opstart en pc zijn zeer traag en loopt dikwijls vast

[kape]

Hoe staat het nu met het vastlopen en de traagheid ?

[sparre]

na een week m'n laptop te gebruiken, kan ik u melden dat de laptop nog steeds vastloopt.

toch is deze veel sneller geworden en hangt een beetje minder vast.

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Alwin\AppData\Roaming\Mozilla\Firefox\Profiles\hzm1h8xu.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Download Dr.Web CureIt en sla het op je bureaublad op.

• Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
  Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
  
• De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
  
• Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
  
• Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:
  
  • 
    
  • Adware: Verplaats
    
  • Dialers: Verplaats
    
  • Jokes: Rapportage
    
  • Riskware: Rapportage
    
  • Hacktools: Verplaats
    
  • Haal dan het vinkje weg bij 'Prompt bij actie'.
    

  [*]Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.

  Druk vervolgens op Toepassen gevolgd door OK.

  [*]Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.

  Druk daarna op het groene pijltje (start knop) om de scan te starten.

  [*]Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.

  [*]Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.

  Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.

  [*]Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

  [*]Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

[sparre]

ComboFix 11-03-12.01 - Alwin 12/03/2011 23:36:50.4.1 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1790.814 [GMT 1:00]

Gestart vanuit: c:\users\Alwin\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Alwin\Desktop\CFScript.txt

AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-12 to 2011-03-12 ))))))))))))))))))))))))))))))

.

.

2011-03-12 22:46 . 2011-03-12 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-09 10:14 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 10:14 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 10:14 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-03-09 10:14 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 10:14 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-03-09 10:13 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 10:13 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 10:13 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 10:13 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 10:13 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-03-09 10:13 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-03-09 10:13 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2011-03-09 10:13 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2011-03-09 10:13 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 10:13 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe

2011-03-09 10:13 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll

2011-03-09 10:13 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe

2011-03-06 11:59 . 2011-03-10 12:29 -------- d-----w- c:\users\Alwin\AppData\Roaming\dvdcss

2011-03-06 11:59 . 2011-03-06 12:01 -------- d-----w- c:\users\Alwin\AppData\Roaming\vlc

2011-03-06 11:58 . 2011-03-06 11:58 -------- d-----w- c:\program files (x86)\VideoLAN

2011-03-05 16:55 . 2011-03-05 16:55 -------- d-----w- c:\program files (x86)\BittorrentBar_NL

2011-03-05 16:55 . 2011-03-05 16:55 -------- d-----w- c:\program files (x86)\BitTorrent

2011-03-05 16:54 . 2011-03-12 22:28 -------- d-----w- c:\users\Alwin\AppData\Roaming\BitTorrent

2011-03-04 19:25 . 2011-03-04 19:25 -------- d-----w- c:\users\Alwin\AppData\Roaming\Malwarebytes

2011-03-04 19:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-04 19:25 . 2011-03-04 19:25 -------- d-----w- c:\programdata\Malwarebytes

2011-03-04 19:25 . 2011-03-04 19:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-03-04 19:25 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-04 19:17 . 2011-03-04 19:17 388096 ----a-r- c:\users\Alwin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-04 19:17 . 2011-03-04 19:17 -------- d-----w- c:\program files (x86)\Trend Micro

2011-02-23 15:53 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-23 15:53 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-02-23 15:45 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-23 15:45 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-02-23 15:45 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-23 15:45 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 20:12 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-04 17:24 . 2010-10-08 07:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-03-04 17:24 . 2010-10-12 05:22 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-02-22 19:29 . 2010-10-15 03:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-02-22 19:28 . 2010-10-08 07:00 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-26 06:53 . 2011-02-08 19:12 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-26 06:53 . 2011-02-08 19:12 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-01-26 06:31 . 2011-02-08 19:12 144384 ----a-w- c:\windows\system32\cdd.dll

2011-01-07 08:06 . 2011-02-08 19:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 07:27 . 2011-02-08 19:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-01-07 05:49 . 2011-02-08 19:11 366080 ----a-w- c:\windows\system32\atmfd.dll

