Ga naar inhoud

Vasthangen Pc, Hijackthis werkt niet

seane
 Delen

Aanbevolen berichten

seane Vaste Klant

seane

Geplaatst:
Geplaatst:

Beste,

Enkele maanden geleden heb ik op dit forum gepost dat mijn pc bleef vasthangen. Dankzij jullie hulp heb ik dit kunnen oplossen. Nu zit ik terug met hetzelfde probleem, ik heb geen idee waarom dit blijft terug keren.. Ik heb willen scannen met Hijackthis, maar ik krijg een melding van het programma: For some reason your system denied write access to the Hosts file... kunnen jullie mij helpen?

Link naar reactie
Delen op andere sites
  • Reacties 51
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Asus Grootmeester

Asus

Geplaatst:
Geplaatst:

Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Dit (klik er op) filmpje kan je helpen om een hijackthis logje te plaatsen.

Link naar reactie
Delen op andere sites
seane Vaste Klant

seane

Geplaatst:
  • Auteur
Geplaatst:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 6:18:11, on 10/06/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKUS\S-1-5-21-878373364-221360020-1949420119-1005\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-878373364-221360020-1949420119-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9899 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites
seane Vaste Klant

seane

Geplaatst:
  • Auteur
Geplaatst:

Malwarebytes' Anti-Malware 1.51.0.1200

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: 6824

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

10/06/2011 12:54:56

mbam-log-2011-06-10 (12-54-56).txt

Scan type: Quick scan

Objects scanned: 209280

Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:56:42, on 10/06/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telenet.be

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKUS\S-1-5-21-878373364-221360020-1949420119-1005\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-878373364-221360020-1949420119-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe

O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)

O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe

O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Software Protection (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9870 bytes

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Malware lijkt niet echt de oorzaak te zijn. Toch nog even - voor alle zekerheid - een extra scan :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites
seane Vaste Klant

seane

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-06-10.09 - Sean 11/06/2011 7:39.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.3966.2532 [GMT 2:00]

Gestart vanuit: c:\users\Sean\Desktop\ComboFix.exe

AV: ESET Smart Security 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

SP: ESET Smart Security 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-05-11 to 2011-06-11 ))))))))))))))))))))))))))))))

.

.

2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\TEMP.IIS APPPOOL\AppData\Local\temp

2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\Public\AppData\Local\temp

2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2011-06-11 05:44 . 2011-06-11 05:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-10 04:16 . 2011-06-10 04:16 388096 ----a-r- c:\users\Sean\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-08 14:26 . 2011-06-08 14:26 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-06-05 09:12 . 2011-06-05 09:12 -------- d-----w- c:\users\Sean\AppData\Local\{C5C3EC0F-FFA3-46DF-A5A3-7B02390D49E7}

2011-06-02 09:44 . 2011-06-02 10:32 -------- d-----w- C:\found.000

2011-05-28 09:09 . 2011-04-14 16:57 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll

2011-05-28 09:09 . 2011-04-14 16:57 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll

2011-05-28 09:09 . 2011-04-14 16:57 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll

2011-05-28 09:09 . 2011-04-14 16:57 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll

2011-05-28 09:09 . 2011-04-14 16:57 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll

2011-05-28 09:09 . 2011-04-14 16:57 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-05-28 09:09 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll

2011-05-28 09:09 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll

2011-05-27 04:11 . 2011-05-16 20:55 74272 ----a-w- c:\windows\system32\RtNicProp64.dll

2011-05-27 04:11 . 2011-05-16 20:55 533096 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2011-05-27 03:58 . 2011-06-08 14:31 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-27 03:44 . 2011-05-27 03:44 -------- d-----w- C:\Diskeeper

2011-05-26 10:51 . 2011-05-26 10:51 -------- d-----w- c:\program files (x86)\Microsoft XNA

2011-05-26 10:46 . 2010-09-17 10:35 105816 ----a-w- c:\windows\system32\SQSRVRES.DLL

2011-05-26 10:46 . 2010-09-17 10:33 108376 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll

2011-05-26 10:46 . 2010-09-17 08:16 72536 ----a-w- c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.2.4000.0.dll

