henk253

Lid

Bekijk profiel Bekijk hun activiteit

Items
395
Registratiedatum
21 januari 2010
Laatst bezocht
1 mei

Inhoudstype

Alle activiteit

Profielen

Forums

Store

Product Reviews

Alles dat geplaatst werd door henk253

nation zoom

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

internet explorer opent het venster maar verder gebeurd er niks, dus opent op geen een snelkoppeling. Google chrome opent op google.nl en alle snelkoppelingen reageren goed Firefox opend ook goed ook op google.nl en alle snel koppelingen werken.
- 28 december 2013
- 12 antwoorden
nation zoom

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Zoek.exe v5.0.0.0 Updated 23-December-2013 Tool run by Henk on za 28-12-2013 at 12:42:03,82. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: D:\Henk\Desktop\FF bewaren\zoek.exe [scan all users] [script inserted] [Checkboxes used] ==== System Restore Info ====================== 28-12-2013 12:46:12 Zoek.exe System Restore Point Created Succesfully. ==== Empty Folders Check ====================== C:\PROGRA~2\1ClickDownload deleted successfully C:\PROGRA~2\Chronicles of Mystery - Secret of the Lost Kingdom deleted successfully C:\PROGRA~2\DVDFab 9 deleted successfully C:\PROGRA~2\LSHunter.TV deleted successfully C:\PROGRA~2\Mastiff deleted successfully C:\PROGRA~2\MSXML 4.0 deleted successfully C:\PROGRA~2\SlySoft deleted successfully C:\PROGRA~2\ThreatFire deleted successfully C:\PROGRA~2\TomTom DesktopSuite deleted successfully C:\PROGRA~2\TornTV.com deleted successfully C:\PROGRA~2\WebSearch deleted successfully C:\PROGRA~2\Xenocode deleted successfully C:\Program Files\McAfee deleted successfully C:\Program Files\zylom games deleted successfully C:\ProgramData\Babylon deleted successfully C:\ProgramData\BetterSoft deleted successfully C:\ProgramData\DVD Shrink deleted successfully C:\ProgramData\Oracle deleted successfully C:\ProgramData\ProductData deleted successfully C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted successfully C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted successfully D:\Henk\AppData\Roaming\\EurekaLog deleted successfully D:\Henk\AppData\Roaming\\Media Player Classic deleted successfully D:\Henk\AppData\Roaming\\passport_photo deleted successfully D:\Henk\AppData\Roaming\\PerformerSoft deleted successfully D:\Henk\AppData\Roaming\\Systweak deleted successfully D:\Henk\AppData\Roaming\\WinAVI deleted successfully D:\Henk\AppData\Roaming\\WinRAR deleted successfully D:\Henk\AppData\Local\\VirtualStore deleted successfully D:\Henk\AppData\Local\\WarThunder deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\Microsoft\Internet Explorer\SearchScopes\{078B1780-9950-4CBB-ACB8-8BDA60D5A8AB} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== ProfilePath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default ---- Lines facemoods removed from prefs.js ---- user_pref("extensions.facemoods.DNSErrUrl", "http://start.facemoods.com/?a=ironto&f=5"); user_pref("extensions.facemoods.aflt", "ironto"); user_pref("extensions.facemoods.dfltSrch", true); user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search"); user_pref("extensions.facemoods.dnsErr", true); user_pref("extensions.facemoods.firstRun", true); user_pref("extensions.facemoods.hmpg", true); user_pref("extensions.facemoods.hmpgUrl", "http://start.facemoods.com/?a=ironto"); user_pref("extensions.facemoods.id", "a4d9afe50000000000000025227057c3"); user_pref("extensions.facemoods.instlDay", "15339"); user_pref("extensions.facemoods.mntz", ""); user_pref("extensions.facemoods.newTab", true); user_pref("extensions.facemoods.newTabUrl", "http://start.facemoods.com/?a=ironto&f=2"); user_pref("extensions.facemoods.prtnrId", "facemoods.com"); user_pref("extensions.facemoods.searchProviderAdded", true); user_pref("extensions.facemoods.sid", "f9e7034f639847bf8ba8c87d4dcb1ce2"); user_pref("extensions.facemoods.tlbrSrchUrl", "http://start.facemoods.com/?a=ironto&f=3"); user_pref("extensions.facemoods.vrsn", "1.4.17.11"); user_pref("extensions.ffxtlbr@Facemoods.com.install-event-fired", true); ---- Lines holasearch removed from prefs.js ---- user_pref("extensions.holasearch.admin", false); user_pref("extensions.holasearch.aflt", "babsst"); user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}"); user_pref("extensions.holasearch.autoRvrt", "false"); user_pref("extensions.holasearch.dfltLng", "en"); user_pref("extensions.holasearch.excTlbr", false); user_pref("extensions.holasearch.ffxUnstlRst", false); user_pref("extensions.holasearch.id", "a4d9afe50000000000000025227057c3"); user_pref("extensions.holasearch.instlDay", "15794"); user_pref("extensions.holasearch.instlRef", "sst"); user_pref("extensions.holasearch.newTab", false); user_pref("extensions.holasearch.prdct", "holasearch"); user_pref("extensions.holasearch.prtnrId", "holasearch"); user_pref("extensions.holasearch.rvrt", "false"); user_pref("extensions.holasearch.smplGrp", "none"); user_pref("extensions.holasearch.tlbrId", "base"); user_pref("extensions.holasearch.tlbrSrchUrl", ""); user_pref("extensions.holasearch.vrsn", "1.8.16.16"); user_pref("extensions.holasearch.vrsni", "1.8.16.16"); user_pref("extensions.holasearch.vrsnTs", "1.8.16.1611:35:31"); ---- Lines holasearch removed from user.js ---- user_pref("extensions.holasearch.tlbrSrchUrl", ""); user_pref("extensions.holasearch.id", "a4d9afe50000000000000025227057c3"); user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}"); user_pref("extensions.holasearch.instlDay", "15794"); user_pref("extensions.holasearch.vrsn", "1.8.16.16"); user_pref("extensions.holasearch.vrsni", "1.8.16.16"); user_pref("extensions.holasearch.vrsnTs", "1.8.16.1611:35:31"); user_pref("extensions.holasearch.prtnrId", "holasearch"); user_pref("extensions.holasearch.prdct", "holasearch"); user_pref("extensions.holasearch.aflt", "babsst"); user_pref("extensions.holasearch.smplGrp", "none"); user_pref("extensions.holasearch.tlbrId", "base"); user_pref("extensions.holasearch.instlRef", "sst"); user_pref("extensions.holasearch.dfltLng", "en"); user_pref("extensions.holasearch.excTlbr", false); user_pref("extensions.holasearch.ffxUnstlRst", false); user_pref("extensions.holasearch.admin", false); user_pref("extensions.holasearch.autoRvrt", "false"); user_pref("extensions.holasearch.rvrt", "false"); user_pref("extensions.holasearch.newTab", false); ---- Lines CT2857573 removed from prefs.js ---- user_pref("CommunityToolbar.EngineOwner", "CT2857573"); user_pref("CommunityToolbar.OriginalEngineOwner", "CT2857573"); user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2857573,CT2865317"); user_pref("CommunityToolbar.ToolbarsList2", "CT2857573,CT2865317"); user_pref("CT2857573..clientLogIsEnabled", false); user_pref("CT2857573..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2857573..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2857573.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT2857573.alertChannelId", "1249595"); user_pref("CT2857573.approveUntrustedApps", true); user_pref("CT2857573.CT2857573", "CT2857573"); user_pref("CT2857573.CurrentServerDate", "9-1-2011"); user_pref("CT2857573.DialogsAlignMode", "LTR"); user_pref("CT2857573.DialogsGetterLastCheckTime", "Sun Jan 09 2011 13:22:31 GMT+0100"); user_pref("CT2857573.ExternalComponentPollDate129356796739506287", "Sun Jan 09 2011 13:22:32 GMT+0100"); user_pref("CT2857573.FirstServerDate", "9-1-2011"); user_pref("CT2857573.FirstTime", true); user_pref("CT2857573.FirstTimeFF3", true); user_pref("CT2857573.FixPageNotFoundErrors", false); user_pref("CT2857573.globalFirstTimeInfoLastCheckTime", "Sun Jan 09 2011 13:22:32 GMT+0100"); user_pref("CT2857573.GroupingServerCheckInterval", 1440); user_pref("CT2857573.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT2857573.HasUserGlobalKeys", true); user_pref("CT2857573.Initialize", true); user_pref("CT2857573.InitializeCommonPrefs", true); user_pref("CT2857573.InstallationAndCookieDataSentCount", 1); user_pref("CT2857573.InstalledDate", "Sun Jan 09 2011 13:22:33 GMT+0100"); user_pref("CT2857573.isAppTrackingManagerOn", false); user_pref("CT2857573.IsGrouping", false); user_pref("CT2857573.IsMulticommunity", false); user_pref("CT2857573.IsOpenThankYouPage", true); user_pref("CT2857573.IsOpenUninstallPage", true); user_pref("CT2857573.LanguagePackLastCheckTime", "Sun Jan 09 2011 13:22:33 GMT+0100"); user_pref("CT2857573.LanguagePackReloadIntervalMM", 1440); user_pref("CT2857573.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT2857573.LastLogin_3.3.0.19", "Sun Jan 09 2011 13:22:32 GMT+0100"); user_pref("CT2857573.LatestVersion", "3.2.5.2"); user_pref("CT2857573.Locale", "en"); user_pref("CT2857573.MCDetectTooltipHeight", "83"); user_pref("CT2857573.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT2857573.MCDetectTooltipWidth", "295"); user_pref("CT2857573.myStuffEnabled", true); user_pref("CT2857573.myStuffPublihserMinWidth", 400); user_pref("CT2857573.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" user_pref("CT2857573.myStuffServiceIntervalMM", 1440); user_pref("CT2857573.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF user_pref("CT2857573.SearchFromAddressBarIsInit", true); user_pref("CT2857573.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&q="); user_pref("CT2857573.SearchInNewTabEnabled", true); user_pref("CT2857573.SearchInNewTabIntervalMM", 1440); user_pref("CT2857573.SearchInNewTabLastCheckTime", "Sun Jan 09 2011 13:22:33 GMT+0100"); user_pref("CT2857573.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2857573.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT2857573.ServiceMapLastCheckTime", "Sun Jan 09 2011 13:22:28 GMT+0100"); user_pref("CT2857573.SettingsLastCheckTime", "Sun Jan 09 2011 13:22:30 GMT+0100"); user_pref("CT2857573.SettingsLastUpdate", "1294239661"); user_pref("CT2857573.testingCtid", ""); user_pref("CT2857573.ThirdPartyComponentsInterval", 504); user_pref("CT2857573.ThirdPartyComponentsLastCheck", "Sun Jan 09 2011 13:22:28 GMT+0100"); user_pref("CT2857573.ThirdPartyComponentsLastUpdate", "1246790578"); user_pref("CT2857573.toolbarAppMetaDataLastCheckTime", "Sun Jan 09 2011 13:22:31 GMT+0100"); user_pref("CT2857573.toolbarContextMenuLastCheckTime", "Sun Jan 09 2011 13:22:33 GMT+0100"); user_pref("CT2857573.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112"); user_pref("CT2857573.usagesFlag", 2); user_pref("CT2857573.UserID", "UN90760034533790771"); user_pref("CT2857573.ValidationData_Toolbar", 1); user_pref("CT2857573.WeatherNetwork", ""); user_pref("CT2857573.WeatherPollDate", "Sun Jan 09 2011 13:22:32 GMT+0100"); user_pref("CT2857573.WeatherUnit", "C"); ---- Lines conduit removed from prefs.js ---- user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com"); user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com"); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "L+tncv4eqt6Qm5T3dzChdA=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=nl", "L+tncv4eqt6Qm5T3dzChdA=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=nl", "TW6pbvEhvglk5DM313wISg=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=nl", "GAox/hnZ01AfFOF7PUvloQ=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ=="); user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=nl", "59UMFEXbxdbjS3gnY6/qrA=="); user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634293235860000000"); user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Apr 02 2011 21:48:28 GMT+0200"); user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jan 09 2011 13:22:29 GMT+0100"); user_pref("ConduitEngine.engineLocale", "nl"); user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Jan 09 2011 13:22:28 GMT+0100"); user_pref("ConduitEngine.FirstServerDate", "01/09/2011 15"); user_pref("ConduitEngine.FirstTime", true); user_pref("ConduitEngine.FirstTimeFF3", true); user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Jan 09 2011 13:22:30 GMT+0100"); user_pref("ConduitEngine.HasUserGlobalKeys", true); user_pref("ConduitEngine.HideEngineAfterRestart", true); user_pref("ConduitEngine.initDone", true); user_pref("ConduitEngine.Initialize", true); user_pref("ConduitEngine.InitializeCommonPrefs", true); user_pref("ConduitEngine.InstalledDate", "Sun Jan 09 2011 13:22:30 GMT+0100"); user_pref("ConduitEngine.isAppTrackingManagerOn", true); user_pref("ConduitEngine.IsMulticommunity", false); user_pref("ConduitEngine.IsOpenThankYouPage", false); user_pref("ConduitEngine.IsOpenUninstallPage", true); user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Jan 09 2011 13:22:29 GMT+0100"); user_pref("ConduitEngine.LastLogin_3.3.0.19", "Sun Jan 09 2011 13:22:30 GMT+0100"); user_pref("ConduitEngine.PublisherContainerWidth", 0); user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Jan 09 2011 13:22:28 GMT+0100"); user_pref("ConduitEngine.usagesFlag", 2); user_pref("ConduitEngine.UserID", "UN37226182496828664"); user_pref("CT2865317..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT2865317..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CT2865317.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT2865317.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT2865317.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT2865317.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID" user_pref("CT2865317.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF user_pref("CT2865317.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&q="); user_pref("CT2865317.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT2865317.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT2865317.TrusteLinkUrl", "http://trust.conduit.com/EB_ORIGINAL_CTID"); user_pref("extensions.engine@conduit.com.install-event-fired", true); ---- Lines conduit modified from prefs.js ---- user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{20a82645-c095-46ed- ---- Lines WebSearch removed from prefs.js ---- user_pref("browser.search.defaultenginename,S", "WebSearch"); user_pref("browser.search.defaulturl", "http://websearch.pu-results.info/?pid=708&r=2013/04/03&hid=413508494&lg=EN&cc=NL&l=1&q="); user_pref("browser.search.order.1,S", "WebSearch"); user_pref("browser.search.selectedEngine,S", "WebSearch"); ---- Lines nationzoom removed from prefs.js ---- user_pref("browser.search.defaultenginename", "nationzoom"); user_pref("browser.search.selectedEngine", "nationzoom"); ---- Lines babylon removed from prefs.js ---- user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); user_pref("extensions.BabylonToolbar.prtkDS", 0); user_pref("extensions.BabylonToolbar.prtkHmpg", 0); user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true); ---- Lines ask.com removed from prefs.js ---- user_pref("extensions.toolbar@ask.com.install-event-fired", true); user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*"); user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); ---- Lines asktb removed from prefs.js ---- user_pref("extensions.snipit.askTbInstalled", true); ---- Lines speedbit removed from prefs.js ---- user_pref("speedbit.dap_installed", true); ---- Lines CommunityToolbar removed from prefs.js ---- user_pref("CommunityToolbar.alert.alertEnabled", false); user_pref("CommunityToolbar.alert.alertInfoInterval", 60); user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jan 09 2011 13:22:35 GMT+0100"); user_pref("CommunityToolbar.alert.locale", "en"); user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Apr 02 2011 21:48:18 GMT+0200"); user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234"); user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); user_pref("CommunityToolbar.alert.showTrayIcon", false); user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); user_pref("CommunityToolbar.alert.userId", "a267f74a-3433-422d-a2b9-e658f4f5338e"); user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2865317"); user_pref("CommunityToolbar.EngineHiddenByUser", true); user_pref("CommunityToolbar.EngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}"); user_pref("CommunityToolbar.EngineOwnerToolbarId", "elf_1.13"); user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Apr 02 2011 22:58:41 GMT+0200"); user_pref("CommunityToolbar.globalUserId", "6222fb4c-8d67-46b2-a1d1-fff1f1cd4168"); user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); user_pref("CommunityToolbar.IsEngineShown", false); user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{b80f591e-fe9a-46cf-a13e-180377240586}"); user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "elf_1.13"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); ---- Lines SpeedAnalysis removed from prefs.js ---- user_pref("extensions.speedanalysis02@SpeedAnalysis.com.id", "\"cf945b63-da7e-5692-18e1-06e0888f7bb4\""); user_pref("extensions.speedanalysis02@SpeedAnalysis.com.mzID", "75"); user_pref("extensions.speedanalysis02@SpeedAnalysis.com.uuid", "\"89e7d832-2945-11e3-8099-0025901ef77c\""); ---- Lines Sweet removed from prefs.js ---- user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); user_pref("sweetim.toolbar.previous.keyword.URL", ""); user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); user_pref("sweetim.toolbar.searchguard.enable", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 removed from prefs.js ---- user_pref("extensions.