2011-01-07 05:33 . 2011-02-08 19:11 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-01-05 06:20 . 2011-02-08 19:12 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 05:37 . 2011-02-08 19:12 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-01-05 04:00 . 2011-02-08 19:17 3127808 ----a-w- c:\windows\system32\win32k.sys

2010-12-21 06:16 . 2011-02-08 19:17 62976 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 06:16 . 2011-02-08 19:17 97280 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 06:16 . 2011-02-08 19:16 214016 ----a-w- c:\windows\system32\winsrv.dll

2010-12-21 06:16 . 2011-02-08 19:17 1197056 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 06:16 . 2011-02-08 19:17 442880 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 06:16 . 2011-02-08 19:17 258048 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 06:15 . 2011-02-08 19:17 264192 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 06:15 . 2011-02-08 19:17 15360 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 06:13 . 2011-02-08 19:17 2003968 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 06:13 . 2011-02-08 19:17 1880576 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 06:10 . 2011-02-08 19:17 100864 ----a-w- c:\windows\system32\davclnt.dll

2010-12-21 05:38 . 2011-02-08 19:17 51200 ----a-w- c:\windows\SysWow64\wscapi.dll

2010-12-21 05:38 . 2011-02-08 19:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2010-12-21 05:38 . 2011-02-08 19:17 350720 ----a-w- c:\windows\SysWow64\winhttp.dll

2010-12-21 05:38 . 2011-02-08 19:17 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll

2010-12-21 05:38 . 2011-02-08 19:17 204288 ----a-w- c:\windows\SysWow64\upnp.dll

2010-12-21 05:38 . 2011-02-08 19:17 14336 ----a-w- c:\windows\SysWow64\slwga.dll

2010-12-21 05:36 . 2011-02-08 19:17 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2010-12-21 05:36 . 2011-02-08 19:17 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2010-12-21 05:34 . 2011-02-08 19:17 80384 ----a-w- c:\windows\SysWow64\davclnt.dll

2010-12-18 06:11 . 2011-02-08 19:21 57856 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 06:11 . 2011-02-08 19:17 714752 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 05:29 . 2011-02-08 19:21 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll

2010-12-18 05:29 . 2011-02-08 19:17 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2010-12-18 04:55 . 2011-02-08 19:21 482816 ----a-w- c:\windows\system32\html.iec

2010-12-18 04:20 . 2011-02-08 19:21 386048 ----a-w- c:\windows\SysWow64\html.iec

2010-12-18 04:13 . 2011-02-08 19:21 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-12-18 03:47 . 2011-02-08 19:21 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2010-07-08 09:37 . 2010-07-08 09:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-03-05_16.29.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-25 19:30 . 2011-03-11 20:13 44026 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-03-12 22:30 47964 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-25 17:26 . 2011-03-12 22:30 10296 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1132162624-2952537014-1726247241-1001_UserData.bin

- 2010-09-23 09:37 . 2011-03-05 16:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-23 09:37 . 2011-03-12 22:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-23 09:37 . 2011-03-12 22:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-09-23 09:37 . 2011-03-05 16:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-03-12 22:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-03-05 16:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-22 18:51 . 2011-03-05 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-22 18:51 . 2011-03-12 22:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:46 . 2011-02-27 11:20 82368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2011-03-11 20:15 82368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2010-09-22 18:51 . 2011-03-05 16:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-22 18:51 . 2011-03-12 22:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-22 18:51 . 2011-03-12 22:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-22 18:51 . 2011-03-05 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-22 18:52 . 2011-03-05 16:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-22 18:52 . 2011-03-12 22:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-22 18:52 . 2011-03-12 22:29 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-22 18:52 . 2011-03-05 16:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-29 20:28 . 2011-03-04 17:14 6358 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2010-09-29 20:28 . 2011-03-07 20:30 6358 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-03-05 16:28 . 2011-03-05 16:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-03-12 22:27 . 2011-03-12 22:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-03-12 22:27 . 2011-03-12 22:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-03-05 16:28 . 2011-03-05 16:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-10-29 22:32 . 2011-03-12 22:00 232200 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2010-09-26 01:58 . 2011-03-12 18:56 278244 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 05:01 . 2011-03-05 13:29 309792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-03-12 22:26 309792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:45 . 2011-02-23 19:01 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2011-03-10 06:45 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2010-10-30 20:38 . 2011-03-12 22:26 1047652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1132162624-2952537014-1726247241-1001-8192.dat

