Ga naar inhoud

geen geluid meer

migsken

Door migsken
in Archief Multimedia

 Delen

Aanbevolen berichten

  • Reacties 61
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Populaire dagen

Beste reacties in dit topic

Populaire dagen

Geplaatste afbeeldingen

migsken Leerling

migsken

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-01-28.03 - vdb 29/01/2011 15:05:36.3.2 - x64

Gestart vanuit: c:\users\vdb\Downloads\ComboFix.exe

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\SysWow64\Drivers\byoyame.sys

c:\windows\SysWow64\Drivers\ccfbvdp.sys

c:\windows\SysWow64\Drivers\dnmz.sys

c:\windows\SysWow64\Drivers\fdszfqkf.sys

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-12-28 to 2011-01-29 ))))))))))))))))))))))))))))))

.

2011-01-29 14:10 . 2011-01-29 14:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-27 20:23 . 2011-01-27 20:23 -------- d-----w- c:\users\vdb\AppData\Roaming\Malwarebytes

2011-01-27 20:23 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-27 20:23 . 2011-01-27 20:23 -------- d-----w- c:\programdata\Malwarebytes

2011-01-27 20:23 . 2011-01-27 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-27 20:23 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-27 16:00 . 2011-01-27 16:00 -------- d-----w- c:\users\vdb\AppData\Roaming\WinBatch

2011-01-26 23:15 . 2011-01-26 23:15 -------- d-----w- C:\FM Genie Scout 11

2011-01-26 21:36 . 2011-01-26 21:36 -------- d-----w- c:\program files\Recuva

2011-01-25 23:46 . 2011-01-25 23:46 -------- d-----w- c:\program files\CCleaner

2011-01-25 20:37 . 2011-01-25 20:37 -------- d-----w- c:\users\vdb\AppData\Local\VS Revo Group

2011-01-25 20:37 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-01-25 20:37 . 2011-01-25 20:37 -------- d-----w- c:\program files\VS Revo Group

2011-01-25 18:56 . 2011-01-28 20:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-01-25 18:56 . 2011-01-25 18:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-01-25 17:30 . 2011-01-27 20:16 -------- d-----w- c:\program files (x86)\Ask.com

2011-01-23 18:59 . 2011-01-23 18:59 -------- d-----w- c:\windows\system32\drivers\NSSx64

2011-01-23 18:59 . 2011-01-23 18:59 -------- d-----w- c:\program files (x86)\Norton Security Scan

2011-01-23 18:59 . 2011-01-23 18:59 -------- d-----w- c:\program files (x86)\NortonInstaller

2011-01-18 21:35 . 2011-01-18 21:35 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2011-01-18 21:25 . 2011-01-18 21:25 -------- d-----w- c:\users\vdb\AppData\Local\{7F94D053-43D7-4124-BC5C-6E3AF837563E}

2011-01-17 16:09 . 2011-01-17 16:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f41a32601cbb66013\DSETUP.dll

2011-01-17 16:09 . 2011-01-17 16:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f41a32601cbb66013\DXSETUP.exe

2011-01-17 16:09 . 2011-01-17 16:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f41a32601cbb66013\dsetup32.dll

2011-01-17 16:09 . 2011-01-17 16:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee5780c81cbb66012\DSETUP.dll

2011-01-17 16:09 . 2011-01-17 16:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee5780c81cbb66012\DXSETUP.exe

2011-01-17 16:09 . 2011-01-17 16:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee5780c81cbb66012\dsetup32.dll

2011-01-17 16:08 . 2011-01-18 21:21 -------- d-----w- c:\users\vdb\AppData\Local\Windows Live

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-27 10:07 . 2010-12-27 10:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl

2010-11-04 06:35 . 2010-12-15 16:01 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-15 16:01 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-15 16:01 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-15 16:01 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-15 16:01 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-15 16:01 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-15 16:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-15 16:01 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-15 16:01 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-15 16:01 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:17 . 2010-12-15 16:01 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:16 . 2010-12-15 16:01 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-15 16:01 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-15 16:01 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-15 16:01 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-15 16:01 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-15 16:01 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-15 16:01 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-16 1242448]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-11-16 422912]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http:" [X]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R0 ehstv;ehstv;c:\windows\system32\drivers\ccfbvdp.sys [x]

R0 nyjhaj;nyjhaj;c:\windows\system32\drivers\dnmz.sys [x]

R0 obnvjcbp;obnvjcbp;c:\windows\system32\drivers\byoyame.sys [x]

R0 shffduxw;shffduxw;c:\windows\system32\drivers\fdszfqkf.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 135664]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]

S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

.