2011-05-26 10:45 . 2011-05-26 10:45 -------- d-----w- c:\program files\Microsoft.NET

2011-05-26 10:37 . 2009-07-22 08:17 78872 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

2011-05-26 10:37 . 2009-07-22 08:17 50200 ----a-w- c:\windows\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll

2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\windows\system32\RsFx

2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0

2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\windows\SysWow64\1033

2011-05-26 10:36 . 2011-05-26 10:36 -------- d-----w- c:\windows\system32\1033

2011-05-26 10:34 . 2011-05-26 10:44 -------- d-----w- c:\program files\Microsoft SQL Server

2011-05-26 10:32 . 2011-05-26 10:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server

2011-05-26 10:32 . 2011-05-26 10:32 -------- d-----w- c:\program files\Microsoft Synchronization Services

2011-05-26 10:32 . 2011-05-26 10:32 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2011-05-26 10:32 . 2011-05-26 10:32 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2011-05-26 10:32 . 2011-05-26 10:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2011-05-26 10:31 . 2011-05-26 10:39 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll

2011-05-26 10:30 . 2011-05-26 10:39 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0

2011-05-26 10:30 . 2011-05-26 10:30 -------- d-----w- c:\windows\symbols

2011-05-26 10:30 . 2011-05-26 10:30 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0

2011-05-26 10:30 . 2011-05-26 10:30 -------- d-----w- c:\program files\Microsoft Help Viewer

2011-05-26 10:30 . 2011-05-26 10:30 -------- d-----w- c:\program files (x86)\Microsoft SDKs

2011-05-25 12:53 . 2011-02-14 01:04 44624 ----a-w- c:\windows\system32\drivers\DKRtWrt.sys

2011-05-25 12:53 . 2011-05-25 12:53 -------- d-----w- c:\programdata\Diskeeper Corporation

2011-05-25 12:53 . 2011-05-25 12:53 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation

2011-05-25 12:44 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-08 14:32 . 2010-05-21 12:11 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-08 14:25 . 2010-04-18 07:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-05-29 07:11 . 2010-02-10 13:46 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 07:11 . 2010-02-10 13:46 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-16 20:55 . 2009-12-03 08:27 107552 ----a-w- c:\windows\system32\RTNUninst64.dll

2011-05-03 14:33 . 2011-05-11 14:05 2854504 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2011-05-02 16:03 . 2011-05-11 14:05 88680 ----a-w- c:\windows\system32\RCoInst64.dll

2011-05-02 13:28 . 2011-05-11 14:05 1004544 ----a-w- c:\windows\system32\RCoRes64.dat

2011-04-27 12:50 . 2011-04-27 12:50 14848 ----a-w- c:\windows\system32\slwga.dll

2011-04-27 12:50 . 2011-02-23 13:25 13824 ----a-w- c:\windows\SysWow64\slwga.dll

2011-04-27 12:50 . 2010-11-17 12:43 419840 ----a-w- c:\windows\system32\systemcpl.dll

2011-04-27 12:44 . 2010-02-22 17:08 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2011-04-20 12:34 . 2011-05-11 14:05 3049064 ----a-w- c:\windows\system32\RtkAPO64.dll

2011-04-20 12:34 . 2011-05-11 14:05 2393192 ----a-w- c:\windows\system32\RtPgEx64.dll

2011-04-18 16:50 . 2011-05-11 14:05 2601816 ----a-w- c:\windows\system32\WavesGUILib.dll

2011-04-18 16:50 . 2011-05-11 14:05 2238296 ----a-w- c:\windows\system32\MaxxAudioRealtek.dll

2011-04-09 16:55 . 2011-04-09 16:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll

2011-04-09 16:55 . 2011-04-09 16:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll

2011-04-09 07:02 . 2011-05-11 13:35 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-11 13:35 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 13:35 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 13:35 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-11 13:35 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

2011-04-08 05:14 . 2011-05-05 11:14 8411752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2011-04-08 05:14 . 2011-05-05 11:14 6974056 ----a-w- c:\windows\system32\nvcuda.dll