+ 2009-07-14 02:34 . 2011-03-12 22:42 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2011-03-05 13:02 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2010-10-30 13:56 . 2011-03-09 18:05 39946696 c:\windows\system32\MRT.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{2d8d9acc-f6d7-4362-8876-a275ca929591}"= "c:\program files (x86)\BittorrentBar_NL\tbBitt.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{2d8d9acc-f6d7-4362-8876-a275ca929591}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2d8d9acc-f6d7-4362-8876-a275ca929591}]

2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\BittorrentBar_NL\tbBitt.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-12-09 11:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{2d8d9acc-f6d7-4362-8876-a275ca929591}"= "c:\program files (x86)\BittorrentBar_NL\tbBitt.dll" [2010-12-09 3911776]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOT\clsid\{2d8d9acc-f6d7-4362-8876-a275ca929591}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-12-20 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-04 1300560]

"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-01-14 1541472]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-03-10 71216]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe" [2009-11-16 240992]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 135664]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-03-10 467248]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-11-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-11-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-04 325200]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-02-06 865824]

S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-03-10 53224]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 19:52]

.

2011-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 19:52]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [bU]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-02-06 860192]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-03-10 76360]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-03-10 2008640]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849859

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0813&m=easynote_lm82&r=27360910t8b6l0450z175f47n1b444

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Alwin\AppData\Roaming\Mozilla\Firefox\Profiles\hzm1h8xu.default\

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: SwiftTabs: {5F4EC95A-FFA8-11DE-898C-667D55D89593} - %profile%\extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: BittorrentBar_NL Community Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - %profile%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}

FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - c:\program files\BitDefender\BitDefender 2011\bdaphffext

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1132162624-2952537014-1726247241-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1132162624-2952537014-1726247241-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-03-12 23:51:21

ComboFix-quarantined-files.txt 2011-03-12 22:51

ComboFix2.txt 2011-03-06 11:28

ComboFix3.txt 2011-03-05 16:39

.

Pre-Run: 124.051.673.088 bytes beschikbaar

Post-Run: 123.773.468.672 bytes beschikbaar

.

- - End Of File - - 9FFE076B604A98978FA8C8A43BAD91EF

[sparre]

En dan de Dr. web cureIt file :

http://rapidshare.com/files/452404744/CureIt.zip

deze in een zip gezet wegens de groote van het bestand.

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files (x86)\BittorrentBar_NL

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{2d8d9acc-f6d7-4362-8876-a275ca929591}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2d8d9acc-f6d7-4362-8876-a275ca929591}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{2d8d9acc-f6d7-4362-8876-a275ca929591}]

[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

[sparre]

ComboFix 11-03-19.04 - Alwin 20/03/2011 21:27:15.5.1 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1790.977 [GMT 1:00]

Gestart vanuit: c:\users\Alwin\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Alwin\Desktop\CFScript.txt

AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: BitDefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\BittorrentBar_NL

c:\program files (x86)\BittorrentBar_NL\BittorrentBar_NLToolbarHelper.exe

c:\program files (x86)\BittorrentBar_NL\GottenAppsContextMenu.xml

c:\program files (x86)\BittorrentBar_NL\INSTALL.LOG

c:\program files (x86)\BittorrentBar_NL\OtherAppsContextMenu.xml

c:\program files (x86)\BittorrentBar_NL\SharedAppsContextMenu.xml

c:\program files (x86)\BittorrentBar_NL\tbBitt.dll

c:\program files (x86)\BittorrentBar_NL\toolbar.cfg

c:\program files (x86)\BittorrentBar_NL\ToolbarContextMenu.xml

c:\program files (x86)\BittorrentBar_NL\UNWISE.EXE

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-02-20 to 2011-03-20 ))))))))))))))))))))))))))))))

.

.