Inhoud van de 'Gedeelde Taken' map

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 16:11]

2011-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 16:11]

2011-01-24 c:\windows\Tasks\Norton Security Scan for vdb.job

- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2011-01-23 08:48]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google

mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

FF - ProfilePath - c:\users\vdb\AppData\Roaming\Mozilla\Firefox\Profiles\23ejn3nm.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/en/index.php?rvs=google

FF - prefs.js: browser.startup.homepage - hxxp://downloads.phpnuke.org/en/index.php?rvs=google

FF - prefs.js: keyword.URL - hxxp://downloads.phpnuke.org/en/index.php?rvs=google

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

.

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe

HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]

"GameDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010\\games"

"ShortlistDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"

"ScreenshotsDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010"

"SaveDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010\\"

"HistoryDir"="c:\\Users\\vdb\\AppData\\Local\\Temp\\Rar$EX00.297\\History Points"

"LangDB"=""

"LastSaveGame"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010\\games\\parmentierke (v02).fm"

"Language"="English"

"LoadLangDB"=dword:00000000

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="Champions League"

"LastUpdateCheck"=dword:00009e50

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:00000074

"UniqueID"="25-8680-E15F"

"Currency"=dword:0000001c

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]

"GameDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2011\\games"

"ShortlistDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2011\\shortlists"

"FMPath"=""

"ScreenshotsDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2011"

"SaveDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2011\\"

"HistoryDir"="c:\\FM Genie Scout 11\\History Points"

"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"

"LastSaveGame"=""

"Language"="English"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="PSV Eindhoven"

"LastUpdateCheck"=dword:00009e7b

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:00000080

"UniqueID"="25-8680-E15F"

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"PlayerSearchFeatureNum"=dword:00000002

"StaffSearchFeatureNum"=dword:00000000

"ClubSearchFeatureNum"=dword:00000000

"FilterByClubFeatureNum"=dword:00000000

"CompareFeatureNum"=dword:00000000

"ShortlistFeatureNum"=dword:00000000

"ExportFeatureNum"=dword:00000000

"HistoryFeatureNum"=dword:00000000

"LanguageDBFeatureNum"=dword:00000002

"HintsFeatureNum"=dword:00000001

"GenieReportFeatureNum"=dword:00000002

"TopFormationFeatureNum"=dword:00000000

"ScreenshotFeatureNum"=dword:00000000

"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11g]

"PicturesNumber"=dword:00000479

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:3e,f9,d4,c0,45,e2,2d,88,3c,49,ce,0b,16,f1,a4,f3,97,1e,c7,e9,68,a9,ae,

0a,9a,e1,7a,73,8e,05,52,42,6f,a9,44,85,5f,96,ba,0f,4f,fd,b9,d3,81,6f,5c,e4,\

"??"=hex:f2,fc,7e,c5,79,f3,32,25,2c,a5,fc,66,cc,de,4a,cf

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:92,25,e1,55,b2,02,ec,60,c7,b1,7f,25,76,2a,f0,a1,65,8d,3d,06,33,

5b,5a,ca,95,a7,4f,9e,ab,e6,5a,d4,82,fe,fc,8a,c0,66,af,32,ed,53,da,8c,27,51,\

"rkeysecu"=hex:69,94,d9,ec,7d,1a,49,de,27,e0,e5,77,53,b7,91,1b

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-01-29 15:12:25

ComboFix-quarantined-files.txt 2011-01-29 14:12

Pre-Run: 158.222.585.856 bytes beschikbaar

Post-Run: 158.137.450.496 bytes beschikbaar

- - End Of File - - 543FD02A2C438A1C51CEED588A3EDE17

Link naar reactie
Delen op andere sites
kape Grootmeester

kape

Geplaatst:
Geplaatst:

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\ccfbvdp.sys

c:\windows\system32\drivers\dnmz.sys

c:\windows\system32\drivers\byoyame.sys

c:\windows\system32\drivers\fdszfqkf.sys

Driver::

ehstv

nyjhaj

obnvjcbp

shffduxw

Folder::

c:\program files (x86)\Ask.com

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites
migsken Leerling

migsken

Geplaatst:
  • Auteur
Geplaatst:

ComboFix 11-01-28.03 - vdb 30/01/2011 15:53:42.4.2 - x64

Gestart vanuit: c:\users\vdb\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\vdb\Desktop\CFScript.txt

* Nieuw herstelpunt werd aangemaakt

FILE ::

"c:\windows\system32\drivers\byoyame.sys"

"c:\windows\system32\drivers\ccfbvdp.sys"

"c:\windows\system32\drivers\dnmz.sys"

"c:\windows\system32\drivers\fdszfqkf.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Ask.com

c:\program files (x86)\Ask.com\cobrand.ico

c:\program files (x86)\Ask.com\config.xml

c:\program files (x86)\Ask.com\favicon.ico

c:\program files (x86)\Ask.com\fv_f335.ico

c:\program files (x86)\Ask.com\mupcfg.xml

c:\program files (x86)\Ask.com\SaUpdate.exe

c:\program files (x86)\Ask.com\UpdateTask.exe

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_ehstv

-------\Service_nyjhaj

-------\Service_obnvjcbp

-------\Service_shffduxw

(((((((((((((((((((( Bestanden Gemaakt van 2010-12-28 to 2011-01-30 ))))))))))))))))))))))))))))))

.

2011-01-30 14:59 . 2011-01-30 14:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-01-28 22:24 . 2011-01-28 22:24 -------- d-----w- c:\program files (x86)\Unlocker

2011-01-28 20:41 . 2011-01-28 20:41 -------- d-----w- C:\!KillBox

2011-01-28 18:32 . 2011-01-28 18:32 -------- d-----w- c:\programdata\MFAData

2011-01-27 20:23 . 2011-01-27 20:23 -------- d-----w- c:\users\vdb\AppData\Roaming\Malwarebytes

2011-01-27 20:23 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-27 20:23 . 2011-01-27 20:23 -------- d-----w- c:\programdata\Malwarebytes

2011-01-27 20:23 . 2011-01-27 20:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-27 20:23 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-01-27 16:00 . 2011-01-27 16:00 -------- d-----w- c:\users\vdb\AppData\Roaming\WinBatch

2011-01-26 23:15 . 2011-01-26 23:15 -------- d-----w- C:\FM Genie Scout 11

2011-01-26 21:36 . 2011-01-26 21:36 -------- d-----w- c:\program files\Recuva

2011-01-25 23:46 . 2011-01-25 23:46 -------- d-----w- c:\program files\CCleaner

2011-01-25 20:37 . 2011-01-25 20:37 -------- d-----w- c:\users\vdb\AppData\Local\VS Revo Group

2011-01-25 20:37 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys

2011-01-25 20:37 . 2011-01-25 20:37 -------- d-----w- c:\program files\VS Revo Group

2011-01-25 18:56 . 2011-01-28 20:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-01-25 18:56 . 2011-01-25 18:57 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-01-23 18:59 . 2011-01-23 18:59 -------- d-----w- c:\windows\system32\drivers\NSSx64

2011-01-23 18:59 . 2011-01-23 18:59 -------- d-----w- c:\program files (x86)\Norton Security Scan

2011-01-23 18:59 . 2011-01-23 18:59 -------- d-----w- c:\program files (x86)\NortonInstaller

2011-01-18 21:35 . 2011-01-18 21:35 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2011-01-18 21:25 . 2011-01-18 21:25 -------- d-----w- c:\users\vdb\AppData\Local\{7F94D053-43D7-4124-BC5C-6E3AF837563E}

2011-01-17 16:09 . 2011-01-17 16:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f41a32601cbb66013\DSETUP.dll

2011-01-17 16:09 . 2011-01-17 16:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f41a32601cbb66013\DXSETUP.exe

2011-01-17 16:09 . 2011-01-17 16:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f41a32601cbb66013\dsetup32.dll

2011-01-17 16:09 . 2011-01-17 16:09 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee5780c81cbb66012\DSETUP.dll

