Ga naar inhoud

Eggy

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    458

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door Eggy

  1. Eggy
    Oké, Eerst het verbeterde Hjtlog: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:47:33, on 28/11/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6913 bytes gevolgd door MBAMlog: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8257 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 28/11/2011 15:50:56 mbam-log-2011-11-28 (15-50-56).txt Scantype: Snelle scan Objecten gescand: 196329 Verstreken tijd: 2 minuut/minuten, 50 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  2. Eggy
    Oké, hier het Hjtlogje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:18:07, on 28/11/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\XviD\CheckUpdate.exe O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7121 bytes
  3. Eggy
    Yep, had deze al geprobeerd, zonder succes.
  4. Eggy
    Vroeger had ik Vista Ultimate en zat Dreamscene gewoon erbij. Nu heb ik Windows 7 Ultimate 64 bits. Als ik rechtsklik op mijn bureaublad krijg ik een venster voor de aanpassing en zie ik 'dreamscene uitvoeren' wel staan maar ik kan deze niet aanklikken. Nu heb ik wat gegoogled en, met enige schroom, een paar oplossingen gedownload. Geen van hen werkten. Buiten dit werd ook een paar keer mijn browser ongevraagd veranderd (geen babylon) wat mij dan weer wat werk gaf om dit te herstellen. Ik weet dat je Dreamscene in Windows 7 Ultimate kan uitvoeren maar niet hoe? Kan iemand mij zeggen hoe?
  5. Eggy
    Zoals Gerjannn hierboven zegt kan het zijn dat bepaalde programma's in conflikt geraken. Het lijkt me niet zo'n goed idee om beide versies te behouden. Het feit is dat omdat Java JRE 7.1 een volledige nieuwe versie is, de oude versie JRE 6.29 niet automatisch wordt verwijderd zoals het eerder was. Volgens JAVA werd bij een update van JRE 6 de oude verwijderd. Toch bleef ik JavaRa gebruiken en het bleek in het log dat deze toch nog de oudere versie verwijderde. In één van de discussies op dit forum herinner ik mij toch dat de moderator (Ik weet niet meer wie) uitlegde dat je eerst Java JRE 6.29 moest uninstalleren, het systeem terug opstarten en dan pas Java JRE 7.1 installeren.
  6. Eggy
    Neen, voordat je Java 7 wil installeren zal je eerst een uninstall van Java 6.29 moeten doen. Als je Java 7 bovenop 6.29 installeerde kan je 6.29 ook verwijderen met JavaRa
  7. Eggy
    Ok, bedankt. Dan sluit ik dit af.
  8. Eggy
    Goed, ik zal ESET NOD32 nog even uittesten. MBAM gebruik ik al lang. Die twee anderen gaan er vanaf. Ik zal nu Combofix verwijderen, CCleaner laten draaien en mijn vermoedelijk besmette herstelpunten verwijderen en dan dadelijk een vers herstelpunt aanmaken. Ik had ook al op Google gekeken naar onderwerpen in verband met Uniblue en daaruit bleek niet veel goeds. Bedankt voor de hulp. Ik laat het onderwerp nog even open moest je nog een aanmerking hebben. Ik neem aan dat ik ESET Online scanner onbeperkt mag gebruiken. Indien ja dan laat ik hem erop staan voor het geval dat.
  9. Eggy
    Goed, hier volgt het combofixlogje. Voor zover ik op het scherm heb kunnen volgen is alles van Uniblue weggeveegd. ComboFix 11-10-27.04 - Gebruiker 27/10/2011 16:21:20.3.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.4095.2475 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Gebruiker\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\RegistryBooster.job" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.bitness.log c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.data.log c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.elements.log c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}.native.weight.log c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\mia.lib c:\users\Gebruiker\AppData\Local\PackageAware c:\windows\Tasks\RegistryBooster.job . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))) . . 2011-10-27 14:24 . 2011-10-27 14:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-27 14:24 . 2011-10-27 14:24 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-10-27 14:24 . 2011-10-27 14:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-27 10:24 . 2011-10-27 10:24 -------- d-----w- c:\program files\ESET 2011-10-27 10:15 . 2011-10-27 10:15 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B694093F-3FA1-4107-8610-603A09811AC1}\offreg.dll 2011-10-27 08:06 . 2011-10-27 08:06 -------- d-----w- c:\program files (x86)\DirectVobSub 2011-10-27 08:03 . 2011-10-20 09:39 205312 ----a-w- c:\windows\system32\unrar64.dll 2011-10-26 19:17 . 2011-10-26 19:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2011-10-26 19:17 . 2011-10-26 19:19 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2011-10-26 17:46 . 2011-10-26 17:47 -------- d-----w- c:\program files (x86)\Music NFO Builder 2011-10-26 08:07 . 2011-10-26 08:07 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com 2011-10-26 08:07 . 2011-10-26 08:07 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-10-26 08:07 . 2011-10-26 08:07 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2011-10-25 16:12 . 2011-10-25 16:12 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Auslogics 2011-10-25 16:09 . 2011-10-25 16:09 -------- d-----w- c:\program files (x86)\Auslogics 2011-10-25 13:24 . 2011-10-25 13:24 -------- d-----w- c:\program files (x86)\ESET 2011-10-25 07:14 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B694093F-3FA1-4107-8610-603A09811AC1}\mpengine.dll 2011-10-23 20:43 . 2011-10-23 20:43 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2011-10-23 20:43 . 2011-10-23 20:43 882496 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-10-21 18:31 . 2011-10-21 18:31 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\AnvSoft 2011-10-21 13:16 . 2010-11-19 16:04 892928 ----a-w- c:\windows\SysWow64\iconv.dll 2011-10-21 13:16 . 2010-11-19 16:04 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax 2011-10-21 12:04 . 2011-10-21 15:42 -------- d-----w- c:\program files (x86)\Common Files\AltrixSoft 2011-10-20 14:46 . 2011-10-21 18:37 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\dvdcss 2011-10-20 14:33 . 2009-10-11 13:58 45056 ----a-w- c:\windows\SysWow64\WNASPI32.DLL 2011-10-20 14:33 . 2009-10-11 13:58 16512 ----a-w- c:\windows\SysWow64\drivers\ASPI32.SYS 2011-10-20 10:40 . 2011-10-21 20:11 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt 2011-10-19 13:38 . 2011-10-19 13:38 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\DivX 2011-10-19 13:28 . 