2011-03-20 20:38 . 2011-03-20 20:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-03-19 10:41 . 2011-03-19 10:41 -------- d-----w- c:\programdata\InterAction studios

2011-03-13 20:26 . 2011-03-13 20:26 -------- d-----w- c:\programdata\WinZip

2011-03-13 00:28 . 2011-03-13 20:28 -------- d-----w- c:\users\Alwin\DoctorWeb

2011-03-09 10:14 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll

2011-03-09 10:14 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll

2011-03-09 10:14 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-03-09 10:14 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-03-09 10:14 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-03-09 10:13 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll

2011-03-09 10:13 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll

2011-03-09 10:13 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll

2011-03-09 10:13 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax

2011-03-09 10:13 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll

2011-03-09 10:13 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll

2011-03-09 10:13 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll

2011-03-09 10:13 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax

2011-03-09 10:13 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll

2011-03-09 10:13 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe

2011-03-09 10:13 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll

2011-03-09 10:13 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe

2011-03-06 11:59 . 2011-03-10 12:29 -------- d-----w- c:\users\Alwin\AppData\Roaming\dvdcss

2011-03-06 11:59 . 2011-03-06 12:01 -------- d-----w- c:\users\Alwin\AppData\Roaming\vlc

2011-03-06 11:58 . 2011-03-06 11:58 -------- d-----w- c:\program files (x86)\VideoLAN

2011-03-05 16:55 . 2011-03-05 16:55 -------- d-----w- c:\program files (x86)\BitTorrent

2011-03-05 16:54 . 2011-03-12 23:11 -------- d-----w- c:\users\Alwin\AppData\Roaming\BitTorrent

2011-03-04 19:25 . 2011-03-04 19:25 -------- d-----w- c:\users\Alwin\AppData\Roaming\Malwarebytes

2011-03-04 19:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-03-04 19:25 . 2011-03-04 19:25 -------- d-----w- c:\programdata\Malwarebytes

2011-03-04 19:25 . 2011-03-04 19:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-03-04 19:25 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-03-04 19:17 . 2011-03-04 19:17 388096 ----a-r- c:\users\Alwin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-04 19:17 . 2011-03-04 19:17 -------- d-----w- c:\program files (x86)\Trend Micro

2011-02-23 15:53 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-23 15:53 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2011-02-23 15:45 . 2011-01-07 08:07 662528 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-23 15:45 . 2011-01-07 07:31 442880 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2011-02-23 15:45 . 2011-01-07 08:07 475648 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-23 15:45 . 2011-01-07 07:31 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 20:12 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-04 17:24 . 2010-10-08 07:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2011-03-04 17:24 . 2010-10-12 05:22 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-02-22 19:29 . 2010-10-15 03:51 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2011-02-22 19:28 . 2010-10-08 07:00 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-01-26 06:53 . 2011-02-08 19:12 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2011-01-26 06:53 . 2011-02-08 19:12 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-01-26 06:31 . 2011-02-08 19:12 144384 ----a-w- c:\windows\system32\cdd.dll

2011-01-07 08:06 . 2011-02-08 19:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 07:27 . 2011-02-08 19:11 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-01-07 05:49 . 2011-02-08 19:11 366080 ----a-w- c:\windows\system32\atmfd.dll

2011-01-07 05:33 . 2011-02-08 19:11 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-01-05 06:20 . 2011-02-08 19:12 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 05:37 . 2011-02-08 19:12 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-01-05 04:00 . 2011-02-08 19:17 3127808 ----a-w- c:\windows\system32\win32k.sys

2010-12-21 06:16 . 2011-02-08 19:17 62976 ----a-w- c:\windows\system32\wscapi.dll

2010-12-21 06:16 . 2011-02-08 19:17 97280 ----a-w- c:\windows\system32\wscsvc.dll

2010-12-21 06:16 . 2011-02-08 19:16 214016 ----a-w- c:\windows\system32\winsrv.dll

2010-12-21 06:16 . 2011-02-08 19:17 1197056 ----a-w- c:\windows\system32\wininet.dll