2011-01-17 16:09 . 2011-01-17 16:09 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee5780c81cbb66012\DXSETUP.exe

2011-01-17 16:09 . 2011-01-17 16:09 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ee5780c81cbb66012\dsetup32.dll

2011-01-17 16:08 . 2011-01-18 21:21 -------- d-----w- c:\users\vdb\AppData\Local\Windows Live

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-27 10:07 . 2010-12-27 10:07 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl

2010-11-04 06:35 . 2010-12-15 16:01 1194496 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 06:31 . 2010-12-15 16:01 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 05:52 . 2010-12-15 16:01 978944 ----a-w- c:\windows\SysWow64\wininet.dll

2010-11-04 05:48 . 2010-12-15 16:01 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-11-04 05:16 . 2010-12-15 16:01 482816 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:41 . 2010-12-15 16:01 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-11-04 04:35 . 2010-12-15 16:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-04 04:08 . 2010-12-15 16:01 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-11-02 05:18 . 2010-12-15 16:01 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 05:17 . 2010-12-15 16:01 473600 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 05:17 . 2010-12-15 16:01 1169408 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 05:16 . 2010-12-15 16:01 1114624 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 05:10 . 2010-12-15 16:01 464384 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 05:10 . 2010-12-15 16:01 285696 ----a-w- c:\windows\system32\schtasks.exe

2010-11-02 04:40 . 2010-12-15 16:01 496128 ----a-w- c:\windows\SysWow64\taskschd.dll

2010-11-02 04:40 . 2010-12-15 16:01 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll

2010-11-02 04:34 . 2010-12-15 16:01 192000 ----a-w- c:\windows\SysWow64\taskeng.exe

2010-11-02 04:34 . 2010-12-15 16:01 179712 ----a-w- c:\windows\SysWow64\schtasks.exe

.

((((((((((((((((((((((((((((( SnapShot@2011-01-29_14.10.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-09-10 08:09 . 2011-01-30 14:47 56630 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-01-30 15:02 47250 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2011-01-29 13:58 47250 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-01-28 17:38 . 2011-01-30 15:03 10774 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3010251308-1964656382-1606146038-1000_UserData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-11-16 1242448]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Sony Ericsson PC Companion"="c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2010-11-16 422912]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-29 98304]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 135664]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2010-10-26 155344]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]

R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-08-06 116104]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-26 942080]

.

Inhoud van de 'Gedeelde Taken' map

2011-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 16:11]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-02 16:11]

2011-01-24 c:\windows\Tasks\Norton Security Scan for vdb.job

- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2011-01-23 08:48]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF32313.cfxxe" [X]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 709976]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]

"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

"SmoothView"="%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe" [bU]

"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [bU]

"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SmartFaceVWatcher"="%ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"Teco"="%ProgramFiles%\TOSHIBA\TECO\Teco.exe" [bU]

"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-07-30 134032]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google

mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=google

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

FF - ProfilePath - c:\users\vdb\AppData\Roaming\Mozilla\Firefox\Profiles\23ejn3nm.default\

FF - prefs.js: browser.search.selectedEngine - hxxp://downloads.phpnuke.org/en/index.php?rvs=google

FF - prefs.js: browser.startup.homepage - hxxp://downloads.phpnuke.org/en/index.php?rvs=google

FF - prefs.js: keyword.URL - hxxp://downloads.phpnuke.org/en/index.php?rvs=google

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

.

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\G*e*n*i*e*"!\FM Genie Scout 10]

"GameDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010\\games"

"ShortlistDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"

"ScreenshotsDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010"

"SaveDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010\\"

"HistoryDir"="c:\\Users\\vdb\\AppData\\Local\\Temp\\Rar$EX00.297\\History Points"

"LangDB"=""

"LastSaveGame"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2010\\games\\parmentierke (v02).fm"

"Language"="English"

"LoadLangDB"=dword:00000000

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="Champions League"

"LastUpdateCheck"=dword:00009e50

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:00000074

"UniqueID"="25-8680-E15F"

"Currency"=dword:0000001c

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11]

"GameDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2011\\games"

"ShortlistDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2011\\shortlists"

"FMPath"=""

"ScreenshotsDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2011"

"SaveDir"="c:\\Users\\vdb\\Documents\\Sports Interactive\\Football Manager 2011\\"