{87775fdb-6972-41f9-ae51-8326e38cb206}.install-event-fired", true); ---- Lines 87775fdb-6972-41f9-ae51-8326e38cb206 modified from prefs.js ---- user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{20a82645-c095-46ed- ---- FireFox user.js and prefs.js backups ---- user_28-12-2013_1254_.backup prefs_28-12-2013_1254_.backup ProfilePath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_28-12-2013_1254_.backup ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command] @="C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe" ==== Deleting Files \ Folders ====================== C:\Program Files (x86)\TornTV.com not found C:\ProgramData\BetterSoft not found C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} not found C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} not found C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com deleted C:\ProgramData\WPM deleted C:\ProgramData\InstallMate deleted D:\Henk\AppData\Local\genienext deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\babylon.xml deleted C:\PROGRA~2\MyPC Backup deleted C:\PROGRA~2\COMMON~1\Spigot deleted C:\extensions.sqlite deleted D:\Henk\AppData\Roaming\\FotoSketcher.ini deleted D:\Henk\AppData\Roaming\\Alawar deleted D:\Henk\AppData\Roaming\\Alawar Entertainment deleted D:\Henk\AppData\Roaming\\AlawarEntertainment deleted D:\Henk\AppData\Roaming\\iWin deleted D:\Henk\AppData\Roaming\\NCdownloader deleted C:\ProgramData\APN deleted C:\ProgramData\StarApp deleted C:\ProgramData\iWin deleted C:\ProgramData\Trymedia deleted D:\Henk\AppData\Local\\CRE deleted D:\Henk\AppData\Local\\APN deleted D:\Henk\AppData\Local\\Programs deleted D:\Henk\AppData\Local\\Mobogenie deleted D:\Henk\AppData\Local\\cache deleted C:\Windows\SysNative\roboot64.exe deleted D:\Henk\backup system files\AppData\LocalLow\ConduitEngine deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\facemoods.com deleted C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted D:\Henk\AppData\Roaming\Microsoft\Windows\SendTo\Desk 365.lnk deleted C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted C:\user.js deleted D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\searchplugins\holasearch.xml deleted D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\GoogleToolbarData deleted D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\CT2857573 deleted D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default\extensions\firefox@secretsauce.biz.xpi deleted C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE} deleted C:\PROGRA~2\Mozilla Firefox\searchplugins\fcmdSrch.xml deleted D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\extensions\adsremoval@adsremoval.net deleted D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default\extensions\adsremoval@adsremoval.net deleted D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\ConduitEngine deleted "C:\Program Files (x86)\Mozilla Firefox\searchplugins\nationzoom.xml" deleted "D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default\extensions\iobitapps@mybrowserbar.com" deleted "C:\PROGRA~2\Mozilla Firefox\searchplugins\nationzoom.xml" deleted ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== D:\Henk\AppData\Local\Temp ==== 2013-12-25 13:41:10 DE5F4849C496E6DA7EFC07148E1F5865 4494928 ----a-w- D:\Henk\AppData\Local\\Temp\fullpackage_temp1388179893\tmp\desk365.exe ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-12-15 11:52:35 D4311A326B9C4C7F6AA671273475D9E5 32600 ----a-w- C:\Windows\Sysnative\SmartDefragBootTime.exe ====== C:\Windows\Sysnative\drivers ===== 2013-12-11 12:27:19 E0D3CD5841E5C7BE7B94BA946AF1E498 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys 2013-12-11 12:27:19 1E0B4CBBA91C6B041A14ECC2186F7E24 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys ====== C:\Windows\Tasks ====== 2013-12-15 11:52:36 0814AEEE9B5E5F674E0079F187A89965 3164 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefrag_Startup 2013-12-15 11:52:34 A4292D1DC0CD0741CE916B2ECB9A024B 3162 ----a-w- C:\Windows\Sysnative\Tasks\SmartDefragUpdate ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-12-28 00:00:20 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2013-12-12 19:59:02 -------- d-----w- C:\PROGRA~2\FotoSketcher ======= D: ===== ====== D:\Henk\AppData\Roaming ====== ====== D:\Henk ====== 2013-12-27 23:58:09 662C39FC1E27131551D557862CEC47F0 935175 ----a-w- D:\Henk\Desktop\RSITx64.exe 2013-12-27 21:33:33 BBE1E19BBC55C045D0DC9259569A42F6 716 ----a-w- D:\Henk\.android\adbkey.pub 2013-12-27 21:33:33 084F62F96423ABB663DA48E05C9E0883 1704 ----a-w- D:\Henk\.android\adbkey 2013-12-25 12:15:38 90B4989B832A57D261F0AB51F143E97A 4645232 ----a-w- D:\Henk\Desktop\FF bewaren\ccsetup409.exe 2013-12-21 15:53:03 627EE0DEB4929E7DA5F2CE7C27D030A9 8988024 ----a-w- D:\Henk\Desktop\FF bewaren\WoWP_internet_install_eu.exe 2013-12-20 16:56:31 7FF62A6C04D16FF717B5E01D4CD6B28D 2026792 ----a-w- D:\Henk\Desktop\FF bewaren\OUTDATEfighter_Web.exe 2013-12-12 19:59:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher 2013-12-03 12:04:59 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast ====== C: exe-files == 2013-12-28 00:08:40 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\Program Files\trend micro\Henk.exe === C: other files == ==== Startup Registry Enabled ====================== [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe /AutoStart" [HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"="C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe /AutoStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" "StartCCC"="c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe msrun" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "AvastUI.exe"="C:\Program Files\Alwil Software\Avast5\AvastUI.exe /nogui" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "20131224"="C:\Program Files\Alwil Software\Avast5\setup\emupdate\2bb08ca3-e1b2-40ac-a81d-36e18eac2a17.exe /check" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"="C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe /c" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="c:\\progra~2\\browse~1\\sprote~1.dll c:\\progra~2\\websea~1\\sprote~1.dll" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\microsoft intellipoint\ipoint.exe" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Adobe ARM" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AlcoholAutomount] "command"="\"c:\\program files (x86)\\alcohol soft\\alcohol 120\\axcmd.exe\" /automount" "hkey"="HKCU" "item"="AlcoholAutomount" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CTSyncService] "command"="c:\\program files (x86)\\installshield installation information\\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\\ambspisyncservice.exe /startrunkey" "hkey"="HKLM" "item"="CTSyncService" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] "command"="\"D:\\Henk\\AppData\\Local\\Facebook\\Update\\FacebookUpdate.exe\" /c /nocrashserver" "hkey"="HKCU" "item"="Facebook Update" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IMMON] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="IMMON" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\IM Magician\\Vicamon.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Malwarebytes' Anti-Malware] "command"="\"C:\\Program Files (x86)\\Malwarebytes' Anti-Malware\\mbamgui.exe\" /starttray" "hkey"="HKLM" "item"="Malwarebytes' Anti-Malware" "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NBAgent] "command"="\"c:\\program files (x86)\\nero\\nero 10\\nero backitup\\nbagent.exe\" /winstart" "hkey"="HKLM" "item"="NBAgent" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RunDLLEntry] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDLLEntry" "hkey"="HKLM" "command"="C:\\Windows\\system32\\RunDLL32.exe C:\\Windows\\system32\\AmbRunE.dll,RunDLLEntry" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] "command"="\"d:\\henk\\appdata\\roaming\\spotify\\spotify.exe\" /uri spotify:autostart" "hkey"="HKCU" "item"="Spotify" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] "command"="\"D:\\Henk\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\"" "hkey"="HKCU" "item"="Spotify Web Helper" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SunJavaUpdateSched" "hkey"="HKLM" "command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TomTomHOME.exe] "command"="\"C:\\Program Files (x86)\\TomTom HOME 2\\TomTomHOMERunner.exe\"" "hkey"="HKCU" "item"="TomTomHOME.exe" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg] "key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="UpdReg" "hkey"="HKLM" "command"="C:\\Windows\\UpdReg.EXE" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VMonitorVMUVC] "command"="\"c:\\program files (x86)\\vimicro corporation\\vmuvc\\vmonitor.exe\" vmuvc" "hkey"="HKLM" "item"="VMonitorVMUVC" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VolPanel] "command"="\"c:\\program files (x86)\\creative\\sb x-fi mb\\volume panel\\volpanlu.exe\" /r" "hkey"="HKLM" "item"="VolPanel" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Creative ALchemy AL6 Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Creative Audio Engine Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\CTAudSvcService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gusvc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MozillaMaintenance] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sdAuxService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\sdCoreService] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Sound Blaster X-Fi MB Licensing Service] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\StarWindServiceAE] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ThreatFire] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TomTomHOMEService] ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [undetermined Task] C:\Windows\tasks\Driver Booster Update.job --a------ C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [08-09-2013 11:12] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job --a------ C:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job --a------ C:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [] C:\Windows\tasks\GlaryInitialize.job --a------ C:\Program Files (x86)\Glary Utilities\initialize.exe [11-09-2012 20:59] C:\Windows\tasks\Google Software Updater.job --a------ C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [07-09-2011 18:49] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-12-2010 00:00] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [30-12-2010 00:00] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job --a------ [undetermined Task] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job --a------ C:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe [] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\ASC7_SkipUac_Henk" [C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe /SkipUac] "C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\SysNative\tasks\Driver Booster Scan" [C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe] "C:\Windows\SysNative\tasks\Driver Booster Update" [C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core" [D:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA" [D:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe] "C:\Windows\SysNative\tasks\GlaryInitialize" [C:\Program Files (x86)\Glary Utilities\initialize.exe] "C:\Windows\SysNative\tasks\Google Software Updater" [C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core" [D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA" [D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\SlimCleaner Run" ["C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe"] "C:\Windows\SysNative\tasks\SmartDefragUpdate" [C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe] "C:\Windows\SysNative\tasks\SmartDefrag_Startup" [C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe] "C:\Windows\SysNative\tasks\User_Feed_Synchronization-{722E2EDB-48D9-45C6-B267-3418D47ED143}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [03-12-2013 13:03] ==== Firefox Extensions ====================== ProfilePath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default - avast Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF - McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor - Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF - Visualisateur 3D de 20-20 - %ProfilePath%\extensions\2020Player_WEB@2020Technologies.com - Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com - Undetermined - %ProfilePath%\extensions\nostmp ProfilePath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default - Advanced SystemCare Surfing Protection - %ProfilePath%\extensions\ascsurfingprotection@iobit.com AppDir: C:\Program Files (x86)\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default F891089A6AB9E12FEDEBCC5EC0F40D66 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll - Shockwave Flash C36444D7301A8C881FC7296B092609C7 - D:\Henk\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll - Google Update 68BCBB241EF254BC5100D9E6C06ECC71 - D:\Henk\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll - Google Talk Plugin Video Accelerator 99FE6AFE80EB7FE3EEB75DC504A326A3 - D:\Henk\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer AF42019A3B0EDBFA6878F75B9377A792 - D:\Henk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin EC401349BFA64BD6232C746046AEC0B5 - D:\Henk\AppData\Roaming\Mozilla\plugins\npoctoshape.dll - Octoshape Streaming Services 33E00913297328DE59A1CD6BF90D2084 - D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll - 20-20 3D Viewer for WEB 66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director F65284ABAC78410D561587F7C66043BA - D:\Henk\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player 0B31B0F8FA99CFD009C8FBEA9E20C9DE - D:\Henk\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin Profilepath: D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\spnf0wg6.default FC5866F7793AF2CBCD425CC4B8D32A9E - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll - Zylom Plugin ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions dbpebffoameokfhnaaedmefjncfboino - C:\Program Files (x86)\SecretSauce\dbpebffoameokfhnaaedmefjncfboino.crx[] dhkplhfnhceodhffomolpfigojocbpcb - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonChrome.crx[] fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[05-11-2013 13:14] hbcennhacfaagdopikcegfcobcadeocj - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx[] icdlfehblmklkikfigmjhbmmpmkmpooj - C:\Program Files (x86)\Common Files\Spigot\GC\ErrorAssistant_1.2.crx[] ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx[] lemilgpbnfoecfjhpfchannnnkeefjmj - D:\Henk\AppData\Local\CRE\lemilgpbnfoecfjhpfchannnnkeefjmj.crx[] mhkaekfpcppmmioggniknbnbdbcigpkk - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx[] nfengeggddojhakldhlpjdlddgkkjkdd - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx[12-10-2013 13:04] pfndaklgolladniicklehhancnlgocpp - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions lemilgpbnfoecfjhpfchannnnkeefjmj - D:\Henk\AppData\Local\CRE\lemilgpbnfoecfjhpfchannnnkeefjmj.crx[] Last updated at time on date - AppData - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb 20-20 3D Viewer for Virtual Studio - AppData - Default\Extensions\cpbhljkhbideandpbhpinhedfgdhkpdc MaskMe - AppData - Default\Extensions\dpkiidbpeijnaaacjlfnijncdlkicejg DoNotTrackMe Online Privacy Protection - AppData - Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd AdBlock - AppData - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Ads Removal - AppData - Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod Ghostery - AppData - Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij Advanced SystemCare Surfing Protection - AppData - Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd ==== Chrome Fix ====================== D:\Henk\AppData\Local\\Google\Chrome\User Data\Default\Local Extension Settings\dbpebffoameokfhnaaedmefjncfboino deleted successfully D:\Henk\AppData\Local\\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod deleted successfully D:\Henk\AppData\Local\\Google\Chrome\User Data\Default\Local Extension Settings\gkcefkcdkepgkpbgncjchhbjgoanleod deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.nl/" "Default_Search_URL"="http://www.google.com/ie" "Default_Page_URL"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com" "Default_Page_URL"="http://www.google.com" "Start Page"="http://www.google.com" "Search Page"="http://www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] @="http://www.google.com/search?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "SearchAssistant"="http://www.google.com/ie" "Default_Search_URL"="http://www.google.com/ie" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{078B1780-9950-4CBB-ACB8-8BDA60D5A8AB}" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://www.google.nl/" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {078B1780-9950-4CBB-ACB8-8BDA60D5A8AB} Yahoo! Search Url="http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=198484&p={searchTerms}" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DEA98CC2-FA47-AA12-3ACB-D50F1B2A0B6A} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dbpebffoameokfhnaaedmefjncfboino deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\lemilgpbnfoecfjhpfchannnnkeefjmj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lemilgpbnfoecfjhpfchannnnkeefjmj deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMMON deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer! R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\Alwil Software\Avast5\setup\emupdate\2bb08ca3-e1b2-40ac-a81d-36e18eac2a17.exe /check O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Henk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully D:\Henk\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully D:\Henk\backup system files\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== D:\Henk\backup system files\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=387 folders=137 13793918 bytes) ==== Empty Temp Folders ====================== D:\Henk\AppData\Local\\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on za 28-12-2013 at 13:03:15,97 ======================
- 28 december 2013
- 12 antwoorden
nation zoom

