86)\AVG\AVG9\avgcsrvx.exe c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\Windows Live\Contacts\wlcomm.exe c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe c:\users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe . ************************************************************************** . Voltooingstijd: 2011-09-16 23:18:31 - machine werd herstart ComboFix-quarantined-files.txt 2011-09-16 21:18 . Pre-Run: 278.208.278.528 bytes beschikbaar Post-Run: 279.816.581.120 bytes beschikbaar . - - End Of File - - 028E4032B54AA7D9913846D5DDF2E412
  14. Michelinde
    MBAM ------------------------------------------------------------------------------------ Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 7729 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 16/09/2011 22:34:10 mbam-log-2011-09-16 (22-34-10).txt Scantype: Snelle scan Objecten gescand: 184970 Verstreken tijd: 5 minuut/minuten, 6 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 1 Bestanden geïnfecteerd: 4 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\Software\AppDataLow\Software\MarketPrecision (Adware.Adparatus) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge (Spyware.MarketScore) -> Quarantined and deleted successfully. Bestanden geïnfecteerd: c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\about relevantknowledge.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\privacy policy and user license agreement.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\Support.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. c:\programdata\microsoft\Windows\start menu\Programs\relevantknowledge\uninstall instructions.lnk (Spyware.MarketScore) -> Quarantined and deleted successfully. -------------------------------------------------------------------------------- Hijackthis: ------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:44:14, on 16/09/2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\Steam\Steam.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\MMTaskbar\MultiMon.exe C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.00.048\Applets\x86\LCDMedia.exe C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {d8a32f4b-0310-48cd-a223-da3ee92c7cca} - (no file) O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Flashget] "C:\Program Files (x86)\FlashGet\FlashGet.exe" /min O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: OpenOffice.org 3.1 .lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files (x86)\MMTaskbar\MultiMon.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.fgov.be O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET-statusservice (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - Unknown owner - c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12857 bytes ---------- Post toegevoegd om 22:46 ---------- Vorige post was om 22:44 ---------- Overigens heeft MBAM geen moeilijkheden gehad met het verwijderen van bestanden.
  15. Michelinde
    Eigenlijk geen idee of hij fouten heeft geconstateerd. Heb geen foutmeldingen of dergelijke gekregen en ben er niet bijgebleven toen hij bezig was met de controle.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.