bij op starten pc lang zwart scherm.

[henk253]

Zoals je aan gaf heb ik een test account gemaakt met administrator functie eerst op gestart moest bureaublafd voor bereid worden.

Later alles weer opnieuw op gestart.

Test-window welkom scherm 35sec,fotoscherm met witte snel koppelingen een voor een weer goed 40 sec. klaar

-------

test afgemeld en andere gebruiker henk- welkom 5sec, en beeld en was klaar.

zal zo nog even totaal afsluiten en weer op starten kijken als dat verschil in zit maar hij word beter lijkt het.

henk-welkom 40sec,zwart 5sec,zwart scherm met taakbalk25sec,snelkoppelingen kompleet 2 sec.

30 september 2012 aangepast door henk253

[kape]

OK, dan wachten we even de resultaten af.

[henk253]

het is een poos goed gegaan maar nu weer zwart scherm heb even weer een logje gemaakt kan je er misschien nog even naar kijken als je tijd hebt.

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:10:19, on 8-11-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe

D:\Henk\Desktop\FF bewaren\HijackThis (1).exe

C:\Windows\SysWOW64\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [VolPanel] "c:\program files (x86)\creative\sb x-fi mb\volume panel\volpanlu.exe" /r

O4 - HKLM\..\Run: [CTSyncService] c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe /startrunkey

O4 - HKLM\..\Run: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" msrun

O4 - HKLM\..\Run: [NBAgent] "c:\program files (x86)\nero\nero 10\nero backitup\nbagent.exe" /winstart

O4 - HKLM\..\Run: [VMonitorVMUVC] "c:\program files (x86)\vimicro corporation\vmuvc\vmonitor.exe" vmuvc

O4 - HKCU\..\Run: [Wisdom-soft ScreenHunter 5.1 Free] C:\Program Files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "D:\Henk\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [AlcoholAutomount] "c:\program files (x86)\alcohol soft\alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart (User 'Default user')

O4 - Startup: Mediacontrole Cyber-shot Viewer.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10328 bytes

[kape]

Dit ziet er nog altijd netjes uit ... maak nu ook eens opnieuw een logje met Combofix.

[henk253]

ComboFix 12-11-08.01 - Henk 08-11-2012 21:04:24.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2123 [GMT 1:00]

Gestart vanuit: d:\henk\Desktop\FF bewaren\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-08 to 2012-11-08 ))))))))))))))))))))))))))))))

.

.

2012-11-08 20:11 . 2012-11-08 20:11 -------- d-----w- c:\users\test\AppData\Local\temp

2012-11-08 20:11 . 2012-11-08 20:11 -------- d-----w- c:\users\test henk\AppData\Local\temp

2012-11-08 20:11 . 2012-11-08 20:11 -------- d-----w- c:\users\TEMP.Henk-PC.002\AppData\Local\temp

2012-11-06 14:56 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB5A850E-3C33-4B46-8054-1488DF852E28}\mpengine.dll

2012-10-26 20:15 . 2012-10-26 20:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-10-26 20:15 . 2012-10-26 20:15 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2012-10-26 20:15 . 2012-10-26 20:15 340992 ----a-w- c:\windows\system32\schannel.dll

2012-10-26 20:15 . 2012-10-26 20:15 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-10-26 20:15 . 2012-10-26 20:15 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2012-10-26 20:15 . 2012-10-26 20:15 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-10-26 20:15 . 2012-10-26 20:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-10-26 20:15 . 2012-10-26 20:15 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-10-26 20:15 . 2012-10-26 20:15 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2012-10-10 14:34 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-10 14:39 . 2010-11-15 14:23 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 21:36 . 2012-04-03 13:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 21:36 . 2011-05-20 10:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-29 18:54 . 2010-12-19 18:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 20:32 . 2012-09-25 20:32 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-11 20:37 . 2012-09-11 20:37 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-11 20:37 . 2012-09-11 20:37 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-11 20:36 . 2012-09-11 20:36 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-11 20:36 . 2012-09-11 20:36 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 20:36 . 2012-09-11 20:36 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-11 20:36 . 2012-09-11 20:36 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-11 20:36 . 2012-09-11 20:36 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-08-24 18:05 . 2012-09-22 07:29 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-09-22 07:29 1494528 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-09-22 07:29 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-09-22 07:29 9056256 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:03 . 2012-09-22 07:29 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:03 . 2012-09-22 07:29 735744 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:03 . 2012-09-22 07:29 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:02 . 2012-09-22 07:29 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:02 . 2012-09-22 07:29 12295680 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:02 . 2012-09-22 07:29 2453504 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 16:57 . 2012-09-22 07:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 15:59 . 2012-09-22 07:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 15:20 . 2012-09-22 07:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-21 09:13 . 2011-04-10 14:41 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-08-21 09:13 . 2010-10-16 10:40 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-08-21 09:13 . 2010-10-16 10:40 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-08-21 09:13 . 2012-02-26 14:17 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-08-21 09:13 . 2010-10-16 10:40 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-08-21 09:13 . 2010-10-16 10:40 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-08-21 09:12 . 2010-10-16 10:39 41224 ----a-w- c:\windows\avastSS.scr

