Bammens
-
Items
583 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Alles dat geplaatst werd door Bammens
-
Hallo Dasle, Graag wil ik verder met het probleem. Ik heb Blue Screen View gedownload en hier een log van gemaakt. Kijk maar even of ik het goed heb gedaan. Toen Speccy gedraaid en de link die ik kreeg heb ik hier ook bijgevoegd. Groet, Bammens. Dump File : Mini092312-01.dmp Crash Time : 23-9-2012 12:41:20 Bug Check String : BAD_POOL_HEADER Bug Check Code : 0x00000019 Parameter 1 : 00000000`00000020 Parameter 2 : fffffa80`06623000 Parameter 3 : fffffa80`06623260 Parameter 4 : 00000000`04260000 Caused By Driver : ecache.sys Caused By Address : ecache.sys+19fd0 File Description : Product Name : Company : File Version : Processor : x64 Computer Name : Full Path : C:\Windows\minidump\Mini092312-01.dmp ================================================== http://speccy.piriform.com/results/NzIqMZDLU4ev5njIXK38vOJ
-
Hallo Dasle, Terug van vakantie wil ik even terugkomen op het probleem. Het blauwe scherm is niet zo zeer het probleem, het probleem is dat hij steeds vastloopt, de muis geen kant op wil en het beels zwart wordt. Toch Blue Screen View downloaden?
-
Hallo Dasle, Ben met vacantie en kom er over een dag of tien op terug. Alvast bedankt.
-
Nee, dat is het enige dat er staat. Ik houd dan de aan/uit knop net zolang ingedrukt tot hij uit gaat en dan start ik opnieuw op. In de meeste gevallen lukt dat ook weer. Het punt is dat hij soms een paar keer opgestart moet worden.
-
Heb je hier iets aan: Acer C en Data D, verder het DVD station en stations verwisselbare schijven. Nee, kennis van de BIOS heb ik niet echt.
-
Acer Aspire M 3641 - Windows Vista Ik heb geen idee wat RAID betekent, kan hier dus geen antwoord op geven.
-
De pc van mijn vrouw vertoont kuren. Een paar keer een blauw scherm gehad, een paar keer is de muis blijven steken, dat allemaal wel weer werkte nadat de pc opnieuw opgestart was. Nu echter krijg ik linksboven in het scherm te zien: MediaShield ROM BIOS 10.0.0. PC blijft nu vastzitten. Graag uw advies.
-
Met het programma RECUVA kan ik verwijderde bestanden terughalen. Dit betekent dat deze bestanden ergens op de harddisk moeten staan. Hoe krijg ik deze bestanden definitief verwijderd?
-
Hoe zet ik mijn Acer terug naar de fabrieksinstellingen?
-
Dan ga ik hem eerst maar eens opnieuw installeren en dan zie ik wel wat hij doet. Kape en Stegisoft, heel erg bedankt voor jullie eindeloze geduld en inzet. Vriendelijke groet, Bammens.
-
Een laatste vraag: heeft het zin als ik de pc helemaal opnieuw installeer?
-
Ja, in de veilige modus gaat hij ook vanzelf uit.
-
Het is de pc die ik uitsluitend gebruik om video te bewerken. Ik werk op een andere pc. Het punt is dat hij, terwijl ik hem alleen maar aanzet en er verder helemaal niets mee doe, na een kwartiertje vanzelf uitschakelt. Wat moet er nu verder gebeuren?
-
http://speccy.piriform.com/results/gzL5dAf56xJ3IsSiqzvZ5Vl
-
Ik krijg geen foutmelding, hij slaat gewoon af.
-
Het probleem waar we mee begonnen: na een minuut of tien/vijftien schakelt de pc vanzelf uit.