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Had later nog een malware scan gedaan zie uitslag. IObit Malware Fighter OS: Windows 7 Version: 2.2.1.2 Define Version: 1299 Time Elapsed: 00:08:21 Objects Scanned: 58902 Threats Found: 9 Save Time: 28-12-2013 1:43:12 |Name|Type|Description|ID| Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk, 0 Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bureau Accessories\System Tools\Internet Explorer (No Add-ons).lnk, 0 Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk, 0 Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk, 0 Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk, 0 Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk, 0 Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk, 0 Browser.Hijack, LINK, D:\Henk\Desktop\..\..\Henk\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk, 0 ScorpionSaver, REG, HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}, 2014557
- 28 december 2013
- 12 antwoorden
nation zoom

henk253 plaatste een topic in Archief Bestrijding malware & virussen

Krijg bij alle browsers bij openen nation zoom in het adresbalk. Wat ik tot dus ver heb gedaan: geschiedenis verwijderd, cookies verwijderd. Ccleaner had wat weg gehaald, malwarebytes had 14 dingen weg gehaald, daarna gescand met Avast virusscanner maar deze vond niks. verder alle instellingen al handmatig aangepast, staat ook bij allen dat de startpagina google.nl is. maar toch gaat hij steeds naar de website van nation zoom. na dit alles dus dit logje gemaakt, want ik kom er niet uit. ter info: ik heb internet explorer- firefox en google-chrome log: Logfile of random's system information tool 1.09 (written by random/random) Run by Henk at 2013-12-28 01:08:39 Microsoft Windows 7 Home Premium Service Pack 1 System drive C: has 129 GB (57%) free of 227 GB Total RAM: 4095 MB (64% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 1:08:43, on 28-12-2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.16428) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files\trend micro\Henk.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [20131121] C:\Program Files\Alwil Software\Avast5\setup\emupdate\521f129f-16cc-4590-9d5b-7cd4da616c49.exe /check O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Doel van koppeling converteren naar Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Doel van koppeling toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan bestaande PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - MSN Games - Free Online Games O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~2\browse~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10230 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe" C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" atieclxx C:\Windows\System32\svchost.exe -k netsvcs C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe" "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe" "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\SysWOW64\PnkBstrB.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k swprv "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" "C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait "C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\x64\saHook.dll", saHooker_Initialize_and_Wait "C:\Windows\system32\rundll32.exe" "c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll", saHooker_Initialize_and_Wait "taskhost.exe" taskeng.exe {15F1120A-7FF5-41FA-8760-1B38DEEE896A} C:\Windows\System32\svchost.exe -k secsvcs "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" WLIDSvcM.exe 2856 "C:\Windows\system32\Dwm.exe" C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding "C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe" /STARTUP "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" "C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" "C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe" C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE" "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui C:\Windows\system32\SearchIndexer.exe /Embedding "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\UI0Detect.exe "C:\Windows\system32\NOTEPAD.EXE" C:\rsit\info.txt taskeng.exe {FEAE14A2-D6F0-461E-8912-E064330779DF} "C:\Windows\System32\rundll32.exe" werconcpl.dll, LaunchErcApp -queuereporting "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528 "D:\Henk\Desktop\RSITx64.exe" C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF} ======Scheduled tasks folder====== C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\Driver Booster Update.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job C:\Windows\tasks\GlaryInitialize.job C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job =========Mozilla firefox========= ProfilePath - D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default prefs.js - "browser.search.suggest.enabled" - false prefs.js - "browser.search.useDBForOrder" - true prefs.js - "browser.startup.homepage" - "www.google.nl" prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {3112ca9c-de6d-4884-a869-9855de68056c}:7.1.20101113Wb1, {75623d5d-4683-402a-b610-ac4bab767c86}:3.1.2, {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90, engine@conduit.com:3.2.5.2, {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {87775fdb-6972-41f9-ae51-8326e38cb206}:3.2.5.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.170 Plugin "Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] "Description"=Adobe Shockwave Player "Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin] "Description"=Google Earth in your browser "Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0] "Description"=Picasa3 plugin "Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.45.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/SAFFPlugin] "Description"= "Path"=C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912] "Description"=WLPG Install MIME type "Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.90] "Description"=getPlus+® "Path"=C:\Program Files (x86)\NOS\bin\np_gp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pack.google.com/Google Updater;version=14] "Description"=Google Updater "Path"=C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8] "Description"= "Path"= [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@protectdisc.com/NPMPDRM] "Description"=MPDRM License Acquisition Plugin "Path"=C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] "Description"=Google Update "Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@zylom.com/ZylomGamesPlayer] "Description"=Zylom Games Player 1.00 "Path"=C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader] "Description"=Handles PDFs in-place in Firefox "Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.9.900.170 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE] "Description"= "Path"=disabled [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] "Description"=Ag Player Plugin "Path"=C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect] "Description"= "Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll C:\Program Files (x86)\Mozilla Firefox\extensions\ ffxtlbr@babylon.com C:\Program Files (x86)\Mozilla Firefox\components\ nsIQTScriptablePlugin.xpt nsIZylomPlugin.xpt C:\Program Files (x86)\Mozilla Firefox\plugins\ np-mswmp.dll NPOFF12.DLL nppdf32.dll npqtplugin.dll npqtplugin2.dll npqtplugin3.dll npqtplugin4.dll npqtplugin5.dll npqtplugin6.dll npzylomgamesplayer.dll np_gp.dll QuickTimePlugin.class WMP Firefox Plugin License.rtf WMP Firefox Plugin RelNotes.txt C:\Program Files (x86)\Mozilla Firefox\searchplugins\ babylon.xml fcmdSrch.xml McSiteAdvisor.xml nationzoom.xml D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\extensions\ 2020Player_WEB@2020Technologies.com adsremoval@adsremoval.net ascsurfingprotection@iobit.com nostmp staged D:\Henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\searchplugins\ holasearch.xml yahoo.xml ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] ExplorerWnd Helper - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2013-11-23 2486592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}] avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2013-10-31 245592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll [2012-01-14 346168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2013-11-05 299336] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-08 462760] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-12-03 606544] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Aanmeldhulp voor Microsoft-account - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll [2012-01-14 1003576] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-11-05 250896] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}] Advanced SystemCare Browser Protection - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL [2013-10-17 669504] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-08 171944] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll [2013-11-05 299336] {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2013-10-31 245592] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [2013-11-05 250896] {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2013-12-03 606544] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"=c:\program files\microsoft intellipoint\ipoint.exe [2010-07-06 2327952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"=C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe [2010-08-07 5324800] "swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-11-24 39408] "Google Update"=D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-19 116648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] c:\program files (x86)\alcohol soft\alcohol 120\axcmd.exe [2009-09-18 205976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncService] c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe [2009-07-08 1233195] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update] D:\Henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-05 138096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMMON] C:\Program Files (x86)\IM Magician\Vicamon.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] c:\program files (x86)\nero\nero 10\nero backitup\nbagent.exe [2010-03-26 1234216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RunDLLEntry] C:\Windows\system32\AmbRunE.dll [2009-02-26 17920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] d:\henk\appdata\roaming\spotify\spotify.exe [2013-10-16 4752384] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] D:\Henk\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2013-10-16 1140736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2013-07-02 248208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] C:\Windows\UpdReg.EXE [2000-05-11 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] c:\program files (x86)\vimicro corporation\vmuvc\vmonitor.exe [2008-08-29 143360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel] c:\program files (x86)\creative\sb x-fi mb\volume panel\volpanlu.exe [2009-05-04 241789] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2010-04-12 180224] "StartCCC"=c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe [2010-04-06 102400] "Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576] "SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336] "20131121"=C:\Program Files\Alwil Software\Avast5\setup\emupdate\521f129f-16cc-4590-9d5b-7cd4da616c49.exe [2013-11-23 180184] "AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2013-12-03 3568312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2013-12-03 243200] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLinkedConnections"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv "aux"=wdmaud.drv "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "MSVideo8"=VfWWDM32.dll "wave2"=wdmaud.drv "midi2"=wdmaud.drv "mixer2"=wdmaud.drv "aux2"=wdmaud.drv "wave3"=wdmaud.drv "midi3"=wdmaud.drv "mixer3"=wdmaud.drv "aux3"=wdmaud.drv "wave4"=wdmaud.drv "midi4"=wdmaud.drv "mixer4"=wdmaud.drv "aux4"=wdmaud.drv ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 month====== 2013-12-28 01:00:20 ----D---- C:\rsit 2013-12-28 01:00:20 ----D---- C:\Program Files\trend micro 2013-12-27 22:32:44 ----D---- C:\ProgramData\WPM 2013-12-27 22:30:56 ----D---- C:\Program Files (x86)\TornTV.com 2013-12-15 12:52:35 ----A---- C:\Windows\system32\SmartDefragBootTime.exe 2013-12-12 21:07:20 ----A---- D:\Henk\AppData\Roaming\FotoSketcher.ini 2013-12-12 20:59:02 ----D---- C:\Program Files (x86)\FotoSketcher 2013-12-11 17:06:07 ----A---- C:\Windows\SYSWOW64\wmploc.DLL 2013-12-11 17:06:07 ----A---- C:\Windows\system32\wmploc.DLL 2013-12-11 17:06:06 ----A---- C:\Windows\SYSWOW64\wmp.dll 2013-12-11 17:06:04 ----A---- C:\Windows\system32\wmp.dll 2013-12-11 17:03:33 ----A---- C:\Windows\system32\ieetwcollectorres.dll 2013-12-11 17:03:32 ----A---- C:\Windows\SYSWOW64\ieui.dll 2013-12-11 17:03:32 ----A---- C:\Windows\system32\ieui.dll 2013-12-11 17:03:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll 2013-12-11 17:03:31 ----A---- C:\Windows\system32\jsproxy.dll 2013-12-11 17:03:31 ----A---- C:\Windows\system32\ieUnatt.exe 2013-12-11 17:03:31 ----A---- C:\Windows\system32\iesetup.dll 2013-12-11 17:03:31 ----A---- C:\Windows\system32\iernonce.dll 2013-12-11 17:03:31 ----A---- C:\Windows\system32\ieetwproxystub.dll 2013-12-11 17:03:31 ----A---- C:\Windows\system32\ie4uinit.exe 2013-12-11 17:03:30 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll 2013-12-11 17:03:30 ----A---- C:\Windows\system32\mshtml.dll 2013-12-11 17:03:30 ----A---- C:\Windows\system32\jscript9diag.dll 2013-12-11 17:03:30 ----A---- C:\Windows\system32\ieetwcollector.exe 2013-12-11 17:03:29 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll 2013-12-11 17:03:29 ----A---- C:\Windows\system32\iertutil.dll 2013-12-11 17:03:29 ----A---- C:\Windows\system32\ieapfltr.dll 2013-12-11 17:03:28 ----A---- C:\Windows\SYSWOW64\wininet.dll 2013-12-11 17:03:28 ----A---- C:\Windows\SYSWOW64\iertutil.dll 2013-12-11 17:03:28 ----A---- C:\Windows\system32\wininet.dll 2013-12-11 17:03:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll 2013-12-11 17:03:27 ----A---- C:\Windows\system32\urlmon.dll 2013-12-11 17:03:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll 2013-12-11 17:03:26 ----A---- C:\Windows\system32\ieframe.dll 2013-12-11 17:03:25 ----A---- C:\Windows\SYSWOW64\mshtml.dll 2013-12-11 17:03:24 ----A---- C:\Windows\SYSWOW64\jscript9.dll 2013-12-11 17:03:24 ----A---- C:\Windows\system32\jscript9.dll 2013-12-11 13:27:29 ----A---- C:\Windows\SYSWOW64\msieftp.dll 2013-12-11 13:27:29 ----A---- C:\Windows\system32\msieftp.dll 2013-12-11 13:27:28 ----A---- C:\Windows\SYSWOW64\WMPhoto.dll 2013-12-11 13:27:28 ----A---- C:\Windows\system32\WMPhoto.dll 2013-12-11 13:27:28 ----A---- C:\Windows\system32\win32k.sys 2013-12-11 13:27:26 ----A---- C:\Windows\SYSWOW64\imagehlp.dll 2013-12-11 13:27:26 ----A---- C:\Windows\system32\imagehlp.dll 2013-12-11 13:27:23 ----A---- C:\Windows\SYSWOW64\tzres.dll 2013-12-11 13:27:23 ----A---- C:\Windows\system32\tzres.dll 2013-12-11 13:27:19 ----A---- C:\Windows\system32\drivers\portcls.sys 2013-12-11 13:27:19 ----A---- C:\Windows\system32\drivers\drmk.sys 2013-12-11 13:27:18 ----A---- C:\Windows\system32\cscript.exe 2013-12-11 13:27:17 ----A---- C:\Windows\SYSWOW64\wscript.exe 2013-12-11 13:27:17 ----A---- C:\Windows\SYSWOW64\scrrun.dll 2013-12-11 13:27:17 ----A---- C:\Windows\SYSWOW64\cscript.exe 2013-12-11 13:27:17 ----A---- C:\Windows\system32\wscript.exe 2013-12-11 13:27:17 ----A---- C:\Windows\system32\scrrun.dll 2013-12-03 23:42:22 ----D---- C:\Windows\Migration 2013-12-03 20:13:12 ----D---- D:\Henk\AppData\Roaming\AVAST Software 2013-12-03 17:09:02 ----A---- C:\Windows\system32\IEUDINIT.EXE 2013-12-03 17:04:12 ----A---- C:\Windows\SYSWOW64\elshyph.dll 2013-12-03 17:04:12 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\wextract.exe 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\webcheck.