2012-08-21 09:12 . 2010-10-16 10:39 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-08-21 09:12 . 2011-01-19 19:17 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-08-20 17:38 . 2012-10-10 14:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-08-14 18:50 . 2012-08-14 18:50 911360 ----a-w- c:\windows\system32\jscript.dll

2012-08-14 18:50 . 2012-08-14 18:50 609792 ----a-w- c:\windows\system32\vbscript.dll

2012-08-14 18:50 . 2012-08-14 18:50 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-14 18:50 . 2012-08-14 18:50 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-14 18:50 . 2012-08-14 18:50 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-14 18:50 . 2012-08-14 18:50 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-14 18:50 . 2012-08-14 18:50 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-14 18:48 . 2012-08-14 18:48 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-14 18:48 . 2012-08-14 18:48 67072 ----a-w- c:\windows\splwow64.exe

2012-08-14 18:48 . 2012-08-14 18:48 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-14 18:48 . 2012-08-14 18:48 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-14 18:48 . 2012-08-14 18:48 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-14 18:48 . 2012-08-14 18:48 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-14 18:47 . 2012-08-14 18:47 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-14 18:47 . 2012-08-14 18:47 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft ScreenHunter 5.1 Free"="c:\program files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" [2010-08-07 5324800]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-24 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]

"VolPanel"="c:\program files (x86)\creative\sb x-fi mb\volume panel\volpanlu.exe" [2009-05-04 241789]

"CTSyncService"="c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe" [2009-07-08 1233195]

"StartCCC"="c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" [2010-04-06 102400]

"VMonitorVMUVC"="c:\program files (x86)\vimicro corporation\vmuvc\vmonitor.exe" [2008-08-29 143360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]

.

d:\henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Mediacontrole Cyber-shot Viewer.lnk - c:\program files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2012-7-1 155648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]

R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]

R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]

R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-26 19456]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-26 57856]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-18 1255736]

R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-16 79360]

R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-16 79360]

R4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-16 79360]

R4 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-21 868848]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-10-23 103472]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-06-30 45456]

S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 198784]

S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:36]

.

2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job

- d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15]

.

2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job

- d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15]

.

2012-11-08 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-28 19:59]

.

2012-04-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-24 17:49]

.

2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00]

.

2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00]

.

2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job

- d:\henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13 22:36]

.

2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job

- d:\henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13 22:36]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-08-21 09:11 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\microsoft intellipoint\ipoint.exe" [2010-07-06 2327952]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

FF - ProfilePath - d:\henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=a4d9afe50000000000000025227057c3&q=

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: extensions.BabylonToolbar_i.id - a4d9afe50000000000000025227057c3

FF - user.js: extensions.BabylonToolbar_i.hardId - a4d9afe50000000000000025227057c3

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15332

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:31

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: content.max.tokenizing.time - 2250000

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files (x86)\NOS\bin\getPlus_Helper_3004.dll

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\

.

[HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\SecuROM\License information*]

"datasecu"=hex:e6,21,3f,75,5d,34,c4,45,ee,16,73,29,a9,e4,1d,a6,0a,cc,fe,38,e4,

23,71,b6,87,7d,ad,cf,72,43,df,42,36,7e,15,ff,8f,b4,f0,a6,a7,9b,95,6f,46,55,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\windows\SysWOW64\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2012-11-08 21:19:43 - machine werd herstart

ComboFix-quarantined-files.txt 2012-11-08 20:19

ComboFix2.txt 2012-09-30 10:18

.