2011-10-20 09:14 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared 2011-10-18 15:44 . 2011-10-18 15:44 -------- d-----w- c:\program files (x86)\CoreCodec 2011-10-18 07:07 . 2011-10-18 07:07 745472 ----a-w- c:\windows\system32\LameACM.acm 2011-10-17 14:35 . 2011-10-17 14:35 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2011-10-12 01:02 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 01:02 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 01:02 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 01:02 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-12 01:02 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-12 01:02 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 01:02 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 01:02 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-12 01:02 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-11 10:27 . 2011-10-11 10:27 -------- d-----w- c:\users\Gebruiker\AppData\Local\MPlayer 2011-10-10 19:55 . 2011-10-27 08:03 -------- d-----w- c:\program files\DirectVobSub 2011-10-10 15:27 . 2011-10-11 14:37 -------- d-----w- c:\program files (x86)\Subrip 2011-10-08 22:16 . 2011-10-25 15:47 -------- d-----w- c:\program files (x86)\Gabest 2011-10-08 09:45 . 2011-10-11 11:33 82816 ----a-w- c:\users\Gebruiker\AppData\Roaming\pcouffin.sys 2011-10-07 15:08 . 2011-10-07 15:08 -------- d-----w- c:\users\Gebruiker\AppData\Local\eSupport.com 2011-10-07 15:08 . 2011-10-07 15:08 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS 2011-10-07 14:36 . 2011-10-07 14:36 1519720 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-07 14:36 . 2011-10-07 14:36 1453160 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-07 12:29 . 2011-10-13 13:24 -------- d-----w- c:\programdata\GoldWaveCDDB 2011-10-07 12:29 . 2011-10-07 12:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\GoldWaveCDDB 2011-10-06 13:09 . 2011-10-06 13:09 -------- d-----w- c:\programdata\eSellerate 2011-10-06 13:08 . 2005-04-13 15:00 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll 2011-10-06 13:08 . 2001-09-05 22:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-10-06 13:08 . 2001-09-05 22:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-10-06 13:08 . 2001-09-05 22:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-10-06 12:57 . 2002-07-26 10:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-10-05 14:41 . 2011-10-05 14:41 -------- d-----w- c:\windows\system32\Macromed 2011-10-03 08:10 . 2011-10-07 14:58 -------- d-----w- c:\users\Gebruiker\AppData\Local\ElevatedDiagnostics 2011-09-30 12:33 . 2011-10-21 13:36 -------- d-----w- c:\program files (x86)\JDownloader 2011-09-30 12:30 . 2011-09-30 12:30 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-09-30 12:29 . 2011-10-03 03:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-27 07:53 . 2011-09-10 17:17 758272 ----a-w- c:\windows\system32\cohelper.dll 2011-10-05 14:42 . 2011-08-03 14:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-24 08:51 . 2011-09-24 08:51 1490656 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll 2011-09-10 17:17 . 2011-09-10 17:17 953344 ----a-w- c:\windows\system32\fdco2.dll 2011-09-10 17:17 . 2011-09-10 17:17 349416 ----a-w- c:\windows\system32\drivers\nvmf6264.sys 2011-09-10 17:17 . 2011-09-10 17:17 229480 ----a-w- c:\windows\system32\nvconrm.dll 2011-08-31 15:00 . 2011-08-03 10:04 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-09 12:24 . 2011-08-09 12:24 202576 ----a-w- c:\windows\system32\drivers\eamonm.sys 2011-08-04 10:27 . 2011-08-04 09:26 65536 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe 2011-08-04 07:20 . 2011-08-04 07:20 146432 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2011-08-04 07:20 . 2011-08-04 07:20 137144 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys 2011-08-03 21:10 . 2011-08-03 21:10 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2011-08-03 20:32 . 2011-08-03 20:21 249856 ------w- c:\windows\Setup1.exe 2011-08-03 20:32 . 2011-08-03 20:21 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-08-03 19:27 . 2011-08-03 19:27 81920 ---ha-w- c:\windows\SysWow64\v3shrtkgn.dll 2011-08-03 13:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-03 13:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-03 11:50 . 2011-08-03 14:23 980072 ----a-w- c:\windows\system32\nvvsvc.exe 2011-08-03 11:50 . 2011-08-03 14:23 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-08-03 11:50 . 2011-08-03 14:23 61544 ----a-w- c:\windows\system32\nvshext.dll 2011-08-03 11:50 . 2011-08-03 14:23 6136936 ----a-w- c:\windows\system32\nvcpl.dll 2011-08-03 11:50 . 2011-08-03 14:23 3021416 ----a-w- c:\windows\system32\nvsvc64.dll 2011-08-03 11:50 . 2011-08-03 14:23 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-08-03 11:50 . 2011-08-03 14:23 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-08-03 11:50 . 2011-05-21 04:01 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-08-03 11:50 . 2011-05-21 04:01 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-08-03 11:50 . 2011-05-21 04:01 2758760 ----a-w- c:\windows\system32\nvapi64.dll 2011-08-03 11:50 . 2011-05-21 04:01 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-08-03 11:37 . 2011-08-03 11:37 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-03 09:54 . 2011-08-03 09:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-03 09:54 . 2011-08-03 09:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-03 09:54 . 2011-08-03 09:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-03 09:54 . 2011-08-03 09:54 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-03 09:54 . 2011-08-03 09:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-03 09:54 . 2011-08-03 09:54 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-03 09:54 . 2011-08-03 09:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-03 09:54 . 2011-08-03 09:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-03 09:54 . 2011-08-03 09:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-03 09:54 . 2011-08-03 09:54 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-03 09:54 . 2011-08-03 09:54 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-03 09:54 . 2011-08-03 09:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-03 09:54 . 2011-08-03 09:54 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-03 09:54 . 2011-08-03 09:54 448512 ----a-w- c:\windows\system32\html.iec 2011-08-03 09:54 . 2011-08-03 09:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-03 09:54 . 