2011-04-08 05:14 . 2011-05-05 11:14 67176 ----a-w- c:\windows\system32\OpenCL.dll

2011-04-08 05:14 . 2011-05-05 11:14 6299752 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2011-04-08 05:14 . 2011-05-05 11:14 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll

2011-04-08 05:14 . 2011-05-05 11:14 5183080 ----a-w- c:\windows\SysWow64\nvcuda.dll

2011-04-08 05:14 . 2011-05-05 11:14 2893416 ----a-w- c:\windows\system32\nvcuvid.dll

2011-04-08 05:14 . 2011-05-05 11:14 2765928 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2011-04-08 05:14 . 2011-05-05 11:14 2204264 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-04-08 05:14 . 2011-05-05 11:14 2074216 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2011-04-08 05:14 . 2011-05-05 11:14 20700264 ----a-w- c:\windows\system32\nvoglv64.dll

2011-04-08 05:14 . 2011-05-05 11:14 1619048 ----a-w- c:\windows\system32\nvdispco6420140.dll

2011-04-08 05:14 . 2011-05-05 11:14 15227496 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2011-04-08 05:14 . 2011-05-05 11:14 1404008 ----a-w- c:\windows\system32\nvgenco642060.dll

2011-04-08 05:14 . 2011-05-05 11:14 13262184 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2011-04-08 05:14 . 2011-05-05 11:14 12934248 ----a-w- c:\windows\system32\nvd3dumx.dll

2011-04-08 05:14 . 2011-05-05 11:14 10071656 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2011-04-08 05:14 . 2011-05-05 11:14 2273896 ----a-w- c:\windows\system32\nvapi64.dll

2011-04-08 05:14 . 2011-05-05 11:14 2034280 ----a-w- c:\windows\SysWow64\nvapi.dll

2011-04-08 05:14 . 2011-05-05 11:14 18578536 ----a-w- c:\windows\system32\nvcompiler.dll

2011-04-08 05:14 . 2011-05-05 11:14 13007464 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2011-04-07 21:19 . 2011-04-07 21:19 2582120 ----a-w- c:\windows\system32\nvsvcr.dll

2011-04-07 21:19 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll

2011-04-07 21:19 . 2011-04-07 21:19 1012328 ----a-w- c:\windows\system32\nvvsvc.exe

2011-04-07 21:19 . 2011-04-07 21:19 797288 ----a-w- c:\windows\system32\easyUpdatusAPIU64.dll

2011-04-07 21:19 . 2011-04-07 21:19 6338152 ----a-w- c:\windows\system32\nvcpl.dll

2011-04-07 21:18 . 2011-04-07 21:18 3041384 ----a-w- c:\windows\system32\nvsvc64.dll

2011-04-06 14:26 . 2011-04-06 14:26 96544 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 14:26 . 2011-04-06 14:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 14:26 . 2011-04-06 14:26 237856 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 14:26 . 2011-04-06 14:26 119584 ----a-w- c:\windows\system32\dns-sd.exe

2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll

2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe

2011-04-06 12:16 . 2011-04-06 12:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-04-06 12:16 . 2011-04-06 12:16 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll

2011-04-06 12:16 . 2011-04-06 12:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-04-06 12:16 . 2011-04-06 12:16 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-04-06 12:16 . 2011-04-06 12:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-04-06 12:16 . 2011-04-06 12:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-04-06 12:16 . 2011-04-06 12:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-04-06 12:16 . 2011-04-06 12:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-04-06 12:16 . 2011-04-06 12:16 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-04-06 12:16 . 2011-04-06 12:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-04-06 12:16 . 2011-04-06 12:16 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-04-06 12:16 . 2011-04-06 12:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-04-06 12:16 . 2011-04-06 12:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-04-06 12:16 . 2011-04-06 12:16 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-04-06 12:16 . 2011-04-06 12:16 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-04-06 12:16 . 2011-04-06 12:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-04-06 12:16 . 2011-04-06 12:16 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-04-06 12:16 . 2011-04-06 12:16 448512 ----a-w- c:\windows\system32\html.iec