Pre-Run: 148.620.140.544 bytes beschikbaar

Post-Run: 148.536.102.912 bytes beschikbaar

.

- - End Of File - - 84C0803ADE7A8E920E0AAB377710E0C6

pc gaat nu wel erg traag lopen na combofix

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - d:\henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\

FF - prefs.js: keyword.URL -

FF - user.js: extensions.BabylonToolbar_i.id - a4d9afe50000000000000025227057c3

FF - user.js: extensions.BabylonToolbar_i.hardId - a4d9afe50000000000000025227057c3

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15332

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:31

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[henk253]

had het gedaan wat je zei maar ik had vergeten om het logje op te slaan dus dat kan ik je niet geven, hij starte nu wel weer sneller op.

Wat is dat steeds dat dit probleem veroorzaakt kan ik iets doen om dit te voorkomen of

Alvast bedankt voor je hulp

[kape]

Kijk eens in je C-partitie. Daar zou je het bestandje (logje) combofix.txt moeten kunnen vinden. Zo ja, hang het even in een volgende bericht.

[henk253]

oke gelukt

ComboFix 12-11-08.01 - Henk 09-11-2012 13:42:11.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2497 [GMT 1:00]

Gestart vanuit: d:\henk\Desktop\FF bewaren\ComboFix.exe

gebruikte Opdracht switches :: d:\henk\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

d:\henk\AppData\Local\{4B2E8E38-206B-48C6-A998-F24B2E9BC76A}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-10-09 to 2012-11-09 ))))))))))))))))))))))))))))))

.

.

2012-11-09 12:33 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93CCB73C-A605-4AEF-8B8C-54CE6376B00A}\mpengine.dll

2012-10-26 20:15 . 2012-10-26 20:15 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-10-26 20:15 . 2012-10-26 20:15 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2012-10-26 20:15 . 2012-10-26 20:15 340992 ----a-w- c:\windows\system32\schannel.dll

2012-10-26 20:15 . 2012-10-26 20:15 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-10-26 20:15 . 2012-10-26 20:15 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2012-10-26 20:15 . 2012-10-26 20:15 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-10-26 20:15 . 2012-10-26 20:15 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-10-26 20:15 . 2012-10-26 20:15 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-10-26 20:15 . 2012-10-26 20:15 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2012-10-10 14:34 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-30 22:51 . 2010-10-16 10:40 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 22:51 . 2011-04-10 14:41 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 22:51 . 2010-10-16 10:40 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 22:51 . 2010-10-16 10:40 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 22:51 . 2010-10-16 10:40 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 22:51 . 2010-10-16 10:39 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 22:50 . 2010-10-16 10:39 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 22:50 . 2011-01-19 19:17 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-15 16:59 . 2012-02-26 14:17 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-10-10 14:39 . 2010-11-15 14:23 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-08 21:36 . 2012-04-03 13:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-08 21:36 . 2011-05-20 10:21 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-29 18:54 . 2010-12-19 18:52 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-25 20:32 . 2012-09-25 20:32 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-11 20:37 . 2012-09-11 20:37 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-11 20:37 . 2012-09-11 20:37 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-11 20:36 . 2012-09-11 20:36 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-11 20:36 . 2012-09-11 20:36 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-11 20:36 . 2012-09-11 20:36 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-11 20:36 . 2012-09-11 20:36 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-11 20:36 . 2012-09-11 20:36 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-08-24 18:05 . 2012-09-22 07:29 1188864 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 18:05 . 2012-09-22 07:29 1494528 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 18:05 . 2012-09-22 07:29 134144 ----a-w- c:\windows\system32\url.dll

2012-08-24 18:03 . 2012-09-22 07:29 9056256 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 18:03 . 2012-09-22 07:29 97792 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 18:03 . 2012-09-22 07:29 735744 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 18:03 . 2012-09-22 07:29 64512 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 18:02 . 2012-09-22 07:29 247808 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 18:02 . 2012-09-22 07:29 12295680 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 18:02 . 2012-09-22 07:29 2453504 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 16:57 . 2012-09-22 07:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 15:59 . 2012-09-22 07:29 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 15:20 . 2012-09-22 07:29 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-20 17:38 . 2012-10-10 14:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-15 16:52 . 2012-08-15 16:52 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-08-14 18:50 . 2012-08-14 18:50 911360 ----a-w- c:\windows\system32\jscript.dll

