Ga naar inhoud

Programma's reageren niet of starten niet op

Pucky

Door Pucky
in Archief Windows Algemeen

 Delen

Aanbevolen berichten

kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\user.js

Folder::

c:\users\Luc\AppData\Roaming\Babylon

c:\users\Luc\AppData\Local\Babylon

c:\programdata\Babylon

c:\program files (x86)\Ask.com

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht, samen met de link van Speccy.

Link naar reactie
Delen op andere sites
Pucky Groentje

Pucky

Geplaatst:
  • Auteur
Geplaatst: (aangepast)

Dit zijn mijn nieuwe combofix-log en speccy-link :

http://speccy.piriform.com/results/CVvgmbm07HpKBqWCxEmuZrN

ComboFix 12-01-18.04 - Luc 19/01/2012 23:11:57.3.8 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.8187.7259 [GMT 1:00]

Gestart vanuit: c:\users\Luc\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Luc\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"C:\user.js"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Babylon

C:\user.js

c:\users\Luc\AppData\Local\Babylon

c:\users\Luc\AppData\Local\Babylon\Setup\bab033.tbinst.dat

c:\users\Luc\AppData\Local\Babylon\Setup\bab091.norecovericon.dat

c:\users\Luc\AppData\Local\Babylon\Setup\Babylon.dat

c:\users\Luc\AppData\Local\Babylon\Setup\BExternal.dll

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\cmbx.png

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\common.js

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\eula.html

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\lngs.png

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page1.css

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page1.html

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page1.js

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page1Lrg.css

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page2.css

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page2.html

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page2.js

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\page9.html

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\title1.png

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\title2.png

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg

c:\users\Luc\AppData\Local\Babylon\Setup\HtmlScreens\vIcn.png

c:\users\Luc\AppData\Local\Babylon\Setup\IECookieLow.dll

c:\users\Luc\AppData\Local\Babylon\Setup\Setup-tbmntr903-9.0.3.34.zpb

c:\users\Luc\AppData\Local\Babylon\Setup\Setup.exe

c:\users\Luc\AppData\Local\Babylon\Setup\SetupStrings.dat

c:\users\Luc\AppData\Local\Babylon\Setup\sqlite3.dll

c:\users\Luc\AppData\Roaming\Babylon

c:\users\Luc\AppData\Roaming\Babylon\log_file.txt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-19 to 2012-01-19 ))))))))))))))))))))))))))))))

.

.

2012-01-19 22:17 . 2012-01-19 22:17 -------- d-----w- c:\users\Tim\AppData\Local\temp

2012-01-19 22:17 . 2012-01-19 22:17 -------- d-----w- c:\users\Jonas\AppData\Local\temp

2012-01-19 22:17 . 2012-01-19 22:17 -------- d-----w- c:\users\Greet\AppData\Local\temp

2012-01-19 22:17 . 2012-01-19 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-17 19:48 . 2012-01-17 19:48 -------- d-----w- c:\users\Luc\AppData\Roaming\Malwarebytes

2012-01-17 19:48 . 2012-01-17 19:48 -------- d-----w- c:\programdata\Malwarebytes

2012-01-17 19:48 . 2012-01-17 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-17 19:48 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-16 21:09 . 2012-01-16 21:10 -------- d-----w- C:\Hijackthis

2012-01-16 20:32 . 2012-01-16 20:32 -------- d-----w- c:\program files\Speccy

2012-01-13 23:32 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C67C6ED0-6574-4C48-8AF0-BC69B6EE36B5}\mpengine.dll

2012-01-13 22:15 . 2012-01-13 22:24 -------- d-----w- c:\program files\CCleaner

2012-01-11 13:27 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 13:27 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 13:27 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 13:27 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 13:27 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 13:27 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 13:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 13:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-08 10:51 . 2012-01-17 17:20 -------- d-----w- c:\users\Tim\AppData\Local\Spotify

2012-01-08 10:51 . 2012-01-17 17:20 -------- d-----w- c:\users\Tim\AppData\Roaming\Spotify

2012-01-08 10:50 . 2012-01-08 10:50 -------- d-----w- c:\users\Tim\AppData\Local\Apps

2012-01-08 10:50 . 2012-01-08 10:51 -------- d-----w- c:\users\Tim\AppData\Local\Deployment