2011-08-03 09:54 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-03 09:54 . 2011-08-03 09:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-03 09:54 . 2011-08-03 09:54 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-03 09:54 . 2011-08-03 09:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-03 09:54 . 2011-08-03 09:54 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-03 09:54 . 2011-08-03 09:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-03 09:54 . 2011-08-03 09:54 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-03 09:54 . 2011-08-03 09:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-03 09:54 . 2011-08-03 09:54 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-03 09:54 . 2011-08-03 09:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-03 09:54 . 2011-08-03 09:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-03 09:54 . 2011-08-03 09:54 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-03 09:54 . 2011-08-03 09:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-03 09:54 . 2011-08-03 09:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-03 09:54 . 2011-08-03 09:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-03 09:54 . 2011-08-03 09:54 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-03 09:54 . 2011-08-03 09:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-03 09:54 . 2011-08-03 09:54 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-03 09:54 . 2011-08-03 09:54 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-03 09:54 . 2011-08-03 09:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-03 09:54 . 2011-08-03 09:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-20 641400] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-04 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver; [x] R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - EAMONM *NewlyCreated* - EHDRV *NewlyCreated* - EPFWWFPR . Inhoud van de 'Gedeelde Taken' map . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 19:27] . 2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 19:27] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: Download de Link met Mega Manager... IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 195.130.131.3 195.130.130.131 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1655816330-626638330-2450798617-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{177F3732-3068-E878-C402-C2835CE0D446}*] "iadfnjlkofocfemknc"=hex:6a,61,6c,6b,70,69,67,6d,6b,6a,69,63,67,63,70,6a,70,63, 6b,61,00,00 "hafebpejplfjipen"=hex:6c,62,6e,67,68,69,61,6f,6a,65,65,6c,67,68,66,6f,67,6d, 70,68,6c,66,6e,68,6e,70,6f,6c,66,6d,6b,66,68,6f,68,6d,62,6c,6e,6c,6e,6e,61,\ "hafebpejkllfoamh"=hex:70,62,6b,66,66,70,6d,70,64,64,6f,63,66,6a,6b,6f,6e,6f, 64,66,61,61,6f,6d,66,70,68,6f,62,66,6c,6a,64,65,62,69,69,6f,62,63,68,6e,6b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG15.00.00.01PROFESSIONAL"="296DCCFBE00656291466B79B94012E16EAFBBEEBBAE41F16042DDA980F478435DF8F93AFF35EAFAC4272926A188842556853C448AA2D1AE6C2260E732964C885C4E10D7C2CFAA2A6C1ED6762573455C0DD4FB369C67114498C3267C51F97CF879C3ADD12994A0734D72B6418B48198EAB2DC616CE25CB6E60A7A865054D25B1BEF9D1074FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A4DA3E5F3779A21F199FBB039DE72977B97D974FC9183E7581F5124381EE1C35457DE20B58F06B0D04A4AF8A01570FC1B69B1FC32D716C1438786C05F85BD597BFD71266EA8678D75E48099F0483615720048FA559330D512C81031CC7AF8F57FA4D4E12309BC0B622B7E098472D0033A3D2B8A070998B8D58B881293144DD5C69AF3AC22BC721354F1572DF2FC7B22770939171D795B67EC038365FB927B6DF7B491EC0A1D55A326B731FEFE3FA22553D4B336B39CC402B691015062D98776EA7D3656720C3905FFADDEB5B51A15A36C0EC5C7380173D72DBC2B278198F5D6CEA00A0A874C44DC30DCE8148284BCE9539E4ED06DE7FAA83A647CBA54FB50D0DC0F1828633BDFABA2DB9AE6E5B3CD313E58F6EAE4AC8E563DB89BF91E5E60EDBADC2641BB24BEB727383611CA4EA23228CBF08127CE5B06C8FE71052B7364AB538FCC0920E3B526E748231B27E84598AF53C0964F1803249DCB46414E26993CC6BA1B92B248E4985CC0754272AE6F8E9EDBDE1F1EAF2747BE0B80794C8F79B26D4A3903C1AFDCAE01CD0AA03AC26E72DC5732997ECD067D8BC2DE72A1091791D07EBAE2C53723902071433E2CB0AEC19D07D9948425D5A0996C11939A397A95D1A57A0777F8CD7B833FA1279168DB7C6E9F38F0A77900688989AD03E309D8B6AA73314AE8A9C4FADCDA1920A596159A06BE08EF7DC9784A870CCEBC8286F6298CE46DE76A7A92C5A069A20EE2C684666B740BA3F08D1538F4E6468FB4209D493B1487885CF6F5E8F8FE9CB156439D82D3385DF22D3D556B269E0E80FF81DEE57F6E2FB293D5ABAEDA187CAFE2021CE5BC596EA775B6AD1E17AB3344C898F20B7C9B82A42EE0F796D78E275403F1EC82EDC4EEDA97F0CF23DBF45B515F67C3B58585C67C4A7E3B6D854D9490364E34B3368F89EB6676DC538F971FB5A062E78B2D5573A3970E173CE7744E60578DBC1CFDDD9D631F96F3D1DEF853BA3C229F317F8244F3B91C89442AAEA1396291F783CB4A694BD672FB087E9C4C78E7A21AA267BB276FA1D0AE078B889B71EE3FD21026A88F91A1DF4D9E937669DC8BE0001D41DE723BC644D060EF1D1DF135FFBD0837F9ECC11D2C3578729165D15E5E3406D9F1CED59FEEC9471A8E7BE84" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-10-27 16:27:02 ComboFix-quarantined-files.txt 2011-10-27 14:27 . Pre-Run: 117.955.067.904 bytes beschikbaar Post-Run: 117.975.482.368 bytes beschikbaar . - - End Of File - - B0E656E073B5ACC87918C1A0FDE600A8 Gisteren draaide ik nog eens voor alle zekerheid ESET Online Scanner. Die vond niets. Ik voeg hierbij toch maar het logje: # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0a3367a60f2a1949b05644fa71a34640 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-10-26 09:33:39 # local_time=2011-10-26 11:33:39 (+0100, West-Europa (zomertijd)) # country="Belgium" # lang=2067 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 7287940 7287940 0 0 # compatibility_mode=1792 16777215 100 0 626787 626787 0 0 # compatibility_mode=5893 16776573 100 94 591 71289265 0 0 # compatibility_mode=8192 67108863 100 0 110322 110322 0 0 # scanned=144242 # found=0 # cleaned=0 # scan_time=5404 Nu kan je zien in het logje van Combofix dat ik nog van alle soorten free antispywareprogrammma's heb gedownload en heb laten draaien. Behalve wat adware en tracking cookies werd er niets meer gevonden. Ik moet ook wel vermelden dat deze week AVIRA Free een update had naar de versie 2012. Je ziet ook in het Combofix logje dat ik nu ESET NOD32 heb als virusbescherming. Dit is maar een proefversie voor 30 dagen. Ik moet er wel bij toevoegen dat sinds ik een uninstall van AVIRA Free 2012 deed en ESET NOD32 installeerde mijn taakbalk zich terug normaal gedroeg. Kan het zijn dat AVIRA deze 'glitsch' veroorzaakte? Ik liet ESET NOD32 scannen en die vond ook niets. En hebben de gratis programma's van Superantispyware en Spybot een meerwaarde of mogen deze weg?