-
ComboFix 12-07-06.01 - Carl 06-07-2012 12:19:08.3.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6142.4713 [GMT 2:00] Gestart vanuit: c:\users\Carl\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Carl\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Temp\logishrd\LVPrcInj01.dll" "c:\windows\Temp\logishrd\LVPrcInj02.dll" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\found.000 c:\found.000\file0000.chk c:\windows\system32\drivers\etc\hosts.ics c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . konden niet verwijderd worden c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . konden niet verwijderd worden . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))) . . 2012-07-06 10:29 . 2012-07-06 10:31 -------- d-----w- c:\users\Carl\AppData\Local\temp 2012-07-06 10:29 . 2012-07-06 10:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-04 10:03 . 2012-05-29 15:28 34656 ----a-w- c:\windows\system32\TURegOpt.exe 2012-07-04 10:03 . 2012-05-29 15:27 25952 ----a-w- c:\windows\system32\authuitu.dll 2012-07-04 10:03 . 2012-05-29 15:27 21344 ----a-w- c:\windows\SysWow64\authuitu.dll 2012-07-04 10:02 . 2012-07-04 10:02 -------- d-----w- c:\users\Carl\AppData\Roaming\TuneUp Software 2012-07-04 10:02 . 2012-07-04 10:03 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012 2012-07-04 10:02 . 2012-07-04 10:04 -------- d-----w- c:\programdata\TuneUp Software 2012-07-04 10:01 . 2012-07-04 10:01 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-07-04 10:01 . 2012-07-04 10:01 -------- d--h--w- c:\programdata\Common Files 2012-06-15 19:15 . 2012-07-04 09:31 -------- d-----w- c:\program files\CCleaner 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\ca-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\eu-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\vi-VN 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\eu-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\ca-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\vi-VN 2012-06-15 18:53 . 2012-06-15 18:53 -------- d-----w- c:\windows\system32\SPReview 2012-06-15 18:32 . 2009-04-10 22:11 946688 ----a-w- c:\windows\system32\scavenge.dll 2012-06-15 18:32 . 2009-04-10 22:10 56320 ----a-w- c:\windows\system32\compcln.exe 2012-06-15 18:30 . 2009-04-28 11:14 3584 ----a-w- c:\windows\system32\drivers\nl-NL\hdaudbus.sys.mui 2012-06-15 18:29 . 2009-04-28 11:12 8704 ----a-w- c:\windows\system32\drivers\nl-NL\bthport.sys.mui 2012-06-15 18:24 . 2009-04-10 22:11 88576 ----a-w- c:\windows\system32\iassvcs.dll 2012-06-15 18:20 . 2012-06-15 18:20 -------- d-----w- c:\windows\system32\EventProviders 2012-06-15 18:18 . 2012-06-15 19:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003 2012-06-15 11:01 . 2012-06-15 11:01 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-15 10:12 . 2012-06-15 10:12 388096 ----a-r- c:\users\Carl\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-15 10:12 . 2012-06-15 10:12 -------- d-----w- c:\program files (x86)\Trend Micro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2012-07-05_14.25.21 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2012-07-06 09:03 58266 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2012-07-06 10:12 88210 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-11-25 14:47 . 2012-07-06 10:12 11658 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3181810260-507779967-866044231-1000_UserData.bin + 2010-11-25 14:43 . 2012-07-06 10:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-25 14:43 . 2012-07-04 10:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-25 14:43 . 2012-07-04 10:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-11-25 14:43 . 2012-07-06 10:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-11-25 14:43 . 2012-07-04 10:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-25 14:43 . 2012-07-06 10:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-29 16:38 . 2012-07-04 08:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-11-29 16:38 . 2012-07-05 18:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-29 16:38 . 2012-07-04 08:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-11-29 16:38 . 2012-07-05 18:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-11-29 16:38 . 2012-07-05 18:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-29 16:38 . 2012-07-04 08:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-28 10:10 . 2012-07-05 14:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-11-28 10:10 . 2012-07-06 10:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-11-28 10:10 . 2012-07-06 10:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-28 10:10 . 2012-07-05 14:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-06 10:30 . 2012-07-06 10:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-06 10:30 . 2012-07-06 10:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-05 14:24 . 2012-07-05 14:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-05 14:25 . 2009-10-06 23:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll + 2012-07-06 10:30 . 