2010-12-21 06:16 . 2011-02-08 19:17 442880 ----a-w- c:\windows\system32\winhttp.dll

2010-12-21 06:16 . 2011-02-08 19:17 258048 ----a-w- c:\windows\system32\WebClnt.dll

2010-12-21 06:15 . 2011-02-08 19:17 264192 ----a-w- c:\windows\system32\upnp.dll

2010-12-21 06:15 . 2011-02-08 19:17 15360 ----a-w- c:\windows\system32\slwga.dll

2010-12-21 06:13 . 2011-02-08 19:17 2003968 ----a-w- c:\windows\system32\msxml6.dll

2010-12-21 06:13 . 2011-02-08 19:17 1880576 ----a-w- c:\windows\system32\msxml3.dll

2010-12-21 06:10 . 2011-02-08 19:17 100864 ----a-w- c:\windows\system32\davclnt.dll

2010-12-21 05:38 . 2011-02-08 19:17 51200 ----a-w- c:\windows\SysWow64\wscapi.dll

2010-12-21 05:38 . 2011-02-08 19:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll

2010-12-21 05:38 . 2011-02-08 19:17 350720 ----a-w- c:\windows\SysWow64\winhttp.dll

2010-12-21 05:38 . 2011-02-08 19:17 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll

2010-12-21 05:38 . 2011-02-08 19:17 204288 ----a-w- c:\windows\SysWow64\upnp.dll

2010-12-21 05:38 . 2011-02-08 19:17 14336 ----a-w- c:\windows\SysWow64\slwga.dll

2010-12-21 05:36 . 2011-02-08 19:17 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll

2010-12-21 05:36 . 2011-02-08 19:17 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2010-12-21 05:34 . 2011-02-08 19:17 80384 ----a-w- c:\windows\SysWow64\davclnt.dll

2010-07-08 09:37 . 2010-07-08 09:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-03-05_16.29.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2011-03-13 02:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2010-11-05 21:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-03-13 02:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2010-11-05 21:29 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2010-11-05 21:29 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-03-13 02:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 00:21 . 2009-07-14 01:41 88064 c:\windows\system32\WpdMtpUS.dll

+ 2010-03-25 19:30 . 2011-03-20 10:47 44624 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-03-20 10:47 47964 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-09-25 17:26 . 2011-03-20 10:47 10360 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1132162624-2952537014-1726247241-1001_UserData.bin

+ 2009-07-14 05:30 . 2011-03-19 10:21 86016 c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2011-01-15 21:17 86016 c:\windows\system32\DriverStore\infpub.dat

+ 2009-07-14 00:06 . 2009-07-14 00:06 40448 c:\windows\system32\drivers\winusb.sys

+ 2010-09-23 09:37 . 2011-03-20 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-23 09:37 . 2011-03-05 16:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-23 09:37 . 2011-03-20 20:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-09-23 09:37 . 2011-03-05 16:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2011-03-20 20:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2011-03-05 16:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-22 18:51 . 2011-03-20 10:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-22 18:51 . 2011-03-05 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:46 . 2011-02-27 11:20 82368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2011-03-11 20:15 82368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2010-09-22 18:51 . 2011-03-20 10:46 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-09-22 18:51 . 2011-03-05 16:29 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-22 18:51 . 2011-03-20 10:46 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-22 18:51 . 2011-03-05 16:29 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-22 18:52 . 2011-03-20 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-22 18:52 . 2011-03-05 16:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-22 18:52 . 2011-03-05 16:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-09-22 18:52 . 2011-03-20 20:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-13 20:26 . 2011-03-13 20:26 29184 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}\IconCD95F6617.exe

- 2010-09-29 20:28 . 2011-03-04 17:14 6358 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2010-09-29 20:28 . 2011-03-17 07:22 6358 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-03-20 10:45 . 2011-03-20 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-03-05 16:28 . 2011-03-05 16:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-03-05 16:28 . 2011-03-05 16:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-03-20 10:45 . 2011-03-20 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 00:21 . 2009-07-14 01:41 297984 c:\windows\system32\WpdMtp.dll