  10. Eggy
    En ja hoor, na het terug opstarten ging ie kortstondig naar omhoog (mijn taakbalk natuurlijk)
  11. Eggy
    Oké, Eset online laten draaien. Hier volgt logje: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0a3367a60f2a1949b05644fa71a34640 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-10-25 02:20:44 # local_time=2011-10-25 04:20:44 (+0100, West-Europa (zomertijd)) # country="Belgium" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 7177889 7177889 0 0 # compatibility_mode=1792 16777215 100 0 516736 516736 0 0 # compatibility_mode=5893 16776573 100 94 2921 71179214 0 0 # compatibility_mode=8192 67108863 100 0 271 271 0 0 # scanned=147018 # found=10 # cleaned=10 # scan_time=3079 C:\Program Files (x86)\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Uniblue\RegistryBooster\rb_ubm.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A9T25SRX\translate_c[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUW5E7FI\72560[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P5S9A8QG\index-functions[1].js Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Gebruiker\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PKXSSXNR\2baksa_net[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C Wat ik raar vind is dat UNIBLUE RegistryBooster gedoe. Mijn buurman is 71 jaar oud en sinds een tweetal jaren in het bezit van een laptop met internetverbinding. Geregeld moet ik de rotzooi op zijn laptop gaan opruimen en in orde maken. Ondanks het feit dat ik de freeware CCLEANER bij hem installeerde kocht hij onlangs online UNIBLUE REGISTRYBOOSTER. Ik heb de E-mail gezien met de registratiegegevens. Hij had de software bij hem geïnstalleerd. Ik kende het programma niet. Hij vroeg mij toen om het op mijn PC uit te testen met zijn registratieserial (Ik weet het wel, het mag niet) wat ik ook deed. Ik vond het geen meerwaarde omdat ik om eerlijk te zijn voorzichtig ben met registerwijzigingen. Ik was van plan het te uninstallen. Nu komt ie voor in de ESET lijst. Raar. Maar goed ESET online heeft blijkbaar nog van alles gevonden wat noch AVIRA noch MBAM hebben gevonden. Ik ben van plan ESET online te behouden. Mag ik hiervan eigenlijk onbeperkt gebruik van maken? ---------- Post toegevoegd om 17:01 ---------- Vorige post was om 16:56 ---------- By the way, net nadat ik het vorige bericht plaatste versprong mijn taakbalk alweer eens. Tijdens het gehele proces van ESET heb ik naar mijn scherm zitten staren. Tot vier maal toe versprong de taakbalk. Ik moet wel erbij zeggen dat het geen invloed heeft op de prestaties van mijn PC maar echt normaal vind ik het niet. Ik ga nu mijn PC eens terug opstarten en dan nog eens een tijdje zitten staren naar het terug opgestartte scherm om te zien of ie het weer doet.
  12. Eggy
    Voor alle zekerheid hier nog mijn log van MBAM: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8016 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 25/10/2011 14:11:24 mbam-log-2011-10-25 (14-11-24).txt Scantype: Volledige scan (C:\|D:\|) Objecten gescand: 331344 Verstreken tijd: 40 minuut/minuten, 30 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  13. Eggy
    Die springt nog altijd sporadisch tevoorschijn zonder dat er actie is op de pc of dat de muisaanwijzer in de buurt is van de taakbalk. Dat was gisteren toch nog het geval.
  14. Eggy
    Sorry voor het late antwoord maar ik had zondagsverplichtingen. Ik heb, zoals voorgeschreven de service HDDSvs stopgezet en ge-delete. Hier volgt mijn HJTlog: ComboFix 11-10-23.01 - Gebruiker 23/10/2011 21:27:09.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.4095.2880 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\test.txt c:\users\Gebruiker\AppData\Roaming\DVDSubEditLastFile0.txt c:\users\Gebruiker\AppData\Roaming\inst.exe c:\users\Gebruiker\AppData\Roaming\vso_ts_preview.xml c:\windows\SysWow64\xvidcore.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-23 to 2011-10-23 )))))))))))))))))))))))))))))) . . 2011-10-23 19:30 . 2011-10-23 19:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-23 19:30 . 2011-10-23 19:30 -------- d-----w- c:\users\Public\AppData\Local\temp 2011-10-23 19:30 . 2011-10-23 19:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-23 19:12 . 2011-10-23 19:12 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF56341A-3677-44C9-82F1-F1F2BDD92377}\offreg.dll 2011-10-21 18:31 . 2011-10-21 18:31 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\AnvSoft 2011-10-21 13:16 . 2010-11-19 16:04 892928 ----a-w- c:\windows\SysWow64\iconv.dll 2011-10-21 13:16 . 2010-11-19 16:04 675840 ----a-w- c:\windows\SysWow64\ac3filter.ax 2011-10-21 12:04 . 2011-10-21 15:42 -------- d-----w- c:\program files (x86)\Common Files\AltrixSoft 2011-10-21 08:47 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF56341A-3677-44C9-82F1-F1F2BDD92377}\mpengine.dll 2011-10-20 14:46 . 2011-10-21 18:37 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\dvdcss 2011-10-20 14:33 . 2009-10-11 13:58 45056 ----a-w- c:\windows\SysWow64\WNASPI32.DLL 2011-10-20 14:33 . 2009-10-11 13:58 16512 ----a-w- c:\windows\SysWow64\drivers\ASPI32.SYS 2011-10-20 10:40 . 2011-10-21 20:11 -------- d-----w- c:\program files (x86)\DVDFab 8 Qt 2011-10-19 13:57 . 2011-10-19 13:57 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Avira 2011-10-19 13:57 . 2011-10-11 13:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2011-10-19 13:57 . 2011-10-11 13:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-10-19 13:57 . 2011-10-11 13:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-10-19 13:57 . 2011-10-19 13:57 -------- d-----w- c:\programdata\Avira 2011-10-19 13:57 . 2011-10-19 13:57 -------- d-----w- c:\program files (x86)\Avira 2011-10-19 13:38 . 2011-10-19 13:38 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\DivX 2011-10-19 13:28 . 2011-10-20 09:14 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared 2011-10-18 15:44 . 2011-10-18 15:44 -------- d-----w- c:\program files (x86)\CoreCodec 2011-10-17 14:35 . 2011-10-17 14:35 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2011-10-15 21:15 . 2011-10-22 12:41 -------- d-----w- c:\program files (x86)\Music NFO Builder 2011-10-15 19:57 . 2011-10-15 19:57 -------- dc-h--w- c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42} 2011-10-15 19:57 . 2011-10-15 19:57 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Uniblue 2011-10-15 19:57 . 2011-10-15 19:57 -------- d-----w- c:\program files (x86)\Uniblue 2011-10-15 19:57 . 