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\url.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\pngfilt.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\occache.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msrating.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msls31.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\mshtmler.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\mshtmled.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\mshta.exe 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\msfeeds.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\licmgr10.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\jsIntl.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\jscript.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\inseng.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\imgutil.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iexpress.exe 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iesysprep.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iesetup.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iernonce.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iepeers.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\icardie.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\dxtrans.dll 2013-12-03 17:04:06 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll 2013-12-03 17:04:06 ----A---- C:\Windows\system32\SetIEInstalledDate.exe 2013-12-03 17:04:06 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe 2013-12-03 17:04:06 ----A---- C:\Windows\system32\msrating.dll 2013-12-03 17:04:06 ----A---- C:\Windows\system32\msls31.dll 2013-12-03 17:04:06 ----A---- C:\Windows\system32\mshtmler.dll 2013-12-03 17:04:06 ----A---- C:\Windows\system32\msfeedssync.exe 2013-12-03 17:04:06 ----A---- C:\Windows\system32\msfeedsbs.dll 2013-12-03 17:04:06 ----A---- C:\Windows\system32\jsIntl.dll 2013-12-03 17:04:06 ----A---- C:\Windows\system32\iesysprep.dll 2013-12-03 17:04:06 ----A---- C:\Windows\system32\IEAdvpack.dll 2013-12-03 17:04:06 ----A---- C:\Windows\system32\elshyph.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\wextract.exe 2013-12-03 17:04:05 ----A---- C:\Windows\system32\webcheck.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\vbscript.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\url.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\pngfilt.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\occache.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\mshtmlmedia.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\mshtmled.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\MshtmlDac.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\mshta.exe 2013-12-03 17:04:05 ----A---- C:\Windows\system32\msfeeds.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\licmgr10.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\jscript.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\inseng.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\imgutil.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\iexpress.exe 2013-12-03 17:04:05 ----A---- C:\Windows\system32\iepeers.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\iedkcs32.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\ieapfltr.dat 2013-12-03 17:04:05 ----A---- C:\Windows\system32\icardie.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\dxtrans.dll 2013-12-03 17:04:05 ----A---- C:\Windows\system32\dxtmsft.dll 2013-12-03 13:01:51 ----D---- C:\ProgramData\AVAST Software ======List of files/folders modified in the last 1 month====== 2013-12-28 01:08:41 ----D---- C:\Windows\temp 2013-12-28 01:08:10 ----D---- C:\Windows\system32\NDF 2013-12-28 01:00:20 ----RD---- C:\Program Files 2013-12-28 00:59:06 ----D---- C:\Windows\System32 2013-12-28 00:59:06 ----D---- C:\Windows\inf 2013-12-28 00:59:06 ----A---- C:\Windows\system32\PerfStringBackup.INI 2013-12-28 00:45:33 ----D---- C:\Windows\system32\config 2013-12-28 00:37:29 ----D---- C:\Windows\system32\Tasks 2013-12-28 00:28:12 ----D---- C:\Windows 2013-12-27 23:46:08 ----D---- C:\Windows\Prefetch 2013-12-27 23:44:20 ----RD---- C:\Program Files (x86) 2013-12-27 23:23:06 ----D---- C:\Windows\Tasks 2013-12-27 22:39:12 ----D---- D:\Henk\AppData\Roaming\MailWasherFree 2013-12-27 22:32:55 ----A---- C:\Windows\SYSWOW64\msvcr100.dll 2013-12-27 22:32:54 ----A---- C:\Windows\SYSWOW64\msvcp100.dll 2013-12-27 22:32:44 ----D---- C:\ProgramData 2013-12-27 14:28:37 ----SHD---- C:\System Volume Information 2013-12-25 13:32:53 ----D---- C:\Windows\system32\catroot2 2013-12-25 13:20:28 ----D---- C:\Windows\Logs 2013-12-25 13:20:28 ----D---- C:\Windows\debug 2013-12-25 13:16:16 ----D---- C:\Program Files\CCleaner 2013-12-22 22:25:36 ----D---- C:\Program Files (x86)\Mozilla Firefox 2013-12-21 18:03:09 ----D---- D:\Henk\AppData\Roaming\Wargaming.net 2013-12-21 16:55:10 ----SHD---- C:\Windows\Installer 2013-12-21 16:55:10 ----D---- C:\Config.Msi 2013-12-21 16:55:03 ----D---- C:\Windows\SYSWOW64\directx 2013-12-21 16:54:53 ----D---- C:\Games 2013-12-20 18:15:54 ----D---- C:\ProgramData\Fighters 2013-12-20 18:15:35 ----D---- C:\Program Files (x86)\Fighters 2013-12-20 18:08:46 ----A---- C:\Windows\win.ini 2013-12-16 23:27:05 ----D---- C:\Program Files\zylom games 2013-12-16 21:24:37 ----D---- C:\ProgramData\InstallMate 2013-12-16 21:24:37 ----D---- C:\ProgramData\BetterSoft 2013-12-16 20:28:12 ----D---- C:\Windows\system32\drivers 2013-12-16 00:22:28 ----D---- C:\Windows\system32\MRT 2013-12-16 00:18:29 ----A---- C:\Windows\system32\MRT.exe 2013-12-13 20:45:39 ----D---- D:\Henk\AppData\Roaming\inkscape 2013-12-13 20:45:39 ----D---- C:\Windows\Panther 2013-12-11 17:25:02 ----D---- C:\Windows\winsxs 2013-12-11 17:21:46 ----D---- C:\Windows\SysWOW64 2013-12-11 17:21:46 ----D---- C:\Program Files\Windows Media Player 2013-12-11 17:21:46 ----D---- C:\Program Files (x86)\Windows Media Player 2013-12-11 17:21:45 ----D---- C:\Windows\SYSWOW64\nl-NL 2013-12-11 17:21:45 ----D---- C:\Windows\system32\nl-NL 2013-12-11 17:21:45 ----D---- C:\Program Files\Internet Explorer 2013-12-11 17:21:45 ----D---- C:\Program Files (x86)\Internet Explorer 2013-12-11 17:21:44 ----D---- C:\Windows\system32\DriverStore 2013-12-11 17:06:20 ----D---- C:\Windows\system32\catroot 2013-12-11 17:05:33 ----D---- C:\ProgramData\Microsoft Help 2013-12-10 22:36:30 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe 2013-12-04 16:33:47 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI 2013-12-04 11:22:52 ----D---- C:\Windows\Microsoft.NET 2013-12-03 23:48:17 ----RSD---- C:\Windows\assembly 2013-12-03 23:43:13 ----D---- C:\Windows\SYSWOW64\en-US 2013-12-03 23:43:13 ----D---- C:\Windows\system32\en-US 2013-12-03 23:42:22 ----SD---- C:\ProgramData\Microsoft 2013-12-03 17:24:13 ----D---- C:\Windows\SYSWOW64\migration 2013-12-03 17:24:13 ----D---- C:\Windows\system32\migration 2013-12-03 17:24:13 ----D---- C:\Windows\PolicyDefinitions 2013-12-03 13:03:54 ----A---- C:\Windows\system32\aswBoot.exe 2013-12-03 12:56:03 ----D---- C:\Windows\SoftwareDistribution 2013-11-30 14:19:08 ----D---- C:\Windows\system32\LogFiles ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-12-03 65776] R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2013-12-03 205320] R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888] R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2013-05-22 17720] R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-05-21 868848] R0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys [2011-02-22 65072] R0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys [2011-02-22 74824] R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-12-03 92544] R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2013-12-03 1032416] R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2013-12-03 409832] R1 aswTdi;aswTdi; \??\C:\Windows\system32\drivers\aswTdi.sys [2013-12-03 65264] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SAS***IL;SAS***IL; \??\C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 91568] R2 aswFsBlk;aswFsBlk; \??\C:\Windows\system32\drivers\aswFsBlk.sys [2013-12-03 38984] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-12-03 84328] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-11-02 12528640] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-11-02 618496] R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944] R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600] R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928] R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-08-12 350952] R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 28704] R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2010-06-30 45456] R3 VMUVC;Vimicro Camera Service VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [2009-05-25 198784] R3 vvftUVC;Vimicro Camera Filter Service VMUVC; C:\Windows\system32\drivers\vvftUVC.sys [2008-07-01 303616] S2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [] S3 AsrCDDrv;AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [] S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 cpuz135;cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816] S3 FLASHSYS;FLASHSYS; \??\C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192] S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-09-12 57856] S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS [] S3 keycrypt;keycrypt; C:\Windows\system32\DRIVERS\KeyCrypt64.sys [] S3 NVENETFD;NVIDIA nForce-netwerkcontroller; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960] S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys [] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456] S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2013-11-19 34848] S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2011-02-22 41888] S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-10-26 57856] S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2013-11-19 23016] S3 usbscan;Stuurprogramma voor USB-scanner; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496] S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 36352] S4 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-03-23 23048] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672] R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640] R2 AdvancedSystemCareService7;Advanced SystemCare Service 7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-10-25 878368] R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-11-02 239616] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2013-12-03 50344] R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-11-11 341824] R2 LiveUpdateSvc;LiveUpdate; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-10-25 2151200] R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-11-05 121616] R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-03-24 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2011-03-24 107832] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-07-02 93072] R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088] S2 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-07 194104] S2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136] S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10 257416] S3 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808] S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448] S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-11-26 111616] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-18 1255736] S4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-16 79360] S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-16 79360] S4 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200] S4 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176] S4 gupdatem;Google Update-service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 136176] S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-11-12 119408] S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856] S4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-16 79360] S4 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968] -----------------EOF-----------------
- 28 december 2013
- 12 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Ook weer klaar C:\Qoobox zat er niet in Pc start nu weer goed op Maar wat is nu het reden waarom hij zo op start zit er spy ware in of iets anders. Kan ik iets doen om het te voorkomen in de toekomst. Alvast bedankt voor je goed hulp
- 10 november 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