+ 2010-10-29 22:32 . 2011-03-20 13:48 234574 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2010-09-26 01:58 . 2011-03-20 19:58 281610 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 05:30 . 2011-03-19 10:21 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-01-15 21:17 143360 c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:01 . 2011-03-05 13:29 309792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-03-19 18:31 309792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-03-13 20:26 . 2011-03-13 20:26 632320 c:\windows\Installer\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}\IconCD95F66110.exe

+ 2009-07-14 00:22 . 2009-07-14 01:41 1195008 c:\windows\system32\drivers\UMDF\WpdMtpDr.dll

- 2009-07-14 04:45 . 2011-02-23 19:01 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2011-03-10 06:45 3852951 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2010-10-30 20:38 . 2011-03-19 18:31 1047652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1132162624-2952537014-1726247241-1001-8192.dat

+ 2011-02-28 17:48 . 2011-02-28 17:48 4422144 c:\windows\Installer\a36b91.msi

+ 2009-07-14 02:34 . 2011-03-20 20:08 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2011-03-05 13:02 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2010-10-30 13:56 . 2011-03-09 18:05 39946696 c:\windows\system32\MRT.exe

+ 2010-11-30 14:00 . 2010-11-30 14:00 13565440 c:\windows\Installer\1572d2.msi

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2010-12-20 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-03-08 258560]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-04 1300560]

"VideoWebCamera"="c:\program files (x86)\VideoWebCamera\VideoWebCamera.exe" [2010-01-14 1541472]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-03-10 71216]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 135664]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2011-03-10 467248]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]

R4 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-11-20 88144]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-11-20 99408]

S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-04 325200]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-02-06 865824]

S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-03-10 53224]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 19:52]

.

2011-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 19:52]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-20 9996320]

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [bU]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-02-06 860192]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-03-10 76360]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-03-10 2008640]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2849859

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0813&m=easynote_lm82&r=27360910t8b6l0450z175f47n1b444

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Alwin\AppData\Roaming\Mozilla\Firefox\Profiles\hzm1h8xu.default\

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: SwiftTabs: {5F4EC95A-FFA8-11DE-898C-667D55D89593} - %profile%\extensions\{5F4EC95A-FFA8-11DE-898C-667D55D89593}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

FF - Ext: BittorrentBar_NL Community Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - %profile%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}

FF - Ext: BitDefender Antiphishing Toolbar: FFToolbar@bitdefender.com - c:\program files\BitDefender\BitDefender 2011\bdaphffext

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

AddRemove-BittorrentBar_NL Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1132162624-2952537014-1726247241-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1132162624-2952537014-1726247241-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-03-20 21:43:20

ComboFix-quarantined-files.txt 2011-03-20 20:43

ComboFix2.txt 2011-03-12 22:51

ComboFix3.txt 2011-03-06 11:28

ComboFix4.txt 2011-03-05 16:39

.

Pre-Run: 119.373.615.104 bytes beschikbaar

Post-Run: 119.479.812.096 bytes beschikbaar

.

- - End Of File - - 59BC5ED0379B258A37349E3AC757CA0A

------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:45:17, on 20/03/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16722)

Boot mode: Normal

Running processes:

C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849859

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10302 bytes

[kape]

Combofix heeft correct gewerkt ... bij HiJackThis mag je nog even het volgende herhalen :

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSour...ctid=CT2849859

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

Klik op 'Fix checked' om de items te verwijderen. En hoe is de toestand dan nu ?

[sparre]

HiJackThis heeft gedraaid en de geselecteerde objecten zijn aangeduid.

Toch zijn er enkele dingen die niet verwijderd kunnen worden namelijk:

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

-------------------------------------------------------------------------------------------------------------------------------------

Hierbij word et het logje is meegegeven:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:00:28, on 5/03/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16722)

Boot mode: Normal

Running processes:

C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll

O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe

O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11891 bytes

[kape]

Dit is allemaal OK. In tegenstelling tot je melding is die BingBar wel degelijk uit je nieuwe logje verdwenen. Het lijkt dus prima verlopen te zijn. Nu komt opnieuw de vraag : hoe gedraagt de PC zich nu (wat snelheid en uitvallen betreft) ?