2012-01-02 11:08 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-01-02 11:08 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll

2011-12-29 15:07 . 2011-12-29 15:07 -------- d-----w- c:\users\Luc\AppData\Roaming\Azureus

2011-12-29 15:06 . 2011-12-29 15:07 -------- d-----w- c:\users\Luc\FrostWire

2011-12-29 15:06 . 2011-12-29 15:58 -------- d-----w- c:\users\Luc\.frostwire5

2011-12-29 15:05 . 2011-12-29 15:58 -------- d-----w- c:\program files (x86)\FrostWire 5

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 18:01 . 2011-06-04 15:53 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-06-04 15:53 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-06-04 15:53 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-06-04 15:53 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-06-04 15:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-06-04 15:53 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-06-04 15:53 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-06-04 15:53 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-06-04 15:53 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-24 04:52 . 2011-12-14 17:54 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-23 20:35 . 2011-11-23 20:35 51496 ----a-w- c:\windows\system32\drivers\stflt.sys

2011-11-14 19:49 . 2011-07-19 18:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:41 . 2011-12-14 17:54 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-14 17:53 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 17:54 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-14 17:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-14 17:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-14 17:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 17:54 43520 ----a-w- c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-01-18_20.58.09 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-01-18 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-19 22:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-19 22:01 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-18 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-20 21:24 . 2012-01-19 22:02 59874 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-19 22:02 36152 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-10-12 15:47 . 2012-01-19 20:11 13938 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1055247618-4206178842-2112393095-1003_UserData.bin

+ 2010-05-20 21:24 . 2012-01-19 22:02 17746 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1055247618-4206178842-2112393095-1001_UserData.bin

+ 2010-05-02 18:46 . 2012-01-19 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-02 18:46 . 2012-01-18 20:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-02 18:46 . 2012-01-19 22:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-02 18:46 . 2012-01-18 20:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-18 20:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-19 22:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-02 21:00 . 2012-01-19 20:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-02 21:00 . 2012-01-19 20:09 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-02 21:00 . 2012-01-19 20:09 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-02 21:00 . 2012-01-18 22:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-02 21:00 . 2012-01-18 22:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-06-18 22:56 . 2012-01-18 21:08 3828 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-01-18 20:57 . 2012-01-18 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-19 22:18 . 2012-01-19 22:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-19 22:18 . 2012-01-19 22:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-18 20:57 . 2012-01-18 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 04:54 . 2012-01-18 20:46 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-19 22:01 376832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 05:12 . 2012-01-19 22:01 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2012-01-18 20:58 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2012-01-19 22:03 398364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-01-18 20:56 398364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-05 18:56 . 2012-01-19 20:11 2862468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1055247618-4206178842-2112393095-1003-8192.dat

- 2010-11-05 18:56 . 2012-01-11 20:38 2862468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1055247618-4206178842-2112393095-1003-8192.dat

+ 2010-11-02 00:09 . 2012-01-18 22:47 3569644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1055247618-4206178842-2112393095-1001-8192.dat

- 2010-11-02 00:09 . 2012-01-17 20:04 3569644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1055247618-4206178842-2112393095-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-28 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

R2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-22 1148632]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 08:29]

.

2012-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 08:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]

2011-06-01 20:44 1793432 ----a-w- c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-11-22 3621040]

"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-22 2779824]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig?hl=nl

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Luc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Luc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.2 195.130.130.130

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-01-19 23:22:29 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-19 22:22

ComboFix.txt 2012-01-18 21:06

ComboFix2.txt 2012-01-18 21:02

ComboFix3.txt 2012-01-18 20:35

.

Pre-Run: 411.565.645.824 bytes beschikbaar

Post-Run: 411.468.972.032 bytes beschikbaar

.

- - End Of File - - CD6B387111FC7C31F92F59D20411E507

aangepast door Pucky
Link naar reactie
Delen op andere sites
Pucky Groentje

Pucky

Geplaatst:
  • Auteur
Geplaatst:

Mijn logje is van Combofix in veilige modus. Kan dit een verschil geven als Combofix in normale modus zou gestart zijn?