2009-10-06 23:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll + 2012-07-06 10:30 . 2009-10-06 23:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll - 2012-07-05 14:25 . 2009-10-06 23:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll - 2008-01-21 08:09 . 2012-07-05 14:18 667114 c:\windows\system32\perfh013.dat + 2008-01-21 08:09 . 2012-07-06 10:16 667114 c:\windows\system32\perfh013.dat - 2006-11-02 12:46 . 2012-07-05 14:18 586980 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2012-07-06 10:16 586980 c:\windows\system32\perfh009.dat - 2008-01-21 08:09 . 2012-07-05 14:18 126648 c:\windows\system32\perfc013.dat + 2008-01-21 08:09 . 2012-07-06 10:16 126648 c:\windows\system32\perfc013.dat - 2006-11-02 12:46 . 2012-07-05 14:18 101052 c:\windows\system32\perfc009.dat + 2006-11-02 12:46 . 2012-07-06 10:16 101052 c:\windows\system32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-25 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2010-11-25 319488] SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2010-11-25 339968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" . S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Inhoud van de 'Gedeelde Taken' map . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 19:41] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 19:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344] "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264] "Skytel"="Skytel.exe" [2008-09-18 1833504] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-09 15941152] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=1110&m=aspire_m7711 mLocal Page = %SystemRoot%\system32\blank.htm TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,2a,11,40,94,3a, 52,1d,0d,e2,63,26,f1,3f,c8,ff,68,be,85,04,24,cc,59,08,42,e2,63,26,f1,3f,c8,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,06,96,0a,19,46, 43,cd,e2,6a,9c,d6,61,af,45,84,18,b2,2a,e8,f5,ba,ca,00,1a,6a,9c,d6,61,af,45,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c0,e0,06,d6,ba, 13,7f,8a,ff,7c,85,e0,43,d4,0e,fe,2d,de,f7,6c,66,04,52,92,ff,7c,85,e0,43,d4,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5b,65,52,cc,35, 19,98,88,86,8c,21,01,be,91,eb,e7,6c,71,a5,6b,0c,aa,67,07,86,8c,21,01,be,91,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,bf,b9,93,85,0d, 0a,f2,5c,f5,1d,4d,73,a8,13,5c,05,b4,7d,f0,5b,7e,12,8f,7f,f5,1d,4d,73,a8,13,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,5e,f8,c5,cb,3e, 1a,f6,7c,df,20,58,62,78,6b,cf,c8,d0,eb,f6,51,85,0f,38,b7,df,20,58,62,78,6b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,45,f9,3f,5c,07, 53,50,1a,fb,a7,78,e6,12,2f,9a,ea,ad,d2,e1,d0,1b,bb,7c,46,fb,a7,78,e6,12,2f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @SACL= @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @SACL= @="ShockwaveFlash.ShockwaveFlash.9" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @SACL= @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @SACL= @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @SACL= @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @SACL= @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @SACL= @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @SACL= @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @SACL= @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @SACL= @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] @SACL= "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @SACL= @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,18,f1,a7,8a,1b, 02,2a,2a,01,3a,48,fc,e8,04,4a,f1,d0,cd,e1,3e,fa,99,b1,31,01,3a,48,fc,e8,04,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f0,b9,60,2e,cb, 26,3b,f8,f6,0f,4e,58,98,5b,89,c9,b6,4f,49,85,24,74,c2,5f,f6,0f,4e,58,98,5b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9c,e4,23,45,21, aa,e4,1f,3d,ce,ea,26,2d,45,aa,78,31,71,bf,d1,d4,97,32,b7,3d,ce,ea,26,2d,45,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,8f,fa,bf,1a,79, 3e,c8,ad,2a,b7,cc,b5,b9,7f,41,e7,d3,9b,28,28,a8,7c,fe,b9,2a,b7,cc,b5,b9,7f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,c3,54,0f,90,ff, 7e,b8,53,6c,43,2d,1e,aa,22,2f,9c,04,88,f9,1f,08,21,9c,10,6c,43,2d,1e,aa,22,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @SACL= @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @SACL= @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @SACL= @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @SACL= @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @SACL= @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @SACL= @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*¶O] "3140110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2012-07-06 12:39:48 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-06 10:39 ComboFix2.txt 2012-07-06 09:10 ComboFix3.txt 2012-07-05 14:28 . Pre-Run: 200.270.688.256 bytes beschikbaar Post-Run: 200.020.287.488 bytes beschikbaar . - - End Of File - - 9BC399B44EADC3724D5C3AAE26E19FEC
-
Kape, ik weet niet of jullie dat wel eens doen, maar ik heb er geen enkel probleem mee wanneer je in mijn pc kijkt. Laat maar weten wat ik daarvoor moet doen.