2011-10-15 19:57 -------- d-----w- c:\users\Gebruiker\AppData\Local\PackageAware 2011-10-12 01:02 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-12 01:02 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-12 01:02 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-12 01:02 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-12 01:02 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-12 01:02 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-12 01:02 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-12 01:02 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-12 01:02 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-11 10:27 . 2011-10-11 10:27 -------- d-----w- c:\users\Gebruiker\AppData\Local\MPlayer 2011-10-10 19:55 . 2011-10-10 19:55 -------- d-----w- c:\program files\DirectVobSub 2011-10-10 19:55 . 2011-01-04 15:28 203264 ----a-w- c:\windows\system32\unrar64.dll 2011-10-10 19:51 . 2011-10-10 19:51 -------- d-----w- c:\program files (x86)\DirectVobSub 2011-10-10 15:27 . 2011-10-11 14:37 -------- d-----w- c:\program files (x86)\Subrip 2011-10-08 22:16 . 2011-10-08 22:16 -------- d-----w- c:\program files (x86)\Gabest 2011-10-08 09:45 . 2011-10-11 11:33 82816 ----a-w- c:\users\Gebruiker\AppData\Roaming\pcouffin.sys 2011-10-07 15:08 . 2011-10-07 15:08 -------- d-----w- c:\users\Gebruiker\AppData\Local\eSupport.com 2011-10-07 15:08 . 2011-10-07 15:08 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS 2011-10-07 14:36 . 2011-10-07 14:36 1519720 ----a-w- c:\windows\system32\nvdispco64.dll 2011-10-07 14:36 . 2011-10-07 14:36 1453160 ----a-w- c:\windows\system32\nvgenco64.dll 2011-10-07 12:29 . 2011-10-13 13:24 -------- d-----w- c:\programdata\GoldWaveCDDB 2011-10-07 12:29 . 2011-10-07 12:29 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\GoldWaveCDDB 2011-10-06 13:09 . 2011-10-06 13:09 -------- d-----w- c:\programdata\eSellerate 2011-10-06 13:08 . 2005-04-13 15:00 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll 2011-10-06 13:08 . 2001-09-05 22:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-10-06 13:08 . 2001-09-05 22:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-10-06 13:08 . 2001-09-05 22:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-10-06 12:57 . 2002-07-26 10:07 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-10-05 14:41 . 2011-10-05 14:41 -------- d-----w- c:\windows\system32\Macromed 2011-10-03 08:10 . 2011-10-07 14:58 -------- d-----w- c:\users\Gebruiker\AppData\Local\ElevatedDiagnostics 2011-09-30 12:33 . 2011-10-21 13:36 -------- d-----w- c:\program files (x86)\JDownloader 2011-09-30 12:30 . 2011-09-30 12:30 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-09-30 12:29 . 2011-10-03 03:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-09-26 08:19 . 2011-09-26 08:19 -------- d-----w- c:\windows\system32\oodag 2011-09-26 08:17 . 2011-09-26 08:17 -------- d-----w- c:\users\Gebruiker\AppData\Local\O&O 2011-09-26 08:17 . 2011-09-26 08:17 -------- d-----w- c:\program files\OO Software 2011-09-26 08:16 . 2011-09-26 08:16 -------- d-----w- c:\users\Gebruiker\AppData\Local\Downloaded Installations 2011-09-24 08:51 . 2011-09-24 08:51 1490656 ----a-w- c:\windows\system32\WdfCoinstaller01007.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-07 14:44 . 2011-09-10 17:17 758272 ----a-w- c:\windows\system32\cohelper.dll 2011-10-05 14:42 . 2011-08-03 14:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-18 17:19 . 2011-09-18 17:19 2249032 ----a-w- c:\windows\system32\ooscrsav.scr 2011-09-18 17:18 . 2011-09-18 17:18 350024 ----a-w- c:\windows\system32\oodbs.exe 2011-09-18 17:17 . 2011-09-18 17:17 535880 ----a-w- c:\windows\system32\oodssrs.dll 2011-09-18 17:16 . 2011-09-18 17:16 9544 ----a-w- c:\windows\system32\oodbsrs.dll 2011-09-10 17:17 . 2011-09-10 17:17 953344 ----a-w- c:\windows\system32\fdco2.dll 2011-09-10 17:17 . 2011-09-10 17:17 349416 ----a-w- c:\windows\system32\drivers\nvmf6264.sys 2011-09-10 17:17 . 2011-09-10 17:17 229480 ----a-w- c:\windows\system32\nvconrm.dll 2011-08-31 15:00 . 2011-08-03 10:04 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-04 10:27 . 2011-08-04 09:26 65536 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe 2011-08-03 21:10 . 2011-08-03 21:10 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2011-08-03 20:32 . 2011-08-03 20:21 249856 ------w- c:\windows\Setup1.exe 2011-08-03 20:32 . 2011-08-03 20:21 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-08-03 19:27 . 2011-08-03 19:27 81920 ---ha-w- c:\windows\SysWow64\v3shrtkgn.dll 2011-08-03 13:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-03 13:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-03 11:50 . 2011-08-03 14:23 980072 ----a-w- c:\windows\system32\nvvsvc.exe 2011-08-03 11:50 . 2011-08-03 14:23 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll 2011-08-03 11:50 . 2011-08-03 14:23 61544 ----a-w- c:\windows\system32\nvshext.dll 2011-08-03 11:50 . 2011-08-03 14:23 6136936 ----a-w- c:\windows\system32\nvcpl.dll 2011-08-03 11:50 . 2011-08-03 14:23 3021416 ----a-w- c:\windows\system32\nvsvc64.dll 2011-08-03 11:50 . 2011-08-03 14:23 2560616 ----a-w- c:\windows\system32\nvsvcr.dll 2011-08-03 11:50 . 2011-08-03 14:23 117864 ----a-w- c:\windows\system32\nvmctray.dll 2011-08-03 11:50 . 2011-05-21 04:01 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll 2011-08-03 11:50 . 2011-05-21 04:01 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2011-08-03 11:50 . 2011-05-21 04:01 2758760 ----a-w- c:\windows\system32\nvapi64.dll 2011-08-03 11:50 . 2011-05-21 04:01 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2011-08-03 11:37 . 2011-08-03 11:37 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-03 09:54 . 2011-08-03 09:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-03 09:54 . 2011-08-03 09:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-03 09:54 . 2011-08-03 09:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-03 09:54 . 2011-08-03 09:54 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-03 09:54 . 2011-08-03 09:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-03 09:54 . 2011-08-03 09:54 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-03 09:54 . 2011-08-03 09:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-03 09:54 . 2011-08-03 09:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-03 09:54 . 2011-08-03 09:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-03 09:54 . 2011-08-03 09:54 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-03 09:54 . 2011-08-03 09:54 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-03 09:54 . 2011-08-03 09:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-03 09:54 . 2011-08-03 09:54 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-03 09:54 . 2011-08-03 09:54 448512 ----a-w- c:\windows\system32\html.iec 2011-08-03 09:54 . 