oke gelukt ComboFix 12-11-08.01 - Henk 09-11-2012 13:42:11.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2497 [GMT 1:00] Gestart vanuit: d:\henk\Desktop\FF bewaren\ComboFix.exe gebruikte Opdracht switches :: d:\henk\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . d:\henk\AppData\Local\{4B2E8E38-206B-48C6-A998-F24B2E9BC76A} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))) . . 2012-11-09 12:33 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93CCB73C-A605-4AEF-8B8C-54CE6376B00A}\mpengine.dll 2012-10-26 20:15 . 2012-10-26 20:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-10-26 20:15 . 2012-10-26 20:15 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2012-10-26 20:15 . 2012-10-26 20:15 340992 ----a-w- c:\windows\system32\schannel.dll 2012-10-26 20:15 . 2012-10-26 20:15 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-10-26 20:15 . 2012-10-26 20:15 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2012-10-26 20:15 . 2012-10-26 20:15 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-10-26 20:15 . 2012-10-26 20:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-10-26 20:15 . 2012-10-26 20:15 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-10-26 20:15 . 2012-10-26 20:15 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2012-10-10 14:34 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-30 22:51 . 2010-10-16 10:40 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2011-04-10 14:41 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2010-10-16 10:40 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2010-10-16 10:40 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2010-10-16 10:40 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2010-10-16 10:39 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2010-10-16 10:39 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2011-01-19 19:17 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-26 14:17 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-10 14:39 . 2010-11-15 14:23 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-08 21:36 . 2012-04-03 13:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 21:36 . 2011-05-20 10:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-29 18:54 . 2010-12-19 18:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 20:32 . 2012-09-25 20:32 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-11 20:37 . 2012-09-11 20:37 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-11 20:37 . 2012-09-11 20:37 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-11 20:36 . 2012-09-11 20:36 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-11 20:36 . 2012-09-11 20:36 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-11 20:36 . 2012-09-11 20:36 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-11 20:36 . 2012-09-11 20:36 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-11 20:36 . 2012-09-11 20:36 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-08-24 18:05 . 2012-09-22 07:29 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-22 07:29 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-09-22 07:29 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-09-22 07:29 9056256 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:03 . 2012-09-22 07:29 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:03 . 2012-09-22 07:29 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:03 . 2012-09-22 07:29 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:02 . 2012-09-22 07:29 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:02 . 2012-09-22 07:29 12295680 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:02 . 2012-09-22 07:29 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 16:57 . 2012-09-22 07:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 15:59 . 2012-09-22 07:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 15:20 . 2012-09-22 07:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-20 17:38 . 2012-10-10 14:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-08-14 18:50 . 2012-08-14 18:50 911360 ----a-w- c:\windows\system32\jscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 609792 ----a-w- c:\windows\system32\vbscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-14 18:50 . 2012-08-14 18:50 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-14 18:50 . 2012-08-14 18:50 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-14 18:50 . 2012-08-14 18:50 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-14 18:48 . 2012-08-14 18:48 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-14 18:48 . 2012-08-14 18:48 67072 ----a-w- c:\windows\splwow64.exe 2012-08-14 18:48 . 2012-08-14 18:48 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-14 18:48 . 2012-08-14 18:48 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-14 18:48 . 2012-08-14 18:48 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-14 18:48 . 2012-08-14 18:48 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-14 18:47 . 2012-08-14 18:47 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-14 18:47 . 2012-08-14 18:47 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"="c:\program files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" [2010-08-07 5324800] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-24 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] "VolPanel"="c:\program files (x86)\creative\sb x-fi mb\volume panel\volpanlu.exe" [2009-05-04 241789] "CTSyncService"="c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe" [2009-07-08 1233195] "StartCCC"="c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" [2010-04-06 102400] "VMonitorVMUVC"="c:\program files (x86)\vimicro corporation\vmuvc\vmonitor.exe" [2008-08-29 143360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880] . d:\henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Mediacontrole Cyber-shot Viewer.lnk - c:\program files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2012-7-1 155648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x] R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816] R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-26 19456] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-26 57856] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-18 1255736] R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-16 79360] R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-16 79360] R4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-16 79360] R4 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-21 868848] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-10-23 103472] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-06-30 45456] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 198784] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:36] . 2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job - d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15] . 2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job - d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15] . 2012-11-08 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-28 19:59] . 2012-04-28 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-24 17:49] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job - d:\henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13 22:36] . 2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job - d:\henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13 22:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\microsoft intellipoint\ipoint.exe" [2010-07-06 2327952] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 FF - ProfilePath - d:\henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: content.max.tokenizing.time - 2250000 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files (x86)\NOS\bin\getPlus_Helper_3004.dll . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire] "AlternateImagePath"="" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\ . [HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\SecuROM\License information*] "datasecu"=hex:e6,21,3f,75,5d,34,c4,45,ee,16,73,29,a9,e4,1d,a6,0a,cc,fe,38,e4, 23,71,b6,87,7d,ad,cf,72,43,df,42,36,7e,15,ff,8f,b4,f0,a6,a7,9b,95,6f,46,55,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-09 13:50:35 ComboFix-quarantined-files.txt 2012-11-09 12:50 ComboFix2.txt 2012-11-08 20:19 ComboFix3.txt 2012-09-30 10:18 . Pre-Run: 148.593.426.432 bytes beschikbaar Post-Run: 148.497.960.960 bytes beschikbaar . - - End Of File - - 1DBEDFA552AF2707BD8D3F7C95608A36
- 9 november 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

had het gedaan wat je zei maar ik had vergeten om het logje op te slaan dus dat kan ik je niet geven, hij starte nu wel weer sneller op. Wat is dat steeds dat dit probleem veroorzaakt kan ik iets doen om dit te voorkomen of Alvast bedankt voor je hulp
- 9 november 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