-
Ik bewonder je geduld. ComboFix 12-07-06.01 - Carl 06-07-2012 10:48:38.2.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6142.4603 [GMT 2:00] Gestart vanuit: c:\users\Carl\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . konden niet verwijderd worden c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . konden niet verwijderd worden . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))) . . 2012-07-06 08:58 . 2012-07-06 09:01 -------- d-----w- c:\users\Carl\AppData\Local\temp 2012-07-06 08:58 . 2012-07-06 08:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-05 15:52 . 2012-07-05 15:52 -------- d-----w- C:\found.000 2012-07-04 10:03 . 2012-05-29 15:28 34656 ----a-w- c:\windows\system32\TURegOpt.exe 2012-07-04 10:03 . 2012-05-29 15:27 25952 ----a-w- c:\windows\system32\authuitu.dll 2012-07-04 10:03 . 2012-05-29 15:27 21344 ----a-w- c:\windows\SysWow64\authuitu.dll 2012-07-04 10:02 . 2012-07-04 10:02 -------- d-----w- c:\users\Carl\AppData\Roaming\TuneUp Software 2012-07-04 10:02 . 2012-07-04 10:03 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012 2012-07-04 10:02 . 2012-07-04 10:04 -------- d-----w- c:\programdata\TuneUp Software 2012-07-04 10:01 . 2012-07-04 10:01 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-07-04 10:01 . 2012-07-04 10:01 -------- d--h--w- c:\programdata\Common Files 2012-06-15 19:15 . 2012-07-04 09:31 -------- d-----w- c:\program files\CCleaner 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\ca-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\eu-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\vi-VN 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\eu-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\ca-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\vi-VN 2012-06-15 18:53 . 2012-06-15 18:53 -------- d-----w- c:\windows\system32\SPReview 2012-06-15 18:32 . 2009-04-10 22:11 946688 ----a-w- c:\windows\system32\scavenge.dll 2012-06-15 18:32 . 2009-04-10 22:10 56320 ----a-w- c:\windows\system32\compcln.exe 2012-06-15 18:30 . 2009-04-28 11:14 3584 ----a-w- c:\windows\system32\drivers\nl-NL\hdaudbus.sys.mui 2012-06-15 18:29 . 2009-04-28 11:12 8704 ----a-w- c:\windows\system32\drivers\nl-NL\bthport.sys.mui 2012-06-15 18:24 . 2009-04-10 22:11 88576 ----a-w- c:\windows\system32\iassvcs.dll 2012-06-15 18:20 . 2012-06-15 18:20 -------- d-----w- c:\windows\system32\EventProviders 2012-06-15 18:18 . 2012-06-15 19:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003 2012-06-15 11:01 . 2012-06-15 11:01 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-15 10:12 . 2012-06-15 10:12 388096 ----a-r- c:\users\Carl\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-15 10:12 . 2012-06-15 10:12 -------- d-----w- c:\program files (x86)\Trend Micro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2012-07-05_14.25.21 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2012-07-05 18:17 58226 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2012-07-06 08:42 88202 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2010-11-25 14:47 . 2012-07-06 08:42 11634 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3181810260-507779967-866044231-1000_UserData.bin + 2010-11-25 14:43 . 2012-07-05 18:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-25 14:43 . 2012-07-04 10:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-25 14:43 . 2012-07-04 10:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-11-25 14:43 . 2012-07-05 18:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-11-25 14:43 . 2012-07-04 10:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-25 14:43 . 2012-07-05 18:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-29 16:38 . 2012-07-04 08:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-11-29 16:38 . 2012-07-05 18:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-11-29 16:38 . 2012-07-04 08:45 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-11-29 16:38 . 2012-07-05 18:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-11-29 16:38 . 2012-07-05 18:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-29 16:38 . 2012-07-04 08:45 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-28 10:10 . 2012-07-05 14:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-11-28 10:10 . 2012-07-06 09:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-11-28 10:10 . 2012-07-06 09:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-11-28 10:10 . 2012-07-05 14:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-07-06 09:00 . 2012-07-06 09:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-06 09:00 . 2012-07-06 09:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-05 14:24 . 2012-07-05 14:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-05 14:25 . 2009-10-06 23:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll + 2012-07-06 09:00 . 