2012-08-14 18:50 . 2012-08-14 18:50 609792 ----a-w- c:\windows\system32\vbscript.dll

2012-08-14 18:50 . 2012-08-14 18:50 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-14 18:50 . 2012-08-14 18:50 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-14 18:50 . 2012-08-14 18:50 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-14 18:50 . 2012-08-14 18:50 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-14 18:50 . 2012-08-14 18:50 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-14 18:48 . 2012-08-14 18:48 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-14 18:48 . 2012-08-14 18:48 67072 ----a-w- c:\windows\splwow64.exe

2012-08-14 18:48 . 2012-08-14 18:48 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-14 18:48 . 2012-08-14 18:48 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-14 18:48 . 2012-08-14 18:48 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-14 18:48 . 2012-08-14 18:48 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-14 18:47 . 2012-08-14 18:47 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-14 18:47 . 2012-08-14 18:47 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft ScreenHunter 5.1 Free"="c:\program files (x86)\Wisdom-soft ScreenHunter 5 Free\ScreenHunter.exe" [2010-08-07 5324800]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-24 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]

"VolPanel"="c:\program files (x86)\creative\sb x-fi mb\volume panel\volpanlu.exe" [2009-05-04 241789]

"CTSyncService"="c:\program files (x86)\installshield installation information\{f3d9ac82-30f4-4bb9-b9ab-8697637568c1}\ambspisyncservice.exe" [2009-07-08 1233195]

"StartCCC"="c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" [2010-04-06 102400]

"VMonitorVMUVC"="c:\program files (x86)\vimicro corporation\vmuvc\vmonitor.exe" [2008-08-29 143360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2012-09-24 490880]

.

d:\henk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Mediacontrole Cyber-shot Viewer.lnk - c:\program files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2012-7-1 155648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]

R3 cpuz135;cpuz135;c:\program files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [2012-02-07 23816]

R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]

R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-26 19456]

R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-02-22 41888]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-26 57856]

R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-18 1255736]

R4 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-10-16 79360]

R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-10-16 79360]

R4 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2010-10-16 79360]

R4 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-05-21 868848]

S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-02-22 65072]

S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-02-22 74824]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 202752]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [2012-10-23 103472]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-07-26 92632]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-06-30 45456]

S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys [2009-05-25 198784]

S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2008-07-01 303616]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 21:36]

.

2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job

- d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15]

.

2012-09-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job

- d:\henk\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-07 12:15]

.

2012-11-08 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2012-09-28 19:59]

.

2012-04-28 c:\windows\Tasks\Google Software Updater.job

- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-24 17:49]

.

2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00]

.

2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 23:00]

.

2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008Core.job

- d:\henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13 22:36]

.

2012-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2771351034-1752285704-1091563883-1008UA.job

- d:\henk\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-13 22:36]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\microsoft intellipoint\ipoint.exe" [2010-07-06 2327952]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.nl/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

FF - ProfilePath - d:\henk\AppData\Roaming\Mozilla\Firefox\Profiles\94okqsys.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: content.max.tokenizing.time - 2250000

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{E2883E8F-472F-4fb0-9522-AC9BF37916A7} - c:\program files (x86)\NOS\bin\getPlus_Helper_3004.dll

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ThreatFire]

"AlternateImagePath"=""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a5,67,f5,ad,ed,7c,3a,42,83,b9,73,\

.

[HKEY_USERS\S-1-5-21-2771351034-1752285704-1091563883-1008\Software\SecuROM\License information*]

"datasecu"=hex:e6,21,3f,75,5d,34,c4,45,ee,16,73,29,a9,e4,1d,a6,0a,cc,fe,38,e4,

23,71,b6,87,7d,ad,cf,72,43,df,42,36,7e,15,ff,8f,b4,f0,a6,a7,9b,95,6f,46,55,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-11-09 13:50:35

ComboFix-quarantined-files.txt 2012-11-09 12:50

ComboFix2.txt 2012-11-08 20:19

ComboFix3.txt 2012-09-30 10:18

.

Pre-Run: 148.593.426.432 bytes beschikbaar

Post-Run: 148.497.960.960 bytes beschikbaar

.

- - End Of File - - 1DBEDFA552AF2707BD8D3F7C95608A36

[kape]

OK, de noodzakelijke aanpassingen zijn gelukt. Je mag Combofix nu weer verwijderen.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall (met spatie voor de /).

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

En hoe draait de PC nu ?