ComboFix 12-11-08.01 - Henk 08-11-2012 21:04:24.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2123 [GMT 1:00] Gestart vanuit: d:\henk\Desktop\FF bewaren\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-08 to 2012-11-08 )))))))))))))))))))))))))))))) . . 2012-11-08 20:11 . 2012-11-08 20:11 -------- d-----w- c:\users\test\AppData\Local\temp 2012-11-08 20:11 . 2012-11-08 20:11 -------- d-----w- c:\users\test henk\AppData\Local\temp 2012-11-08 20:11 . 2012-11-08 20:11 -------- d-----w- c:\users\TEMP.Henk-PC.002\AppData\Local\temp 2012-11-06 14:56 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB5A850E-3C33-4B46-8054-1488DF852E28}\mpengine.dll 2012-10-26 20:15 . 2012-10-26 20:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-10-26 20:15 . 2012-10-26 20:15 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2012-10-26 20:15 . 2012-10-26 20:15 340992 ----a-w- c:\windows\system32\schannel.dll 2012-10-26 20:15 . 2012-10-26 20:15 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-10-26 20:15 . 2012-10-26 20:15 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2012-10-26 20:15 . 2012-10-26 20:15 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-10-26 20:15 . 2012-10-26 20:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-10-26 20:15 . 2012-10-26 20:15 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-10-26 20:15 . 2012-10-26 20:15 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2012-10-10 14:34 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 14:39 . 2010-11-15 14:23 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-08 21:36 . 2012-04-03 13:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-08 21:36 . 2011-05-20 10:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-29 18:54 . 2010-12-19 18:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 20:32 . 2012-09-25 20:32 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-11 20:37 . 2012-09-11 20:37 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-11 20:37 . 2012-09-11 20:37 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-11 20:36 . 2012-09-11 20:36 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-11 20:36 . 2012-09-11 20:36 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-11 20:36 . 2012-09-11 20:36 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-11 20:36 . 2012-09-11 20:36 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-11 20:36 . 2012-09-11 20:36 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-08-24 18:05 . 2012-09-22 07:29 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 18:05 . 2012-09-22 07:29 1494528 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 18:05 . 2012-09-22 07:29 134144 ----a-w- c:\windows\system32\url.dll 2012-08-24 18:03 . 2012-09-22 07:29 9056256 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 18:03 . 2012-09-22 07:29 97792 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 18:03 . 2012-09-22 07:29 735744 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 18:03 . 2012-09-22 07:29 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 18:02 . 2012-09-22 07:29 247808 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 18:02 . 2012-09-22 07:29 12295680 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 18:02 . 2012-09-22 07:29 2453504 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 16:57 . 2012-09-22 07:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 15:59 . 2012-09-22 07:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 15:20 . 2012-09-22 07:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-21 09:13 . 2011-04-10 14:41 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13 . 2010-10-16 10:40 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13 . 2010-10-16 10:40 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13 . 2012-02-26 14:17 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-08-21 09:13 . 2010-10-16 10:40 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-08-21 09:13 . 2010-10-16 10:40 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:12 . 2010-10-16 10:39 41224 ----a-w- c:\windows\avastSS.scr 2012-08-21 09:12 . 2010-10-16 10:39 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-08-21 09:12 . 2011-01-19 19:17 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-08-20 17:38 . 2012-10-10 14:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr 2012-08-14 18:50 . 2012-08-14 18:50 911360 ----a-w- c:\windows\system32\jscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 609792 ----a-w- c:\windows\system32\vbscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-14 18:50 . 2012-08-14 18:50 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-14 18:50 . 2012-08-14 18:50 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-14 18:50 . 2012-08-14 18:50 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-14 18:48 . 2012-08-14 18:48 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-14 18:48 . 2012-08-14 18:48 67072 ----a-w- c:\windows\splwow64.exe 2012-08-14 18:48 . 2012-08-14 18:48 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-14 18:48 . 2012-08-14 18:48 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-14 18:48 . 2012-08-14 18:48 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-14 18:48 . 2012-08-14 18:48 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-14 18:47 . 2012-08-14 18:47 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-14 18:47 . 2012-08-14 18:47 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"="c:\program files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" [2010-08-07 5324800] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-24 39408] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728] "VolPanel"="c:\program files (x86)\creative\sb x-fi mb\volume panel\volpanlu.exe" [2009-05-04 241789] "CTSyncService"="c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe" [2009-07-08 1233195] "StartCCC"="c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" [2010-04-06 102400] "VMonitorVMUVC"="c:\program files (x86)\vimicro corporation\vmuvc\vmonitor.exe" [2008-08-29 143360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880] . d:\henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Mediacontrole Cyber-shot Viewer.lnk - c:\program files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2012-7-1 155648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x] R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816] R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-26 19456] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-26 57856] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-18 1255736] R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-16 79360] R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-16 79360] R4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-16 79360] R4 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-21 868848] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-10-23 103472] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-06-30 45456] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 198784] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:36] . 2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job - d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15] . 2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job - d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15] . 2012-11-08 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-28 19:59] . 2012-04-28 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-24 17:49] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00] . 2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job - d:\henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13 22:36] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job - d:\henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13 22:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\microsoft intellipoint\ipoint.exe" [2010-07-06 2327952] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 FF - ProfilePath - d:\henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=a4d9afe50000000000000025227057c3&q= FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: extensions.BabylonToolbar_i.id - a4d9afe50000000000000025227057c3 FF - user.js: extensions.BabylonToolbar_i.hardId - a4d9afe50000000000000025227057c3 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15332 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:31 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: content.max.tokenizing.time - 2250000 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files (x86)\NOS\bin\getPlus_Helper_3004.dll . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire] "AlternateImagePath"="" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\ . [HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\SecuROM\License information*] "datasecu"=hex:e6,21,3f,75,5d,34,c4,45,ee,16,73,29,a9,e4,1d,a6,0a,cc,fe,38,e4, 23,71,b6,87,7d,ad,cf,72,43,df,42,36,7e,15,ff,8f,b4,f0,a6,a7,9b,95,6f,46,55,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe c:\windows\SysWOW64\rundll32.exe . ************************************************************************** . Voltooingstijd: 2012-11-08 21:19:43 - machine werd herstart ComboFix-quarantined-files.txt 2012-11-08 20:19 ComboFix2.txt 2012-09-30 10:18 . Pre-Run: 148.620.140.544 bytes beschikbaar Post-Run: 148.536.102.912 bytes beschikbaar . - - End Of File - - 84C0803ADE7A8E920E0AAB377710E0C6 pc gaat nu wel erg traag lopen na combofix
- 8 november 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

het is een poos goed gegaan maar nu weer zwart scherm heb even weer een logje gemaakt kan je er misschien nog even naar kijken als je tijd hebt. --------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:10:19, on 8-11-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe D:\Henk\Desktop\FF bewaren\HijackThis (1).exe C:\Windows\SysWOW64\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [VolPanel] "c:\program files (x86)\creative\sb x-fi mb\volume panel\volpanlu.exe" /r O4 - HKLM\..\Run: [CTSyncService] c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe /startrunkey O4 - HKLM\..\Run: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun O4 - HKLM\..\Run: [NBAgent] "c:\program files (x86)\nero\nero 10\nero backitup\nbagent.exe" /winstart O4 - HKLM\..\Run: [VMonitorVMUVC] "c:\program files (x86)\vimicro corporation\vmuvc\vmonitor.exe" vmuvc O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AlcoholAutomount] "c:\program files (x86)\alcohol soft\alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user') O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10328 bytes
- 8 november 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Zoals je aan gaf heb ik een test account gemaakt met administrator functie eerst op gestart moest bureaublafd voor bereid worden. Later alles weer opnieuw op gestart. Test-window welkom scherm 35sec,fotoscherm met witte snel koppelingen een voor een weer goed 40 sec. klaar ------- test afgemeld en andere gebruiker henk- welkom 5sec, en beeld en was klaar. zal zo nog even totaal afsluiten en weer op starten kijken als dat verschil in zit maar hij word beter lijkt het. henk-welkom 40sec,zwart 5sec,zwart scherm met taakbalk25sec,snelkoppelingen kompleet 2 sec.
- 30 september 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

heb even de opstart bij de vergeleken zitten verschillen in. klik loekie aan- welkom draait 25 sec,knippert zwarte scherm even,welkom 35sec draait, even zwart scherm, alleen taakbalk 10sec daarna beeld en de snelkoppelingen zijn wit en gaan 1 voor 1 weer goed en duurd dan 15sec. nu is opstarten klaar. ----------------------- Klik henk aan-welkom 2sec, zwart scherm 5 sec, welkom 20 sec,zwartscherm 25 sec, taakbalk met een zwartscherm 55sec, daarna scherm met snelkoppelingen 10sec -klaar
- 30 september 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

pc start op normaal kom dan bij henk - loekie en klik op henk om verder te starten. Dan zie je 15sec een blauw scherm met welkom en zandloper draaid dan. even 2sec een zwart scherm, daarna 25 sec weer welkom, dan taakbalk even later scherm en dan komen de snel koppelingen. Trouwens nog bedankt voor je snelle hulp grt henk
- 30 september 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

ComboFix 12-09-29.01 - Henk 30-09-2012 12:02:56.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2579 [GMT 2:00] Gestart vanuit: d:\henk\Desktop\FF bewaren\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\facemoods.com c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.crx c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoods.png c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll c:\windows\security\Database\tmp.edb . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))) . . 2012-09-30 10:09 . 2012-09-30 10:09 -------- d-----w- d:\loekie\AppData\Local\temp 2012-09-30 10:09 . 2012-09-30 10:09 -------- d-----w- c:\users\test henk\AppData\Local\temp 2012-09-30 10:09 . 2012-09-30 10:09 -------- d-----w- c:\users\TEMP.Henk-PC.002\AppData\Local\temp 2012-09-30 10:09 . 2012-09-30 10:09 -------- d-----w- c:\users\Loekie\AppData\Local\temp 2012-09-30 10:09 . 2012-09-30 10:09 -------- d-----w- c:\users\Loekie.Henk-PC\AppData\Local\temp 2012-09-30 10:09 . 2012-09-30 10:09 -------- d-----w- c:\users\Henk\AppData\Local\temp 2012-09-30 10:09 . 2012-09-30 10:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-30 10:09 . 2012-09-30 10:09 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-09-28 14:56 . 2012-09-28 15:02 -------- d-----w- d:\henk\AppData\Roaming\GlarySoft 2012-09-28 14:56 . 2012-09-28 14:58 -------- d-----w- c:\program files (x86)\Glary Utilities 2012-09-28 10:44 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1B36DEA1-EC1E-429A-A459-EDE547B30091}\mpengine.dll 2012-09-25 20:32 . 2012-09-25 20:32 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-16 10:13 . 2012-09-16 10:13 -------- d-----w- d:\henk\AppData\Local\Downloaded Installations 2012-09-15 19:52 . 2012-09-15 19:52 -------- d-----w- d:\henk\AppData\Roaming\Alawar 2012-09-11 20:37 . 2012-09-11 20:37 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-11 20:37 . 2012-09-11 20:37 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-11 20:36 . 2012-09-11 20:36 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-11 20:36 . 2012-09-11 20:36 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-11 20:36 . 2012-09-11 20:36 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-11 20:36 . 2012-09-11 20:36 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-11 20:36 . 2012-09-11 20:36 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-04 20:06 . 2012-09-04 20:07 -------- d-----w- c:\programdata\SUPERSetup . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-27 16:12 . 2012-04-03 13:53 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-27 16:12 . 2011-05-20 10:21 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-12 21:50 . 2010-11-15 14:23 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-09-07 15:04 . 2010-12-19 18:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 09:13 . 2011-04-10 14:41 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-08-21 09:13 . 2010-10-16 10:40 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-08-21 09:13 . 2010-10-16 10:40 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-08-21 09:13 . 2012-02-26 14:17 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-08-21 09:13 . 2010-10-16 10:40 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-08-21 09:13 . 2010-10-16 10:40 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:12 . 2010-10-16 10:39 41224 ----a-w- c:\windows\avastSS.scr 2012-08-21 09:12 . 2010-10-16 10:39 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-08-21 09:12 . 2011-01-19 19:17 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-08-14 18:50 . 2012-08-14 18:50 911360 ----a-w- c:\windows\system32\jscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 609792 ----a-w- c:\windows\system32\vbscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-14 18:50 . 2012-08-14 18:50 73216 ----a-w- c:\windows\system32\netapi32.dll 2012-08-14 18:50 . 2012-08-14 18:50 59392 ----a-w- c:\windows\system32\browcli.dll 2012-08-14 18:50 . 2012-08-14 18:50 41984 ----a-w- c:\windows\SysWow64\browcli.dll 2012-08-14 18:50 . 2012-08-14 18:50 136704 ----a-w- c:\windows\system32\browser.dll 2012-08-14 18:48 . 2012-08-14 18:48 751104 ----a-w- c:\windows\system32\win32spl.dll 2012-08-14 18:48 . 2012-08-14 18:48 67072 ----a-w- c:\windows\splwow64.exe 2012-08-14 18:48 . 2012-08-14 18:48 559104 ----a-w- c:\windows\system32\spoolsv.exe 2012-08-14 18:48 . 2012-08-14 18:48 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2012-08-14 18:48 . 2012-08-14 18:48 503808 ----a-w- c:\windows\system32\srcore.dll 2012-08-14 18:48 . 2012-08-14 18:48 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2012-08-14 18:47 . 2012-08-14 18:47 956928 ----a-w- c:\windows\system32\localspl.dll 2012-08-14 18:47 . 2012-08-14 18:47 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 5.1 Free"="c:\program files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" [2010-08-07 5324800] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-24 39408] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128] . d:\henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Mediacontrole Cyber-shot Viewer.lnk - c:\program files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2012-7-1 155648] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-27 250288] R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x] R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816] R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-18 1255736] R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-16 79360] R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-16 79360] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176] R4 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176] R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-25 113120] R4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-16 79360] R4 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-21 868848] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672] S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-06-15 103472] S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 6659072] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 195584] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-06-30 45456] S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 198784] S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:12] . 2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job - d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15] . 2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job - d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15] . 2012-09-30 c:\windows\Tasks\GlaryInitialize.job - c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-28 19:59] . 2012-04-28 c:\windows\Tasks\Google Software Updater.job - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-24 17:49] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00] . 2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 FF - ProfilePath - d:\henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=a4d9afe50000000000000025227057c3&q= FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 FF - user.js: extensions.BabylonToolbar_i.id - a4d9afe50000000000000025227057c3 FF - user.js: extensions.BabylonToolbar_i.hardId - a4d9afe50000000000000025227057c3 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15332 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:31 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files (x86)\NOS\bin\getPlus_Helper_3004.dll . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire] "AlternateImagePath"="" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\ . [HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\SecuROM\License information*] "datasecu"=hex:e6,21,3f,75,5d,34,c4,45,ee,16,73,29,a9,e4,1d,a6,0a,cc,fe,38,e4, 23,71,b6,87,7d,ad,cf,72,43,df,42,36,7e,15,ff,8f,b4,f0,a6,a7,9b,95,6f,46,55,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\windows\SysWOW64\PnkBstrB.exe . ************************************************************************** . Voltooingstijd: 2012-09-30 12:18:00 - machine werd herstart ComboFix-quarantined-files.txt 2012-09-30 10:18 . Pre-Run: 149.539.565.568 bytes beschikbaar Post-Run: 149.374.980.096 bytes beschikbaar . - - End Of File - - 0A9B19462B9F4818F73E848F6D4E3101 ------------------------------------------------------------------------------- nu een verse hijackthis file Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:35:58, on 30-9-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe D:\Henk\Desktop\FF bewaren\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user') O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10117 bytes
- 30 september 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Malwarebytes Anti-Malware 1.65.0.1400 Malwarebytes : Free anti-malware download Databaseversie: v2012.09.29.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Henk :: HENK-PC [administrator] 29-9-2012 15:57:35 mbam-log-2012-09-29 (15-57-35).txt Scantype: Volledige scan (C:\|) Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 522654 Verstreken tijd: 1 uur/uren, 2 minuut/minuten, 44 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde)
- 29 september 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:42:35, on 29-9-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe c:\PROGRA~2\mcafee\SITEAD~1\saui.exe C:\Program Files (x86)\FireTrust\MailWasher Free\MailWasher.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\NOTEPAD.EXE D:\Henk\Desktop\FF bewaren\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user') O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11120 bytes
- 29 september 2012
- 21 antwoorden
bij op starten pc lang zwart scherm.