"HistoryDir"="c:\\FM Genie Scout 11\\History Points"

"LangDB"="c:\\FM Genie Scout 11\\lang_db.dat"

"LastSaveGame"=""

"Language"="English"

"LoadLangDB"=dword:00000001

"CompressHistoryPoints"=dword:00000000

"HighlightedAttributes"=dword:00000000

"MinCondition"=dword:00000050

"GraphStep"=dword:00000000

"SkinName"="PSV Eindhoven"

"LastUpdateCheck"=dword:00009e7c

"HighQualityGUI"=dword:00000001

"AutomaticallyUpdateCheck"=dword:00000001

"AdvancedGeneration"=dword:00000000

"TranslateStaffSkills"=dword:00000001

"TranslatePlayerSkills"=dword:00000001

"TranslatePositions"=dword:00000001

"ShowHistory"=dword:00000001

"Version"=dword:00000080

"UniqueID"="25-8680-E15F"

"UseProxy"=dword:00000000

"ProxyHost"=""

"ProxyPort"=""

"UseAuthentication"=dword:00000000

"UserName"=""

"UserPassword"=""

"PlayerSearchFeatureNum"=dword:00000003

"StaffSearchFeatureNum"=dword:00000000

"ClubSearchFeatureNum"=dword:00000000

"FilterByClubFeatureNum"=dword:00000001

"CompareFeatureNum"=dword:00000000

"ShortlistFeatureNum"=dword:00000000

"ExportFeatureNum"=dword:00000000

"HistoryFeatureNum"=dword:00000000

"LanguageDBFeatureNum"=dword:00000003

"HintsFeatureNum"=dword:00000001

"GenieReportFeatureNum"=dword:00000003

"TopFormationFeatureNum"=dword:00000000

"ScreenshotFeatureNum"=dword:00000000

"Currency"=dword:00000056

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\G*e*n*i*e*"!\FM Genie Scout 11g]

"PicturesNumber"=dword:00000479

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:3e,f9,d4,c0,45,e2,2d,88,3c,49,ce,0b,16,f1,a4,f3,97,1e,c7,e9,68,a9,ae,

0a,9a,e1,7a,73,8e,05,52,42,6f,a9,44,85,5f,96,ba,0f,4f,fd,b9,d3,81,6f,5c,e4,\

"??"=hex:f2,fc,7e,c5,79,f3,32,25,2c,a5,fc,66,cc,de,4a,cf

[HKEY_USERS\S-1-5-21-3010251308-1964656382-1606146038-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:92,25,e1,55,b2,02,ec,60,c7,b1,7f,25,76,2a,f0,a1,65,8d,3d,06,33,

5b,5a,ca,95,a7,4f,9e,ab,e6,5a,d4,82,fe,fc,8a,c0,66,af,32,ed,53,da,8c,27,51,\

"rkeysecu"=hex:69,94,d9,ec,7d,1a,49,de,27,e0,e5,77,53,b7,91,1b

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\TMonitor.exe

c:\program files (x86)\Common Files\Steam\SteamService.exe

.

**************************************************************************

.

Voltooingstijd: 2011-01-30 16:08:22 - machine werd herstart

ComboFix-quarantined-files.txt 2011-01-30 15:08

ComboFix2.txt 2011-01-29 14:12

Pre-Run: 157.964.713.984 bytes beschikbaar

Post-Run: 157.668.143.104 bytes beschikbaar

- - End Of File - - 19B99FD25AB0A003FA3E498EE78D70D6

Link naar reactie
Delen op andere sites
  • 3 weken later...
migsken Leerling

migsken

Geplaatst:
  • Auteur
Geplaatst:

Heb nog altijd geen geluid, ik kan zelf niets meer updaten.

Heb ook allerhande foutmeldingen als ik iets wil installeren zoals 0x80040154

Ik zat met het idee om alles van mijn pc te verwijderen, maar als ik kijk naar de cd's die meegeleverd zijn, zijn die windows 32 bit terwijl ik nu met een 64 bit werk.

---------- Post toegevoegd om 13:33 ---------- Vorige post was om 13:23 ----------

Heb bericht 9 ook nog eens uitgevoerd, en werkte niet

Link naar reactie
Delen op andere sites
 Delen
Ga naar topic overzicht
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.