2009-10-06 23:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll + 2012-07-06 09:00 . 2009-10-06 23:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll - 2012-07-05 14:25 . 2009-10-06 23:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll - 2008-01-21 08:09 . 2012-07-05 14:18 667114 c:\windows\system32\perfh013.dat + 2008-01-21 08:09 . 2012-07-06 08:47 667114 c:\windows\system32\perfh013.dat - 2006-11-02 12:46 . 2012-07-05 14:18 586980 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2012-07-06 08:47 586980 c:\windows\system32\perfh009.dat - 2008-01-21 08:09 . 2012-07-05 14:18 126648 c:\windows\system32\perfc013.dat + 2008-01-21 08:09 . 2012-07-06 08:47 126648 c:\windows\system32\perfc013.dat - 2006-11-02 12:46 . 2012-07-05 14:18 101052 c:\windows\system32\perfc009.dat + 2006-11-02 12:46 . 2012-07-06 08:47 101052 c:\windows\system32\perfc009.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-25 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2010-11-25 319488] SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2010-11-25 339968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" . S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Inhoud van de 'Gedeelde Taken' map . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 19:41] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 19:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344] "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264] "Skytel"="Skytel.exe" [2008-09-18 1833504] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-09 15941152] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=1110&m=aspire_m7711 mLocal Page = %SystemRoot%\system32\blank.htm TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,2a,11,40,94,3a, 52,1d,0d,e2,63,26,f1,3f,c8,ff,68,be,85,04,24,cc,59,08,42,e2,63,26,f1,3f,c8,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,06,96,0a,19,46, 43,cd,e2,6a,9c,d6,61,af,45,84,18,b2,2a,e8,f5,ba,ca,00,1a,6a,9c,d6,61,af,45,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c0,e0,06,d6,ba, 13,7f,8a,ff,7c,85,e0,43,d4,0e,fe,2d,de,f7,6c,66,04,52,92,ff,7c,85,e0,43,d4,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5b,65,52,cc,35, 19,98,88,86,8c,21,01,be,91,eb,e7,6c,71,a5,6b,0c,aa,67,07,86,8c,21,01,be,91,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,bf,b9,93,85,0d, 0a,f2,5c,f5,1d,4d,73,a8,13,5c,05,b4,7d,f0,5b,7e,12,8f,7f,f5,1d,4d,73,a8,13,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,5e,f8,c5,cb,3e, 1a,f6,7c,df,20,58,62,78,6b,cf,c8,d0,eb,f6,51,85,0f,38,b7,df,20,58,62,78,6b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,45,f9,3f,5c,07, 53,50,1a,fb,a7,78,e6,12,2f,9a,ea,ad,d2,e1,d0,1b,bb,7c,46,fb,a7,78,e6,12,2f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @SACL= @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @SACL= @="ShockwaveFlash.ShockwaveFlash.9" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @SACL= @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @SACL= @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @SACL= @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @SACL= @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @SACL= @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @SACL= @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @SACL= @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @SACL= @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] @SACL= "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @SACL= @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,18,f1,a7,8a,1b, 02,2a,2a,01,3a,48,fc,e8,04,4a,f1,d0,cd,e1,3e,fa,99,b1,31,01,3a,48,fc,e8,04,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f0,b9,60,2e,cb, 26,3b,f8,f6,0f,4e,58,98,5b,89,c9,b6,4f,49,85,24,74,c2,5f,f6,0f,4e,58,98,5b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9c,e4,23,45,21, aa,e4,1f,3d,ce,ea,26,2d,45,aa,78,31,71,bf,d1,d4,97,32,b7,3d,ce,ea,26,2d,45,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,8f,fa,bf,1a,79, 3e,c8,ad,2a,b7,cc,b5,b9,7f,41,e7,d3,9b,28,28,a8,7c,fe,b9,2a,b7,cc,b5,b9,7f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,c3,54,0f,90,ff, 7e,b8,53,6c,43,2d,1e,aa,22,2f,9c,04,88,f9,1f,08,21,9c,10,6c,43,2d,1e,aa,22,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @SACL= @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @SACL= @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @SACL= @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @SACL= @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @SACL= @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @SACL= @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*¶O] "3140110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2012-07-06 11:10:35 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-06 09:10 ComboFix2.txt 2012-07-05 14:28 . Pre-Run: 199.973.433.344 bytes beschikbaar Post-Run: 200.071.200.768 bytes beschikbaar . - - End Of File - - 99E88A0EC83B2DD565EE81ADEF4E9165