Mijn Speccy-logje is trouwens ook het oorspronkelijk logje van mijn startpost want in normale modus krijg ik Speccy niet meer opgestart en in veilige modus krijg ik bij verschillende onderdelen de melding "kan SPC DLL niet initialiseren".

Ik heb trouwens gemerkt dat in normale modus in de bureaublad-icoontjes van zowel Combofix, Speccy als Antimalwarebytes een schildje zit verwerkt, terwijl dat in veilige modus niet het geval is.... 'k weet niet wat dit eigenlijk juist betekent...

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Combofix in veilige modus kan volstaan. Dit mag je er nog even mee uitvoeren :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Om een nieuw logje van Speccy aan te maken, kan je best de huidige versie verwijderen én een nieuwe versie downloaden. Dan zou meteen de foutmelding moeten ophouden en kan je een actueel log plaatsen.

Link naar reactie
Delen op andere sites
Pucky Groentje

Pucky

Geplaatst:
  • Auteur
Geplaatst:

Ik heb Speccy verwijderd en opnieuw geïnstalleerd. Ik krijg in het overzicht nog steeds verschillende keren (processor, Ram, Graphics,...) melding "kan SPC DLL niet initialiseren", maar dit is misschien niet belangrijk.

Dit zijn mijn nieuwe logjes :

http://speccy.piriform.com/results/DYK1lq2Fc1ZLcGvy1YoagTy

ComboFix 12-01-21.02 - Luc 21/01/2012 21:26:34.4.8 - x64 NETWORK

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.32.1043.18.8187.7379 [GMT 1:00]

Gestart vanuit: c:\users\Luc\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Luc\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-21 to 2012-01-21 ))))))))))))))))))))))))))))))

.

.

2012-01-21 20:32 . 2012-01-21 20:32 -------- d-----w- c:\users\Tim\AppData\Local\temp

2012-01-21 20:32 . 2012-01-21 20:32 -------- d-----w- c:\users\Jonas\AppData\Local\temp

2012-01-21 20:32 . 2012-01-21 20:32 -------- d-----w- c:\users\Greet\AppData\Local\temp

2012-01-21 20:32 . 2012-01-21 20:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-21 18:11 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{377862FB-008F-4350-A328-8ABFFC820433}\mpengine.dll

2012-01-17 19:48 . 2012-01-17 19:48 -------- d-----w- c:\users\Luc\AppData\Roaming\Malwarebytes

2012-01-17 19:48 . 2012-01-17 19:48 -------- d-----w- c:\programdata\Malwarebytes

2012-01-17 19:48 . 2012-01-17 19:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-17 19:48 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-01-16 21:09 . 2012-01-16 21:10 -------- d-----w- C:\Hijackthis

2012-01-13 22:15 . 2012-01-13 22:24 -------- d-----w- c:\program files\CCleaner

2012-01-11 13:27 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll

2012-01-11 13:27 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-01-11 13:27 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll

2012-01-11 13:27 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 13:27 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 13:27 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-01-11 13:27 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll

2012-01-11 13:27 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-01-08 10:51 . 2012-01-17 17:20 -------- d-----w- c:\users\Tim\AppData\Local\Spotify

2012-01-08 10:51 . 2012-01-17 17:20 -------- d-----w- c:\users\Tim\AppData\Roaming\Spotify

2012-01-08 10:50 . 2012-01-08 10:50 -------- d-----w- c:\users\Tim\AppData\Local\Apps

2012-01-08 10:50 . 2012-01-08 10:51 -------- d-----w- c:\users\Tim\AppData\Local\Deployment

2012-01-02 11:08 . 2005-05-26 14:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-01-02 11:08 . 2005-05-26 14:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll

2011-12-29 15:07 . 2011-12-29 15:07 -------- d-----w- c:\users\Luc\AppData\Roaming\Azureus

2011-12-29 15:06 . 2011-12-29 15:07 -------- d-----w- c:\users\Luc\FrostWire

2011-12-29 15:06 . 2011-12-29 15:58 -------- d-----w- c:\users\Luc\.frostwire5

2011-12-29 15:05 . 2011-12-29 15:58 -------- d-----w- c:\program files (x86)\FrostWire 5

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 18:01 . 2011-06-04 15:53 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 18:01 . 2011-06-04 15:53 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2011-11-28 18:01 . 2011-06-04 15:53 256960 ----a-w- c:\windows\system32\aswBoot.exe