2011-08-03 09:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-03 09:54 . 2011-08-03 09:54 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-03 09:54 . 2011-08-03 09:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-03 09:54 . 2011-08-03 09:54 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-03 09:54 . 2011-08-03 09:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-03 09:54 . 2011-08-03 09:54 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-03 09:54 . 2011-08-03 09:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-03 09:54 . 2011-08-03 09:54 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-03 09:54 . 2011-08-03 09:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-03 09:54 . 2011-08-03 09:54 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-03 09:54 . 2011-08-03 09:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-03 09:54 . 2011-08-03 09:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-03 09:54 . 2011-08-03 09:54 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-03 09:54 . 2011-08-03 09:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-03 09:54 . 2011-08-03 09:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-03 09:54 . 2011-08-03 09:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-03 09:54 . 2011-08-03 09:54 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-03 09:54 . 2011-08-03 09:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-03 09:54 . 2011-08-03 09:54 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-03 09:54 . 2011-08-03 09:54 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-03 09:54 . 2011-08-03 09:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-03 09:54 . 2011-08-03 09:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-10-20 641400] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-04 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x] R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver; [x] R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver; [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464] S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2011-09-18 3271496] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496] S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 19:27] . 2011-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 19:27] . 2011-10-23 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-15 09:48] . . --------- x86-64 ----------- . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ IE: Download de Link met Mega Manager... IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 195.130.131.3 195.130.130.131 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1655816330-626638330-2450798617-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{177F3732-3068-E878-C402-C2835CE0D446}*] "iadfnjlkofocfemknc"=hex:6a,61,6c,6b,70,69,67,6d,6b,6a,69,63,67,63,70,6a,70,63, 6b,61,00,00 "hafebpejplfjipen"=hex:6c,62,6e,67,68,69,61,6f,6a,65,65,6c,67,68,66,6f,67,6d, 70,68,6c,66,6e,68,6e,70,6f,6c,66,6d,6b,66,68,6f,68,6d,62,6c,6e,6c,6e,6e,61,\ "hafebpejkllfoamh"=hex:70,62,6b,66,66,70,6d,70,64,64,6f,63,66,6a,6b,6f,6e,6f, 64,66,61,61,6f,6d,66,70,68,6f,62,66,6c,6a,64,65,62,69,69,6f,62,63,68,6e,6b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG15.00.00.01PROFESSIONAL"="296DCCFBE00656291466B79B94012E16EAFBBEEBBAE41F16042DDA980F478435DF8F93AFF35EAFAC4272926A188842556853C448AA2D1AE6C2260E732964C885C4E10D7C2CFAA2A6C1ED6762573455C0DD4FB369C67114498C3267C51F97CF879C3ADD12994A0734D72B6418B48198EAB2DC616CE25CB6E60A7A865054D25B1BEF9D1074FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D1407A4DA3E5F3779A21F199FBB039DE72977B97D974FC9183E7581F5124381EE1C35457DE20B58F06B0D04A4AF8A01570FC1B69B1FC32D716C1438786C05F85BD597BFD71266EA8678D75E48099F0483615720048FA559330D512C81031CC7AF8F57FA4D4E12309BC0B622B7E098472D0033A3D2B8A070998B8D58B881293144DD5C69AF3AC22BC721354F1572DF2FC7B22770939171D795B67EC038365FB927B6DF7B491EC0A1D55A326B731FEFE3FA22553D4B336B39CC402B691015062D98776EA7D3656720C3905FFADDEB5B51A15A36C0EC5C7380173D72DBC2B278198F5D6CEA00A0A874C44DC30DCE8148284BCE9539E4ED06DE7FAA83A647CBA54FB50D0DC0F1828633BDFABA2DB9AE6E5B3CD313E58F6EAE4AC8E563DB89BF91E5E60EDBADC2641BB24BEB727383611CA4EA23228CBF08127CE5B06C8FE71052B7364AB538FCC0920E3B526E748231B27E84598AF53C0964F1803249DCB46414E26993CC6BA1B92B248E4985CC0754272AE6F8E9EDBDE1F1EAF2747BE0B80794C8F79B26D4A3903C1AFDCAE01CD0AA03AC26E72DC5732997ECD067D8BC2DE72A1091791D07EBAE2C53723902071433E2CB0AEC19D07D9948425D5A0996C11939A397A95D1A57A0777F8CD7B833FA1279168DB7C6E9F38F0A77900688989AD03E309D8B6AA73314AE8A9C4FADCDA1920A596159A06BE08EF7DC9784A870CCEBC8286F6298CE46DE76A7A92C5A069A20EE2C684666B740BA3F08D1538F4E6468FB4209D493B1487885CF6F5E8F8FE9CB156439D82D3385DF22D3D556B269E0E80FF81DEE57F6E2FB293D5ABAEDA187CAFE2021CE5BC596EA775B6AD1E17AB3344C898F20B7C9B82A42EE0F796D78E275403F1EC82EDC4EEDA97F0CF23DBF45B515F67C3B58585C67C4A7E3B6D854D9490364E34B3368F89EB6676DC538F971FB5A062E78B2D5573A3970E173CE7744E60578DBC1CFDDD9D631F96F3D1DEF853BA3C229F317F8244F3B91C89442AAEA1396291F783CB4A694BD672FB087E9C4C78E7A21AA267BB276FA1D0AE078B889B71EE3FD21026A88F91A1DF4D9E937669DC8BE0001D41DE723BC644D060EF1D1DF135FFBD0837F9ECC11D2C3578729165D15E5E3406D9F1CED59FEEC9471A8E7BE84" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-10-23 21:33:10 ComboFix-quarantined-files.txt 2011-10-23 19:33 . Pre-Run: 112.691.261.440 bytes beschikbaar Post-Run: 112.549.339.136 bytes beschikbaar . - - End Of File - - A5D05BACBE0891D70B44542F5EFDCBE5
  15. Eggy
    Verleden week heb ik de gehele week testversies van DVD rippers uitgetest. Ik downloadde ze van hun officiële site en testte ze uit. Ik gebruikte geen illegale serials of keygens. Ik verwijderde ze hierna met Your Uninstaller. Sinds enkele dagen nu komt mijn taakbalk, die ik als verborgen heb ingesteld, soms een fractie van een seconde tevoorschijn. Dit deed mijn wenkbrauwen fronsen. Ik liet Avira een volledige scan doen. Hij haalde mij vier beestjes weg. Ik liet MBAM op full scan draaien en die vond niets meer. Ik dacht dat het probleem hermee opgelost was maar toch blijft mijn taskbar sporadisch opduiken. Daarom dit logje van HJT om te zien of er niets meer aan de hand is: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:17:49, on 23/10/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Information Service (HDDSvc) - Unknown owner - (no file) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7456 bytes
  16. Eggy
    Oké, dan laat ik de map staan. Ik kon deze toch niet verwijderen omdat windows zei dat de map in gebruik was ondanks het feit dat er geen enkel programma geopend was. Bedankt voor de hulp.