2011-04-06 12:16 . 2011-04-06 12:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-04-06 12:16 . 2011-04-06 12:16 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-04-06 12:16 . 2011-04-06 12:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-04-06 12:16 . 2011-04-06 12:16 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-06 12:16 . 2011-04-06 12:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-04-06 12:16 . 2011-04-06 12:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-04-06 12:16 . 2011-04-06 12:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-04-06 12:16 . 2011-04-06 12:16 2303488 ----a-w- c:\windows\system32\jscript9.dll

2011-04-06 12:16 . 2011-04-06 12:16 222208 ----a-w- c:\windows\system32\msls31.dll

2011-04-06 12:16 . 2011-04-06 12:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-04-06 12:16 . 2011-04-06 12:16 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-04-06 12:16 . 2011-04-06 12:16 160256 ----a-w- c:\windows\system32\wextract.exe

2011-04-06 12:16 . 2011-04-06 12:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-04-06 12:16 . 2011-04-06 12:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-04-06 12:16 . 2011-04-06 12:16 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-06 12:16 . 2011-04-06 12:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-04-06 12:16 . 2011-04-06 12:16 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-04-06 12:16 . 2011-04-06 12:16 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-04-06 12:16 . 2011-04-06 12:16 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-04-06 12:16 . 2011-04-06 12:16 12288 ----a-w- c:\windows\system32\mshta.exe

2011-04-06 12:16 . 2011-04-06 12:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-04-06 12:16 . 2011-04-06 12:16 114176 ----a-w- c:\windows\system32\admparse.dll

2011-04-06 12:16 . 2011-04-06 12:16 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-04-06 12:16 . 2011-04-06 12:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-06-07_15.11.59 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-10 13:59 . 2011-06-08 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2010-02-10 13:59 . 2011-06-02 10:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 04:54 . 2011-06-02 10:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-06-08 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-06-08 14:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-06-02 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-06-02 10:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-08 14:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-02-05 21:40 . 2011-06-11 05:47 72602 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-06-11 05:47 35320 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-06-07 15:00 35320 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-02-05 21:14 . 2011-06-11 05:47 19274 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-878373364-221360020-1949420119-1000_UserData.bin

+ 2010-02-05 17:03 . 2011-06-10 04:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-02-05 17:03 . 2011-06-07 14:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-08 17:24 . 2011-06-10 04:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-08 17:24 . 2011-06-07 14:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-06-07 14:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-10 04:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-06-07 13:51 . 2011-06-07 14:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-11 05:45 . 2011-06-11 05:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-11 05:45 . 2011-06-11 05:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-06-07 13:51 . 2011-06-07 14:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-06-08 14:22 . 2011-06-08 14:22 238040 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_Plugin.exe

+ 2011-06-08 14:31 . 2011-06-08 14:31 240288 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe

+ 2011-06-08 14:31 . 2011-06-08 14:31 321184 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.dll

+ 2011-02-18 09:05 . 2011-06-08 14:25 157472 c:\windows\SysWOW64\javaws.exe

- 2011-02-18 09:05 . 2011-02-02 20:40 157472 c:\windows\SysWOW64\javaws.exe

- 2011-02-18 09:05 . 2011-02-02 20:40 145184 c:\windows\SysWOW64\javaw.exe

+ 2011-02-18 09:05 . 2011-06-08 14:25 145184 c:\windows\SysWOW64\javaw.exe

+ 2011-02-18 09:05 . 2011-06-08 14:25 145184 c:\windows\SysWOW64\java.exe

- 2011-02-18 09:05 . 2011-02-02 20:40 145184 c:\windows\SysWOW64\java.exe

+ 2011-06-08 14:32 . 2011-06-08 14:32 190752 c:\windows\system32\javaws.exe

+ 2011-06-08 14:32 . 2011-06-08 14:32 171808 c:\windows\system32\javaw.exe

- 2011-02-23 16:40 . 2011-02-23 16:40 171808 c:\windows\system32\javaw.exe

+ 2011-06-08 14:32 . 2011-06-08 14:32 171808 c:\windows\system32\java.exe

- 2011-02-23 16:40 . 2011-02-23 16:40 171808 c:\windows\system32\java.exe

- 2009-07-14 05:12 . 2011-06-07 14:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2011-06-11 05:18 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2011-06-06 20:02 534476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-06-11 05:44 534476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-08 14:31 . 2011-06-08 14:31 683520 c:\windows\Installer\1e6c12.msi