henk253 plaatste een topic in Archief Bestrijding malware & virussen

probeer het even uit te leggen. Als ik pc op start dan start hij ook gewoon op via windows en opent het scherm henk en loekie. Klik ik op henk dan start hij verder op. Maar dan krijg ik 45 sec een zwart scherm, kijk ik op de pc beneden dan brand naast het blauwe lamp het rode lampje constant. Na die 45 sec komt eerst de blauwe taakbalk maar het scherm blijft nog zwart. Daarna komt het scherm wel in beeld maar geen snelkoppelingen. Dan komen de snelkoppelingen te voorschijn langzaam maar zijn wit met een pijltje er in. Daarna komen stap voor stap de snel koppelingen terug Nu is pc op gestart ------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:43:55, on 29-9-2012 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Running processes: C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe D:\Henk\Desktop\FF bewaren\hijackthis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ironto&s={searchTerms}&f=4 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [iNTERNATIONAL] International O13 - Gopher Prefix: O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing) kan iemand kijken wat evt het probleem is. windows7 is uptodate drivers video kaart was ook goed Mvg henk253
- 29 september 2012
- 21 antwoorden
pc sluit niet af en is traag

henk253 reageerde op henk253's topic in Archief Windows Algemeen

Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4463 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 22-8-2010 23:42:18 mbam-log-2010-08-22 (23-42-18).txt Scantype: Snelle scan Objecten gescand: 156479 Verstreken tijd: 10 minuut/minuten, 24 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:44:25, on 22-8-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\MailWasher\MailWasher.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 8746 bytes
- 22 augustus 2010
- 4 antwoorden
pc sluit niet af en is traag

henk253 reageerde op henk253's topic in Archief Windows Algemeen

heeft iemand een idee?
- 22 augustus 2010
- 4 antwoorden
pc sluit niet af en is traag

henk253 plaatste een topic in Archief Windows Algemeen

Bij het afsluiten van me pc, staat er windows word afgesloten en dit blijft dan uren staan, dan blijft de ventilator van de kast draaien, de lampje van de pc blijven branden, maar Windows sluit niet af. Ik moet dan de stekker er uit halen van stroom pc. Ook valt soms op dat als je een programma wilt afsluiten dat dit in het beeld scherm blijft hangen. Moet dan ctr-alt-delete doen om hem te verwijderen. kunnen jullie er even naar kijken zodat we samen een oplossing kunnen zoeken Alvast bedankt Mvg henk Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:40:12, on 21-8-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- End of file - 8745 bytes Ook heb ik vaak dat msn niet meer reageerd dan moet ik msn gereset worden Ik heb de aanwijzingen van een forum post opgevolgd, hierin werden de persoonlijke instellingen van MSN messenger ge-reset door ze uit het register te verwijderen. Hieronder een stappenplan als het probleem zich nog een keer voor doet. Je opent de Register Editor via · Start->Uitvoeren->regedit vervolgens navigeer je naar de map · HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger Maak eerst een backup van deze map via · Rechtermuisklik op map->Exporteren en sla dit .reg-bestand ergens op Als je deze backup hebt, verwijder dan de gehele map · Rechtermuisklik op map->Verwijderen Tada, MSN werkt weer. Mocht dit geen oplossing zijn kan je de verwijderde instellingen terugzetten door te dubbelklikken op je backup bestand.
- 21 augustus 2010
- 4 antwoorden
er klopt hier iets niet pc traag.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Bedankt Kape. Voor je snelle reacties en hulp Mvg Henk
- 12 juni 2010
- 12 antwoorden
er klopt hier iets niet pc traag.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

het laatste regel klopt niet in mijn pc. Schijnbaar heeft een of andere programma me systeemherstelpunt al uit geschakeld er stond namelijk al een V in het hokje. Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken, deze stond al aan gevinkt. Ik heb hem uit gevinkt en op gestart, toen bleek dat er een nieuw herstel punt was gemaakt. Toepassen en OK. PC herstarten dit laatste heb ik dus niet gedaan was al uit geschakeld ( en het vinkje terug weg halen).
- 11 juni 2010
- 12 antwoorden
er klopt hier iets niet pc traag.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Pc loopt nu wel wat beter. Ik kwam er achter pc liep al wat traag dacht geheugen Heb een Agics systeem scan gedaan en gaf aan dat er een Trojan.vundo (mfevtps.exe) er in zat en me virusscan niks vond en spyware dokter ook niks. Had via (ctrl-alt-delete) proses mfevtps.exe verwijderd. Dit wou alleen als ik niet met internet in verbinding stond. En zoals je al aan gaf dat er nog dingen van mcaffee er stonden. mocht er nog wat zijn wat nog aan gepast moet worden dan hoor ik het graag mvg henk
- 11 juni 2010
- 12 antwoorden
er klopt hier iets niet pc traag.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

ComboFix 10-06-10.04 - henk 11-06-2010 13:33:56.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.876 [GMT 2:00] Gestart vanuit: c:\documents and settings\henk\Bureaublad\FF bewaren\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\henk\Bureaublad\CFScript.txt AV: avast! antivirus 4.8.1368 [VPS 100611-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} * Nieuw herstelpunt werd aangemaakt FILE :: "c:\windows\system32\drivers\kgpcpy.cfg" . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\kgpcpy.cfg . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))) . 2010-06-10 22:05 . 2010-06-10 22:05 -------- d--h--r- c:\documents and settings\henk\Onlangs geopend 2010-06-09 21:57 . 2010-06-09 21:57 20480 ---ha-w- C:\SZKGFS.dat 2010-06-09 21:55 . 2010-06-09 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2010-06-09 21:53 . 2010-06-09 21:53 -------- d-----w- c:\program files\Common Files\iS3 2010-06-09 21:53 . 2010-06-09 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2010-06-09 19:01 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-06 17:28 . 2010-06-06 17:28 -------- d-----w- c:\documents and settings\henk\Application Data\iWin 2010-06-06 17:25 . 2010-06-06 17:25 -------- d-----w- c:\program files\Patriot Games . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-11 11:41 . 2008-09-06 01:03 -------- d-----w- c:\program files\Spyware Doctor 2010-06-11 11:32 . 2008-01-10 13:30 -------- d-----w- c:\program files\SPAMfighter 2010-06-11 11:32 . 2007-01-07 13:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-11 11:14 . 2004-01-28 22:14 -------- d-----w- c:\documents and settings\henk\Application Data\MailWasher 2010-06-10 19:00 . 2008-12-27 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-09 20:08 . 2006-09-17 11:33 -------- d-----w- c:\program files\Winamp 2010-06-09 20:06 . 2003-04-08 12:00 540884 ----a-w- c:\windows\system32\perfh013.dat 2010-06-09 20:06 . 2003-04-08 12:00 105950 ----a-w- c:\windows\system32\perfc013.dat 2010-06-09 19:59 . 2009-08-16 13:11 228 ----a-w- c:\windows\system32\edacded0.dat 2010-06-09 19:55 . 2005-11-14 15:37 -------- d-----w- c:\documents and settings\henk\Application Data\Azureus 2010-06-09 19:23 . 2005-08-21 15:57 -------- d-----w- c:\program files\HP 2010-06-09 19:15 . 2007-04-02 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-08 21:00 . 2009-09-13 20:45 -------- d-----w- c:\documents and settings\henk\Application Data\Zylom 2010-06-08 21:00 . 2009-08-18 18:00 -------- d-----w- c:\program files\Zylom Games 2010-06-07 20:59 . 2009-10-25 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games 2010-06-07 18:22 . 2009-02-07 12:25 -------- d-----w- c:\documents and settings\henk\Application Data\PlayFirst 2010-06-07 18:22 . 2007-11-29 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst 2010-06-05 12:35 . 2009-08-15 12:11 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-02 19:53 . 2008-10-02 21:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore 2010-05-17 21:20 . 2004-01-29 17:00 175 -c--a-w- c:\windows\popcinfo.dat 2010-05-09 14:10 . 2010-05-09 14:10 0 ----a-w- c:\windows\nsreg.dat 2010-05-09 12:44 . 2005-05-06 21:27 -------- d-----w- c:\program files\CCleaner 2010-05-08 15:43 . 2005-04-02 23:10 -------- d-----w- c:\program files\Google 2010-05-06 10:37 . 2004-08-23 18:35 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 21:48 . 2005-11-23 23:13 -------- d-----w- c:\program files\Azureus 2010-05-02 08:10 . 2003-04-08 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-30 22:32 . 2010-04-30 22:32 -------- d-----w- c:\program files\Winamp Detect 2010-04-29 13:39 . 2008-12-27 18:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2008-12-27 18:19 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:35 . 2003-04-08 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-26 08:33 . 2010-05-08 12:32 1496064 ----a-w- c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-26 08:33 . 2010-05-08 12:32 43008 ----a-w- c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-26 08:33 . 2010-05-08 12:32 339456 ----a-w- c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-26 08:32 . 2010-05-08 12:32 346112 ----a-w- c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-24 18:24 . 2010-03-24 18:24 31032 ----a-w- c:\windows\system32\ntaccess_64.sys 2010-03-24 18:24 . 2008-04-14 00:21 25400 ----a-w- c:\windows\system32\Ntaccess.sys 2009-10-11 13:53 . 2008-10-18 13:09 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2006-09-23 12:39 . 2006-09-23 12:39 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( SnapShot@2010-06-10_21.15.28 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-11 11:31 . 2010-06-11 11:31 16384 c:\windows\Temp\Perflib_Perfdata_7e8.dat + 2010-06-10 21:26 . 2010-06-10 21:26 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat + 2010-06-11 11:31 . 2010-06-11 11:31 16384 c:\windows\Temp\Perflib_Perfdata_558.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-25 13:03 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 09:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-10-11 13:53 30192 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-24 01:24 282624 -c--a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2008-08-29 16:27 143360 -c--a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Agics\\Agics systemscan\\ASC.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [4-1-2005 15:26 9344] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19-8-2009 17:28 207792] R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [15-12-2005 13:46 159616] R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [15-12-2005 13:46 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31-1-2010 13:35 114768] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [19-8-2009 17:29 233136] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 11:33 9968] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [28-4-2009 11:33 74480] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [31-5-2008 16:22 141312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31-1-2010 13:35 20560] R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [29-1-2004 0:36 22528] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19-8-2009 17:26 358600] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12-3-2009 10:44 184968] R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [19-10-2004 23:07 20160] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [11-11-2009 21:22 252416] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [11-11-2009 21:22 398720] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30-4-2010 13:36 136176] S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18-10-2008 15:09 30192] S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [5-12-2009 16:23 18432] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 11:33 7408] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [13-7-2006 21:28 223128] S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [4-1-2005 15:26 389504] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-7-2006 21:19 642560] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 13:31 92008] --- Andere Services/Drivers In Geheugen --- *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Inhoud van de 'Gedeelde Taken' map 2010-06-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 13:51] 2010-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 11:35] 2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 11:35] 2010-06-11 c:\windows\Tasks\User_Feed_Synchronization-{633B164B-EBDB-456D-BE2C-EDA5271908B4}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = proxy:8080 uInternet Settings,ProxyOverride = <local> IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: com\www.msi Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: ziggo.nl\thuishelp DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npirsviewer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmidas.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-11 13:42 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A0755F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28 \Driver\ACPI -> ACPI.sys @ 0xf7566cb8 \Driver\atapi -> 0x8a0755f8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-854245398-484061587-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(720) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2010-06-11 13:45:38 ComboFix-quarantined-files.txt 2010-06-11 11:45 ComboFix2.txt 2010-06-10 21:18 ComboFix3.txt 2010-01-23 22:24 ComboFix4.txt 2010-01-23 13:35 Pre-Run: 75.697.602.560 bytes beschikbaar Post-Run: 75.648.016.384 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=,1,2,3 - - End Of File - - 840773386FA586A993AF0718074D78E9 ------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:48:07, on 11-6-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\SPAMfighter\sfus.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 7461 bytes
- 11 juni 2010
- 12 antwoorden
er klopt hier iets niet pc traag.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