  17. Eggy
    In programma's en onderdelen staat niets wat erop lijkt. Hier dan maar het HJTlogje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:16:55, on 10/09/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7303 bytes
  18. Eggy
    Ik was zelf al eens gaan rondkijken en in C:\windows staat inderdaad een map boot met alles d'erop en eraan. Ik voeg hiervan een screenshot. Ik weet alleen niet hoe de map boot van C:\windows in C:\ is terecht gekomen.
  19. Eggy
    Na een grondige schoonmaakbeurt en dank zij de hulp van Kape werden een aantal ongewenste toevoegingen van mijn pc verwijderd. Nu plots wanneer ik in 'mijn computer' kijk zie ik bovenaan in C:\ een map 'Boot' genaamd. Ik heb niets meer geïnstalleerd sinds mijn opschoonbeurt. Ik voeg hierbij twee screenshots van 'mijn computer'. Eén van de inhoud van C: en één van de inhoud van de map 'boot'. Mijn vraag is, mag ik deze map zonder meer verwijderen?
  20. Eggy
    Oké, ComboFix werd verwijderd, Ccleaner is uitgevoerd. Erg bedankt voor de hulp. Moest er nog iets zijn kom ik er nog op terug.
  21. Eggy
    Oké, hier het ComboFixlogje: ComboFix 11-09-09.01 - Gebruiker 09/09/2011 10:56:19.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.4095.2952 [GMT 2:00] Gestart vanuit: c:\users\Gebruiker\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\facemoods.com c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.crx c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoods.png c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsApp.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsEng.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\faCEmoodstlbr.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe c:\users\Gebruiker\AppData\Roaming\inst.exe c:\users\Gebruiker\AppData\Roaming\pcouffin.sys c:\windows\ST6UNST.000 . . (((((((((((((((((((( Bestanden Gemaakt van 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))) . . 2011-09-09 08:47 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{132C821A-ECDB-4C99-976C-2BC1F33FE387}\mpengine.dll 2011-09-08 15:11 . 2011-09-08 15:11 -------- d-----w- c:\users\Gebruiker\AppData\Local\ElevatedDiagnostics 2011-08-29 09:31 . 2011-08-29 09:31 -------- d-----w- c:\program files (x86)\EZ eMail Backup 2011-08-29 08:37 . 2011-08-29 08:37 -------- d-----w- C:\tmpDownload 2011-08-27 19:13 . 2011-09-04 08:36 -------- d-----w- c:\program files (x86)\JDownloader 2011-08-25 09:11 . 2011-08-25 09:11 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\Canneverbe Limited 2011-08-25 09:11 . 2011-08-25 09:11 -------- d-----w- c:\programdata\Canneverbe Limited 2011-08-25 09:11 . 2011-08-25 09:11 -------- d-----w- c:\program files\CDBurnerXP 2011-08-24 07:39 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll 2011-08-24 07:39 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2011-08-18 08:15 . 2011-08-18 08:15 -------- d-----w- c:\programdata\AmUStor 2011-08-18 08:15 . 2011-08-18 08:15 -------- d-----w- c:\program files (x86)\AmIcoSingLun 2011-08-17 21:14 . 2011-08-17 21:14 -------- d-----w- c:\program files (x86)\Linksys 2011-08-17 09:20 . 2011-08-17 09:20 -------- d-----w- c:\program files\Driver-Soft 2011-08-14 22:35 . 2011-08-14 22:35 -------- d-----w- c:\program files\Speccy 2011-08-13 19:32 . 2011-09-09 08:52 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\uTorrent 2011-08-13 19:32 . 2011-08-29 09:36 -------- d-----w- c:\program files (x86)\utorrent 2011-08-12 21:52 . 2011-08-12 22:05 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\FileHunter 2011-08-10 22:05 . 2011-08-10 22:05 -------- d-----w- c:\users\Gebruiker\AppData\Roaming\EasyMP3Downloader . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-11 08:52 . 2011-08-03 14:01 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-04 10:27 . 2011-08-04 09:26 65536 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe 2011-08-04 09:03 . 2011-08-04 08:57 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-08-04 09:03 . 2011-08-04 08:57 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-08-03 21:10 . 2011-08-03 21:10 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2011-08-03 20:32 . 2011-08-03 20:21 249856 ------w- c:\windows\Setup1.exe 2011-08-03 20:32 . 2011-08-03 20:21 73216 ----a-w- c:\windows\ST6UNST.EXE 2011-08-03 19:27 . 2011-08-03 19:27 81920 ---ha-w- c:\windows\SysWow64\v3shrtkgn.dll 2011-08-03 13:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2011-08-03 13:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-08-03 12:55 . 2011-08-03 12:55 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-08-03 11:37 . 2011-08-03 11:37 388096 ----a-r- c:\users\Gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-08-03 09:54 . 2011-08-03 09:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-08-03 09:54 . 2011-08-03 09:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-08-03 09:54 . 2011-08-03 09:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2011-08-03 09:54 . 2011-08-03 09:54 85504 ----a-w- c:\windows\system32\iesetup.dll 2011-08-03 09:54 . 2011-08-03 09:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2011-08-03 09:54 . 2011-08-03 09:54 76800 ----a-w- c:\windows\system32\tdc.ocx 2011-08-03 09:54 . 2011-08-03 09:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2011-08-03 09:54 . 2011-08-03 09:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2011-08-03 09:54 . 2011-08-03 09:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2011-08-03 09:54 . 2011-08-03 09:54 603648 ----a-w- c:\windows\system32\vbscript.dll 2011-08-03 09:54 . 2011-08-03 09:54 49664 ----a-w- c:\windows\system32\imgutil.dll 2011-08-03 09:54 . 2011-08-03 09:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2011-08-03 09:54 . 2011-08-03 09:54 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-08-03 09:54 . 2011-08-03 09:54 448512 ----a-w- c:\windows\system32\html.iec 2011-08-03 09:54 . 2011-08-03 09:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-08-03 09:54 . 2011-08-03 09:54 367104 ----a-w- c:\windows\SysWow64\html.iec 2011-08-03 09:54 . 2011-08-03 09:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2011-08-03 09:54 . 2011-08-03 09:54 30720 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-03 09:54 . 2011-08-03 09:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2011-08-03 09:54 . 2011-08-03 09:54 222208 ----a-w- c:\windows\system32\msls31.dll 2011-08-03 09:54 . 