-
Ook deze zijn hardnekkig. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:54:15, on 5-7-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: SmartCopy.lnk = C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7795 bytes
-
Excuus! Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:16:40, on 5-7-2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - Global Startup: SmartCopy.lnk = C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 7795 bytes
-
Volgens mij is hij inderdaad verdwenen. Heb de map 3432E verwijderd. Tot nu toe heeft de pc zich, na een minuut of 10, telkens weer uitgeschakeld. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:02:50, on 15-6-2012 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18639) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Internet Explorer\ieuser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PCMMediaSharing] "C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKCU\..\Run: [ProductReg] "C:\Program Files\Acer\WR_PopUp\ProductReg.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe O4 - Global Startup: SmartCopy.lnk = C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe O4 - Global Startup: SmartLauncher.lnk = C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (file missing) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (file missing) O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9431 bytes
-
ComboFix 12-07-05.02 - Carl 05-07-2012 16:16:25.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6142.4699 [GMT 2:00] Gestart vanuit: c:\users\Carl\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\DealPly c:\program files (x86)\DealPly\DealPly.crx c:\program files (x86)\DealPly\DealPlyUpdate.exe c:\program files (x86)\DealPly\DealPlyUpdate.log c:\program files (x86)\DealPly\DealPlyUpdateRun.exe c:\program files (x86)\DealPly\icon.ico c:\program files (x86)\DealPly\sqlite3.dll c:\program files (x86)\DealPly\uninst.exe c:\program files (x86)\I Want This c:\windows\system32\drivers\etc\hosts.ics . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-05 to 2012-07-05 )))))))))))))))))))))))))))))) . . 2012-07-04 10:03 . 2012-05-29 15:28 34656 ----a-w- c:\windows\system32\TURegOpt.exe 2012-07-04 10:03 . 2012-05-29 15:27 25952 ----a-w- c:\windows\system32\authuitu.dll 2012-07-04 10:03 . 2012-05-29 15:27 21344 ----a-w- c:\windows\SysWow64\authuitu.dll 2012-07-04 10:02 . 2012-07-04 10:02 -------- d-----w- c:\users\Carl\AppData\Roaming\TuneUp Software 2012-07-04 10:02 . 2012-07-04 10:03 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2012 2012-07-04 10:02 . 2012-07-04 10:04 -------- d-----w- c:\programdata\TuneUp Software 2012-07-04 10:01 . 2012-07-04 10:01 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936} 2012-07-04 10:01 . 2012-07-04 10:01 -------- d--h--w- c:\programdata\Common Files 2012-07-03 17:46 . 2012-07-03 17:46 -------- d-----w- c:\programdata\3432E 2012-06-15 19:15 . 2012-07-04 09:31 -------- d-----w- c:\program files\CCleaner 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\ca-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\eu-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\SysWow64\vi-VN 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\eu-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\ca-ES 2012-06-15 18:59 . 2012-06-15 18:59 -------- d-----w- c:\windows\system32\vi-VN 2012-06-15 18:53 . 2012-06-15 18:53 -------- d-----w- c:\windows\system32\SPReview 2012-06-15 18:32 . 2009-04-10 22:11 946688 ----a-w- c:\windows\system32\scavenge.dll 2012-06-15 18:32 . 2009-04-10 22:10 56320 ----a-w- c:\windows\system32\compcln.exe 2012-06-15 18:30 . 2009-04-28 11:14 3584 ----a-w- c:\windows\system32\drivers\nl-NL\hdaudbus.sys.mui 2012-06-15 18:29 . 2009-04-28 11:12 8704 ----a-w- c:\windows\system32\drivers\nl-NL\bthport.sys.mui 2012-06-15 18:24 . 2009-04-10 22:11 88576 ----a-w- c:\windows\system32\iassvcs.dll 2012-06-15 18:20 . 2012-06-15 18:20 -------- d-----w- c:\windows\system32\EventProviders 2012-06-15 18:18 . 2012-06-15 19:02 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003 2012-06-15 11:01 . 2012-06-15 11:01 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-15 10:12 . 2012-06-15 10:12 388096 ----a-r- c:\users\Carl\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-06-15 10:12 . 2012-06-15 10:12 -------- d-----w- c:\program files (x86)\Trend Micro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-25 68856] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PCMMediaSharing"="c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SmartCopy.lnk - c:\program files (x86)\Northstar\SmartCopy\SmartCopy.exe [2010-11-25 319488] SmartLauncher.lnk - c:\program files (x86)\Northstar\SmartLauncher\SmartLauncher.exe [2010-11-25 339968] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" . S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448] . . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Inhoud van de 'Gedeelde Taken' map . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 19:41] . 2012-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 19:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-08-18 333344] "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264] "Skytel"="Skytel.exe" [2008-09-18 1833504] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-09 15941152] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=1110&m=aspire_m7711 mLocal Page = %SystemRoot%\system32\blank.htm TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run-SearchSettings - c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe SafeBoot-mcmscsvc SafeBoot-MCODS HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,2a,11,40,94,3a, 52,1d,0d,e2,63,26,f1,3f,c8,ff,68,be,85,04,24,cc,59,08,42,e2,63,26,f1,3f,c8,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,06,96,0a,19,46, 43,cd,e2,6a,9c,d6,61,af,45,84,18,b2,2a,e8,f5,ba,ca,00,1a,6a,9c,d6,61,af,45,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,c0,e0,06,d6,ba, 13,7f,8a,ff,7c,85,e0,43,d4,0e,fe,2d,de,f7,6c,66,04,52,92,ff,7c,85,e0,43,d4,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,5b,65,52,cc,35, 19,98,88,86,8c,21,01,be,91,eb,e7,6c,71,a5,6b,0c,aa,67,07,86,8c,21,01,be,91,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,bf,b9,93,85,0d, 0a,f2,5c,f5,1d,4d,73,a8,13,5c,05,b4,7d,f0,5b,7e,12,8f,7f,f5,1d,4d,73,a8,13,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,5e,f8,c5,cb,3e, 1a,f6,7c,df,20,58,62,78,6b,cf,c8,d0,eb,f6,51,85,0f,38,b7,df,20,58,62,78,6b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,45,f9,3f,5c,07, 53,50,1a,fb,a7,78,e6,12,2f,9a,ea,ad,d2,e1,d0,1b,bb,7c,46,fb,a7,78,e6,12,2f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @SACL= @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @SACL= @="ShockwaveFlash.ShockwaveFlash.9" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @SACL= @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @SACL= @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @SACL= @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @SACL= @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable] @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @SACL= @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @SACL= @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @SACL= @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @SACL= @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] @SACL= "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @SACL= @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @SACL= @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,18,f1,a7,8a,1b, 02,2a,2a,01,3a,48,fc,e8,04,4a,f1,d0,cd,e1,3e,fa,99,b1,31,01,3a,48,fc,e8,04,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,f0,b9,60,2e,cb, 26,3b,f8,f6,0f,4e,58,98,5b,89,c9,b6,4f,49,85,24,74,c2,5f,f6,0f,4e,58,98,5b,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,9c,e4,23,45,21, aa,e4,1f,3d,ce,ea,26,2d,45,aa,78,31,71,bf,d1,d4,97,32,b7,3d,ce,ea,26,2d,45,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,8f,fa,bf,1a,79, 3e,c8,ad,2a,b7,cc,b5,b9,7f,41,e7,d3,9b,28,28,a8,7c,fe,b9,2a,b7,cc,b5,b9,7f,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\Windows\\SysWow64\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,c3,54,0f,90,ff, 7e,b8,53,6c,43,2d,1e,aa,22,2f,9c,04,88,f9,1f,08,21,9c,10,6c,43,2d,1e,aa,22,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @SACL= @="IFlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @SACL= @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @SACL= @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) @SACL= . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @SACL= @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @SACL= @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @SACL= @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*¶O] "3140110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2012-07-05 16:28:39 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-05 14:28 . Pre-Run: 200.266.366.976 bytes beschikbaar Post-Run: 200.170.815.488 bytes beschikbaar . - - End Of File - - 4127956CD92D19168650402BC3CF0039
-
De map is verwijderd. Als ik Hijackthis draai, dan staat O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" er nog tussen. Ik krijg hem met Fix checked ook niet weg. Ik denk dat hij erg aan mij gehecht is geraakt....... xD
-
Als ik op de map ga staan en rechts klik ga ik naar Eigenschappen. Dan krijg ik de tabbladen: Algemeen, Delen, Beveiliging, Aanpassen. Kenmerk (ik weet niet of je er iets aan hebt) is: Alleen lezen