bij deze het logje en nog bedankt voor snelle reactie henk ComboFix 10-06-10.03 - henk 10-06-2010 23:07:14.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1535.880 [GMT 2:00] Gestart vanuit: c:\documents and settings\henk\Bureaublad\FF bewaren\ComboFix.exe AV: avast! antivirus 4.8.1368 [VPS 100610-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} . (((((((((((((((((((( Bestanden Gemaakt van 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))) . 2010-06-10 20:49 . 2010-06-10 20:49 -------- d--h--r- c:\documents and settings\henk\Onlangs geopend 2010-06-09 21:57 . 2010-06-09 21:57 20480 ---ha-w- C:\SZKGFS.dat 2010-06-09 21:55 . 2010-06-09 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard 2010-06-09 21:53 . 2010-06-09 21:53 -------- d-----w- c:\program files\Common Files\iS3 2010-06-09 21:53 . 2010-06-09 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2010-06-09 19:01 . 2010-05-06 10:36 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-06 17:28 . 2010-06-06 17:28 -------- d-----w- c:\documents and settings\henk\Application Data\iWin 2010-06-06 17:25 . 2010-06-06 17:25 -------- d-----w- c:\program files\Patriot Games . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-10 21:14 . 2008-09-06 01:03 -------- d-----w- c:\program files\Spyware Doctor 2010-06-10 21:06 . 2008-01-10 13:30 -------- d-----w- c:\program files\SPAMfighter 2010-06-10 21:06 . 2007-01-07 13:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-10 20:42 . 2004-01-28 22:14 -------- d-----w- c:\documents and settings\henk\Application Data\MailWasher 2010-06-10 19:00 . 2008-12-27 18:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-09 22:15 . 2010-06-09 22:05 992 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg 2010-06-09 20:08 . 2006-09-17 11:33 -------- d-----w- c:\program files\Winamp 2010-06-09 20:06 . 2003-04-08 12:00 540884 ----a-w- c:\windows\system32\perfh013.dat 2010-06-09 20:06 . 2003-04-08 12:00 105950 ----a-w- c:\windows\system32\perfc013.dat 2010-06-09 19:59 . 2009-08-16 13:11 228 ----a-w- c:\windows\system32\edacded0.dat 2010-06-09 19:55 . 2005-11-14 15:37 -------- d-----w- c:\documents and settings\henk\Application Data\Azureus 2010-06-09 19:23 . 2005-08-21 15:57 -------- d-----w- c:\program files\HP 2010-06-09 19:15 . 2007-04-02 13:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-08 21:00 . 2009-09-13 20:45 -------- d-----w- c:\documents and settings\henk\Application Data\Zylom 2010-06-08 21:00 . 2009-08-18 18:00 -------- d-----w- c:\program files\Zylom Games 2010-06-07 20:59 . 2009-10-25 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Sandlot Games 2010-06-07 18:22 . 2009-02-07 12:25 -------- d-----w- c:\documents and settings\henk\Application Data\PlayFirst 2010-06-07 18:22 . 2007-11-29 20:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst 2010-06-05 12:35 . 2009-08-15 12:11 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-02 19:53 . 2008-10-02 21:40 -------- d-----w- c:\documents and settings\NetworkService\Application Data\SACore 2010-05-17 21:20 . 2004-01-29 17:00 175 -c--a-w- c:\windows\popcinfo.dat 2010-05-09 14:10 . 2010-05-09 14:10 0 ----a-w- c:\windows\nsreg.dat 2010-05-09 12:44 . 2005-05-06 21:27 -------- d-----w- c:\program files\CCleaner 2010-05-08 15:43 . 2005-04-02 23:10 -------- d-----w- c:\program files\Google 2010-05-06 10:37 . 2004-08-23 18:35 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-04 21:48 . 2005-11-23 23:13 -------- d-----w- c:\program files\Azureus 2010-05-02 08:10 . 2003-04-08 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys 2010-04-30 22:32 . 2010-04-30 22:32 -------- d-----w- c:\program files\Winamp Detect 2010-04-29 13:39 . 2008-12-27 18:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 13:39 . 2008-12-27 18:19 20952 -c--a-w- c:\windows\system32\drivers\mbam.sys 2010-04-20 05:35 . 2003-04-08 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-03-26 08:33 . 2010-05-08 12:32 1496064 ----a-w- c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-03-26 08:33 . 2010-05-08 12:32 43008 ----a-w- c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-03-26 08:33 . 2010-05-08 12:32 339456 ----a-w- c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-03-26 08:32 . 2010-05-08 12:32 346112 ----a-w- c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-03-24 18:24 . 2010-03-24 18:24 31032 ----a-w- c:\windows\system32\ntaccess_64.sys 2010-03-24 18:24 . 2008-04-14 00:21 25400 ----a-w- c:\windows\system32\Ntaccess.sys 2009-10-11 13:53 . 2008-10-18 13:09 122880 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll 2006-09-23 12:39 . 2006-09-23 12:39 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) "NoSimpleStartMenu"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMMyPictures"= 0 (0x0) "NoStartMenuMyMusic"= 0 (0x0) "NoRecentDocsNetHood"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-25 13:03 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk] path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 09:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2009-10-11 13:53 30192 -c--a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2006-09-24 01:24 282624 -c--a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMonitorVMUVC] 2008-08-29 16:27 143360 -c--a-w- c:\program files\Vimicro Corporation\VMUVC\VMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\Agics\\Agics systemscan\\ASC.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [4-1-2005 15:26 9344] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [19-8-2009 17:28 207792] R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [15-12-2005 13:46 159616] R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [15-12-2005 13:46 5248] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31-1-2010 13:35 114768] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [19-8-2009 17:29 233136] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28-4-2009 11:33 9968] R1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [28-4-2009 11:33 74480] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [31-5-2008 16:22 141312] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31-1-2010 13:35 20560] R2 MA1908Driver;MA1908Driver;c:\windows\system32\drivers\MA1908.SYS [29-1-2004 0:36 22528] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [19-8-2009 17:26 358600] R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12-3-2009 10:44 184968] R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [19-10-2004 23:07 20160] R3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [11-11-2009 21:22 252416] R3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [11-11-2009 21:22 398720] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30-4-2010 13:36 136176] S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18-10-2008 15:09 30192] S3 MsibiosDevice;MsibiosDevice;c:\program files\MSI\Live Update 4\LU4\msibios.sys [5-12-2009 16:23 18432] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28-4-2009 11:33 7408] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [13-7-2006 21:28 223128] S4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [4-1-2005 15:26 389504] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-7-2006 21:19 642560] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13-11-2009 13:31 92008] --- Andere Services/Drivers In Geheugen --- *Deregistered* - PCTSDInjDriver32 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Inhoud van de 'Gedeelde Taken' map 2010-06-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-12 13:51] 2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 11:35] 2010-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-30 11:35] 2010-06-10 c:\windows\Tasks\User_Feed_Synchronization-{633B164B-EBDB-456D-BE2C-EDA5271908B4}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = proxy:8080 uInternet Settings,ProxyOverride = <local> IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Trusted Zone: com\www.msi Trusted Zone: com.tw\asia.msi Trusted Zone: com.tw\global.msi Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: ziggo.nl\thuishelp DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab FF - ProfilePath - c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\documents and settings\henk\Application Data\Mozilla\Firefox\Profiles\1pflkza1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npirsviewer.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmidas.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS VERWIJDERD - - - - SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-06-10 23:15 Windows 5.1.2600 Service Pack 3 NTFS detected NTDLL code modification: ZwClose scannen van verborgen processen ... scannen van verborgen autostart items ... scannen van verborgen bestanden ... Scan succesvol afgerond verborgen bestanden: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A0D7D00]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28 \Driver\ACPI -> ACPI.sys @ 0xf7566cb8 \Driver\atapi -> 0x8a0d7d00 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac NDIS: -> SendCompleteHandler -> 0x0 PacketIndicateHandler -> 0x0 SendHandler -> 0x0 Warning: possible MBR rootkit infection ! user & kernel MBR OK ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_USERS\S-1-5-21-854245398-484061587-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- - - - - - - - > 'winlogon.exe'(720) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2010-06-10 23:18:22 ComboFix-quarantined-files.txt 2010-06-10 21:18 ComboFix2.txt 2010-01-23 22:24 ComboFix3.txt 2010-01-23 13:35 Pre-Run: 75.604.078.592 bytes beschikbaar Post-Run: 75.822.501.888 bytes beschikbaar Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=,1,2,3 - - End Of File - - 6C74E011BFB21918EE64A9FB64A26579
- 10 juni 2010
- 12 antwoorden
er klopt hier iets niet pc traag.

henk253 reageerde op henk253's topic in Archief Bestrijding malware & virussen

Malwarebytes' Anti-Malware 1.46 Malwarebytes Databaseversie: 4187 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10-6-2010 22:13:43 mbam-log-2010-06-10 (22-13-43).txt Scantype: Snelle scan Objecten gescand: 146120 Verstreken tijd: 26 minuut/minuten, 20 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) ------------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:17:17, on 10-6-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\SPAMfighter\sfus.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://eic.lgservice.com/DjvuViewer/DjVuControl-6.1.4.cab O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: McAfee Application Installer Cleanup (0278141276198575) (0278141276198575mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\henk\LOCALS~1\Temp\027814~1.EXE O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Desktop Manager 5.9.906.4286 (GoogleDesktopManager-060409-093314) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe (file missing) O23 - Service: McAfee Firewall Core Service (mfefire) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe (file missing) O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe -- End of file - 8587 bytes Ik had ondertussen ook macafee securitie center verwijderd deed geen dienst meer, nu Avast
- 10 juni 2010
- 12 antwoorden

Inloggen

Profielen

Forums

Store

Alles dat geplaatst werd door henk253

OVER ONS

SITEMAP

Belangrijke informatie