2011-08-03 09:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2011-08-03 09:54 . 2011-08-03 09:54 165888 ----a-w- c:\windows\system32\iexpress.exe 2011-08-03 09:54 . 2011-08-03 09:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2011-08-03 09:54 . 2011-08-03 09:54 160256 ----a-w- c:\windows\system32\wextract.exe 2011-08-03 09:54 . 2011-08-03 09:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2011-08-03 09:54 . 2011-08-03 09:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2011-08-03 09:54 . 2011-08-03 09:54 1492992 ----a-w- c:\windows\system32\inetcpl.cpl 2011-08-03 09:54 . 2011-08-03 09:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2011-08-03 09:54 . 2011-08-03 09:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2011-08-03 09:54 . 2011-08-03 09:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-08-03 09:54 . 2011-08-03 09:54 12288 ----a-w- c:\windows\system32\mshta.exe 2011-08-03 09:54 . 2011-08-03 09:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2011-08-03 09:54 . 2011-08-03 09:54 114176 ----a-w- c:\windows\system32\admparse.dll 2011-08-03 09:54 . 2011-08-03 09:54 111616 ----a-w- c:\windows\system32\iesysprep.dll 2011-08-03 09:54 . 2011-08-03 09:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2011-08-03 09:54 . 2011-08-03 09:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2011-07-22 08:00 . 2011-08-03 13:00 74752 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-07-16 14:17 . 2011-08-03 13:00 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm 2011-07-16 05:41 . 2011-08-10 07:38 362496 ----a-w- c:\windows\system32\wow64win.dll 2011-07-16 05:41 . 2011-08-10 07:38 243200 ----a-w- c:\windows\system32\wow64.dll 2011-07-16 05:41 . 2011-08-10 07:38 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2011-07-16 05:39 . 2011-08-10 07:38 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2011-07-16 05:37 . 2011-08-10 07:38 421888 ----a-w- c:\windows\system32\KernelBase.dll 2011-07-16 05:21 . 2011-08-10 07:38 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2011-07-16 05:21 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2011-07-16 04:29 . 2011-08-10 07:38 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2011-07-16 04:26 . 2011-08-10 07:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2011-07-16 04:25 . 2011-08-10 07:38 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2011-07-16 04:24 . 2011-08-10 07:38 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2011-07-16 04:24 . 2011-08-10 07:38 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll 2011-07-16 04:15 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2011-07-16 04:15 . 2011-08-10 07:38 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-04 39408] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-08-26 17361032] "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-08-29 640888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk * . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 136176] R3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;c:\progra~2\PLE200\PLCMPR5.SYS [x] R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\progra~2\PLE200\PLCNDIS5.SYS [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 19:27] . 2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04 19:27] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uLocal Page = c:\windows\SYSTEM32\blank.htm mLocal Page = c:\windows\SYSTEM32\blank.htm IE: Download de Link met Mega Manager... IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 195.130.131.3 195.130.130.131 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.7\uninstall.exe AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1655816330-626638330-2450798617-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{177F3732-3068-E878-C402-C2835CE0D446}*] "iadfnjlkofocfemknc"=hex:6a,61,6c,6b,70,69,67,6d,6b,6a,69,63,67,63,70,6a,70,63, 6b,61,00,00 "hafebpejplfjipen"=hex:6c,62,6e,67,68,69,61,6f,6a,65,65,6c,67,68,66,6f,67,6d, 70,68,6c,66,6e,68,6e,70,6f,6c,66,6d,6b,66,68,6f,68,6d,62,6c,6e,6c,6e,6e,61,\ "hafebpejkllfoamh"=hex:70,62,6b,66,66,70,6d,70,64,64,6f,63,66,6a,6b,6f,6e,6f, 64,66,61,61,6f,6d,66,70,68,6f,62,66,6c,6a,64,65,62,69,69,6f,62,63,68,6e,6b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-09-09 11:01:25 ComboFix-quarantined-files.txt 2011-09-09 09:01 . Pre-Run: 111.044.542.464 bytes beschikbaar Post-Run: 111.023.538.176 bytes beschikbaar . - - End Of File - - 90BB309DFCB2CBC8F556C3A1F1B56B34
  22. Eggy
    Hier is het gefixte logje van HJT: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:05:33, on 8/09/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7758 bytes Ik ken er niks van maar die 'Facemood' aanduidingen leken mij wel verdacht. Wat is dat eigenlijk? En hier het MBAM logje: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Databaseversie: 7678 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 8/09/2011 20:07:50 mbam-log-2011-09-08 (20-07-50).txt Scantype: Snelle scan Objecten gescand: 193531 Verstreken tijd: 53 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd)
  23. Eggy
    Ik heb vandaag mijn pc nog eens grondig zuiver gemaakt. Omdat ik soms een bericht krijg dat een site (willekeurig en veranderlijk) niet bereikbaar is voeg ik hierbij een log van hijackthis voor nazicht. Op voorhand bedankt. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:13:19, on 8/09/2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Google R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {0734d757-fea6-4637-a7e4-2bd40a7fd8da} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-1655816330-626638330-2450798617-1002\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.0.1 O15 - ESC Trusted IP range: http://192.168.0.1 O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8706 bytes
  24. Eggy
    Eventueel kan je gebruik maken van het gratis programmatje EZ-eMail-Backup. Met een paar klikken wordt alles gebackupt.
  25. Eggy
    Nope, de volledige c partitie afgezocht en geen combofix.txt te vinden. Uiteindelijk kon geen enkel programma nog worden geïnstalleerd of uninstalled. Als ik het goed voor heb is JAM bezig de c partitie te formatteren en een clean installatie te doen. Als dat is gebeurd zal hij zelf wel terug op het forum komen.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.