+ 2011-06-08 14:26 . 2011-06-08 14:26 207360 c:\windows\Installer\1e69b0.msi

+ 2011-06-08 14:24 . 2011-06-08 14:24 681984 c:\windows\Installer\1e69a0.msi

+ 2010-11-06 11:18 . 2011-06-08 14:22 6271136 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

- 2010-11-06 11:18 . 2011-05-27 03:58 6271136 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

+ 2010-09-02 18:24 . 2011-06-08 20:14 2829212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-878373364-221360020-1949420119-1000-12288.dat

+ 2011-06-09 10:21 . 2011-06-09 10:21 1402880 c:\windows\Installer\440be.msi

+ 2010-09-02 18:24 . 2011-06-11 05:44 17796620 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-878373364-221360020-1949420119-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 136176]

R3 cpuz130;cpuz130;c:\users\Sean\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-02-20 21712]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 136176]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-02-22 19952]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [x]

R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [x]

R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [x]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [x]

R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [x]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [x]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [x]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 TVICHW64;TVICHW64;c:\windows\SysWOW64\Drivers\TVICHW64.SYS [2010-02-23 13824]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 EmmaDevMgmtSvc;Emma Device Management;c:\program files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe [2010-02-25 403064]

R4 EmmaUpdMgmtSvc;Emma Update Management;c:\program files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe [2010-02-25 193656]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 OMSI download service;Sony Ericsson OMSI download service;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2011-03-04 90112]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2010-05-02 90112]

S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x64.sys [x]

S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [x]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2010-03-24 810120]

S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]

S2 nlscc;Nalpeiron X64 Service;c:\windows\system32\nlsInterface.exe [x]

S2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2009-07-19 4908576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 11:08]

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-16 11:08]

.

2011-06-10 c:\windows\Tasks\ParetoLogic Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-03-24 2839840]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.telenet.be

mLocal Page = c:\windows\SysWOW64\blank.htm

mWindow Title = Telenet Internet

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 195.130.131.130 195.130.130.2

FF - ProfilePath - c:\users\Sean\AppData\Roaming\Mozilla\Firefox\Profiles\kitkbdgd.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-878373364-221360020-1949420119-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:ef,c8,25,91,65,aa,b1,60,35,9a,57,88,cc,9d,7f,de,38,cc,bd,fb,4c,cc,1e,

60,0f,08,d2,28,f1,54,79,ae,f6,47,f3,2b,81,db,32,3b,f5,2f,82,84,45,40,19,e8,\

"??"=hex:e6,9b,7f,3e,70,7d,98,f1,99,72,a6,3d,91,3e,6e,a7

.

[HKEY_USERS\S-1-5-21-878373364-221360020-1949420119-1000\Software\SecuROM\License information*]

"datasecu"=hex:0c,db,38,93,9d,50,61,55,61,4d,da,cc,88,cd,62,d5,99,ec,13,78,a6,

59,94,16,1c,ae,01,69,54,99,a1,54,a2,15,19,0f,46,47,27,8d,2e,ea,84,0a,b6,26,\

"rkeysecu"=hex:eb,92,57,0e,48,2b,bc,8f,f3,e1,ba,72,f1,2f,32,25

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\astsrv.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\windows\SysWOW64\nlssrv32.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Voltooingstijd: 2011-06-11 07:50:20 - machine werd herstart

ComboFix-quarantined-files.txt 2011-06-11 05:50

ComboFix2.txt 2011-06-07 15:13

.

Pre-Run: 202.433.515.520 bytes beschikbaar

Post-Run: 202.355.744.768 bytes beschikbaar

.

- - End Of File - - A48130AE6E5ED2562D50A57E6743E5ED

Link naar reactie
Delen op andere sites
Gast
Dit topic is nu gesloten voor nieuwe reacties.
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.