2011-11-28 17:54 . 2011-06-04 15:53 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:53 . 2011-06-04 15:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-11-28 17:52 . 2011-06-04 15:53 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-11-28 17:52 . 2011-06-04 15:53 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-11-28 17:52 . 2011-06-04 15:53 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-28 17:51 . 2011-06-04 15:53 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-11-24 04:52 . 2011-12-14 17:54 3145216 ----a-w- c:\windows\system32\win32k.sys

2011-11-23 20:35 . 2011-11-23 20:35 51496 ----a-w- c:\windows\system32\drivers\stflt.sys

2011-11-15 13:29 . 2010-05-02 19:08 270720 ------w- c:\windows\system32\MpSigStub.exe

2011-11-14 19:49 . 2011-07-19 18:18 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-05 05:41 . 2011-12-14 17:54 1188864 ----a-w- c:\windows\system32\wininet.dll

2011-11-05 05:32 . 2011-12-14 17:53 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-05 04:35 . 2011-12-14 17:54 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2011-11-05 04:26 . 2011-12-14 17:53 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-11-05 03:32 . 2011-12-14 17:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-11-05 02:48 . 2011-12-14 17:54 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-10-26 05:21 . 2011-12-14 17:54 43520 ----a-w- c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2012-01-18_20.58.09 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-01-18 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-01-21 18:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-01-18 20:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-21 18:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-20 21:24 . 2012-01-21 09:37 60252 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-21 09:43 36168 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-10-12 15:47 . 2012-01-20 17:50 13954 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1055247618-4206178842-2112393095-1003_UserData.bin

+ 2010-05-20 21:24 . 2012-01-21 09:37 17754 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1055247618-4206178842-2112393095-1001_UserData.bin

- 2010-05-02 18:46 . 2012-01-18 20:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-02 18:46 . 2012-01-21 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-05-02 18:46 . 2012-01-18 20:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-02 18:46 . 2012-01-21 18:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-01-18 20:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-01-21 18:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-02 21:00 . 2012-01-21 18:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-02 21:00 . 2012-01-21 18:08 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-05-02 21:00 . 2012-01-21 18:08 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-02 21:00 . 2012-01-21 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-05-02 21:00 . 2012-01-21 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-05-02 21:00 . 2012-01-18 20:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-06-18 22:56 . 2012-01-18 21:08 3828 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2012-01-18 20:57 . 2012-01-18 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-21 20:33 . 2012-01-21 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-01-21 20:33 . 2012-01-21 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-01-18 20:57 . 2012-01-18 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-01-21 18:07 393216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 05:12 . 2012-01-21 18:08 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:12 . 2012-01-18 20:58 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 05:01 . 2012-01-18 20:56 398364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-21 18:12 398364 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-11-05 18:56 . 2012-01-20 17:51 2862468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1055247618-4206178842-2112393095-1003-8192.dat

- 2010-11-05 18:56 . 2012-01-11 20:38 2862468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1055247618-4206178842-2112393095-1003-8192.dat

+ 2010-11-02 00:09 . 2012-01-18 22:47 3569644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1055247618-4206178842-2112393095-1001-8192.dat

- 2010-11-02 00:09 . 2012-01-17 20:04 3569644 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1055247618-4206178842-2112393095-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-28 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

R2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2011-11-22 1148632]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 08:29]

.

2012-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-28 08:29]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-11-22 3621040]

"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2011-11-22 2779824]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 2184520]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig?hl=nl

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Free YouTube Download - c:\users\Luc\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Luc\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

TCP: DhcpNameServer = 195.130.131.2 195.130.130.130

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-10 - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-01-21 21:36:57 - machine werd herstart

ComboFix-quarantined-files.txt 2012-01-21 20:36

ComboFix.txt 2012-01-18 21:06

ComboFix2.txt 2012-01-19 22:22

ComboFix3.txt 2012-01-18 21:02

ComboFix4.txt 2012-01-18 20:35

.

Pre-Run: 411.631.382.528 bytes beschikbaar

Post-Run: 411.547.242.496 bytes beschikbaar

.

- - End Of File - - D63339D7AFFF5F49521A8AD9854B75BD

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.