Pc blokkeerd volledig na +-5 minuten na systeemherstel

ultraking x2 · 15 augustus 2011

Ik heb ongeveer een uur geleden gevraagd hoe ik een directx probleem kon oplossen, een systeemherstel zou de oplossing zijn. Ik heb mijn pc naar 4 dagen geleden teruggezet, 3 dagen voor het probleem zich voordeed. Na mijn systeemherstel leek alles goed te werken maar opeens bevroor het scherm, ik kon ook geen ctrl alt delete gebruiken. Dan heb ik de stroom uitgezet en opnieuw opgestart en iedere keer opnieuw blokkeert de pc na 5 a 6 minuten na het opstarten. Niet alleen als ik directx toepassingen open maar ook gewoon als ik alleen internet explorer open heb staan. Daarna lijkt mijn scherm uit te vallen en komt er een melding van het scherm dat hij geen bronsignaal heeft. Nogtans 4 dagen geleden, het moment waarnaar ik het systeem hersteld heb hab ik geen enkel probleem. Ook in veilige modus heb ik geen problemen maar daar krij ik avg en mcafee niet geopend om een virusscan uit te voeren

15 augustus 2011 aangepast door ultraking x2

Kurtt · 15 augustus 2011

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis.

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.

2. Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Bijlage 12634)

Dit (KLIK) filmpje kan je ook helpen om een hijackthis logje te plaatsen.

3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

ultraking x2 · 16 augustus 2011

Dit is de log in veilige modus, hier heb ik geen probleem:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:04:11, on 16/08/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Safe mode with network support

Running processes:

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - (no file)

R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)

R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)

R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

F2 - REG:system.ini: UserInit=C:\Users\Bart\AppData\Roaming\svchost.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\LaunchApp.exe

O4 - HKLM\..\Run: [OSD] C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe

O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\WinDir\svchost.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\WinDir\svchost.exe

O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\WinDir\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\WinDir\svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Free YouTube Download - C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.21.0.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: QueryExplorer Service - Unknown owner - C:\ProgramData\QueryExplorer\queryexplorer117.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 17226 bytes

Deze is van +- 1 minuut na het opstarten van normale modus:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:15:53, on 16/08/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - (no file)

R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)

R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)

R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

F2 - REG:system.ini: UserInit=C:\Users\Bart\AppData\Roaming\svchost.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\LaunchApp.exe

O4 - HKLM\..\Run: [OSD] C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe

O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\WinDir\svchost.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\WinDir\svchost.exe

O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\WinDir\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\WinDir\svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Free YouTube Download - C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.21.0.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: QueryExplorer Service - Unknown owner - C:\ProgramData\QueryExplorer\queryexplorer117.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 18354 bytes

En deze is van +- 5 minuten na het opstarten van normale modus, ongeveer 1 minuut voor het 'bevriezen' van de pc:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:19:31, on 16/08/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\HijackThis\HijackThis.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HP | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HP | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - (no file)

R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)

R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)

R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

F2 - REG:system.ini: UserInit=C:\Users\Bart\AppData\Roaming\svchost.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\LaunchApp.exe

O4 - HKLM\..\Run: [OSD] C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe

O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\WinDir\svchost.exe

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\WinDir\svchost.exe

O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\WinDir\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\WinDir\svchost.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: Free YouTube Download - C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.21.0.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: QueryExplorer Service - Unknown owner - C:\ProgramData\QueryExplorer\queryexplorer117.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 18473 bytes

Ik hoop dat hiermee het probleem opgelost kan worden

kape · 16 augustus 2011

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc stop MyWebSearchService

Druk op Enter.

Ga naar Start – Uitvoeren/Zoekopdracht en tik in: sc delete MyWebSearchService

Druk op Enter.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {a8864317-e18b-4292-99d9-e6e65ab905d3} - (no file)

R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)

R3 - URLSearchHook: (no name) - {ad708c09-d51b-45b3-9d28-4eba2681febf} - (no file)

R3 - URLSearchHook: (no name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

F2 - REG:system.ini: UserInit=C:\Users\Bart\AppData\Roaming\svchost.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre0.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (file missing)

O4 - HKLM\..\Run: [HKLM] C:\Windows\system32\WinDir\svchost.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w /h

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [PATHPILOT] C:\Program Files (x86)\Aktiv MP3 Recorder\Aktiv MP3 Recorder.lnk

O4 - HKCU\..\Run: [HKCU] C:\Windows\system32\WinDir\svchost.exe

O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\WinDir\svchost.exe

O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\WinDir\svchost.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

ultraking x2 · 16 augustus 2011

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Databaseversie

: 7478

Windows 6.1.7601 Service Pack 1 (Safe Mode)

Internet Explorer 9.0.8112.16421

16/08/2011 16:42:38

mbam-log-2011-08-16 (16-42-38).txt

Scantype: Snelle scan

Objecten gescand: 178132

Verstreken tijd: 2 minuut/minuten, 39 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 143

Registerwaarden geïnfecteerd: 5

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 26

Bestanden geïnfecteerd: 86

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QueryExplorer Service (Adware.QueryExplorer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{KYLC55S3-M753-5UTV-Y5C7-1C1Y33FX10NP} (Backdoor.SpyNet) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{KYLC55S3-M753-5UTV-Y5C7-1C1Y33FX10NP} (Backdoor.SpyNet) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790574B576545231AD92 (Malware.Trace) -> Value: SRS_IT_E8790574B576545231AD92 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

c:\programdata\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\clickpotatolite (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files (x86)\clickpotatolite\bin (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files (x86)\clickpotatolite\bin\10.0.536.0 (Adware.ClickPotato) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\firefox (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\firefox\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:

c:\programdata\queryexplorer\queryexplorer117.exe (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.

c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.

c:\Windows\System32\WinDir\svchost.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully.

c:\Windows\SysWOW64\WinDir\svchost.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\firefox\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\firefox\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\firefox\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\firefox\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

En dit is de hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:49:53, on 16/08/2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe

C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_BE&c=94&bd=Pavilion&pf=cndt

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_BE&c=94&bd=Pavilion&pf=cndt

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\LaunchApp.exe

O4 - HKLM\..\Run: [OSD] C:\Program Files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe

O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

O4 - HKLM\..\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"

O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent

O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup

O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O8 - Extra context menu item: Free YouTube Download - C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_client_4.4.21.0.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab

O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab

O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} (Battlefield Play4Free Updater) - https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15212 bytes

16 augustus 2011 aangepast door ultraking x2

kape · 16 augustus 2011

Malwarebytes heeft een berg rotzooi van je PC gehaald. Logje HijackThis ziet er (bijna) goed uit. Doe nu eerst het volgende :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

ultraking x2 · 16 augustus 2011

Ok, hier is de log:

ComboFix 11-08-16.02 - Bart 16/08/2011 17:41:54.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4095.2797 [GMT 2:00]

Gestart vanuit: c:\users\Bart\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\program files (x86)\steam\Steam.exe

c:\program files (x86)\WinPCap

c:\program files (x86)\WinPCap\daemon_mgm.exe

c:\program files (x86)\WinPCap\INSTALL.LOG

c:\program files (x86)\WinPCap\npf_mgm.exe

c:\program files (x86)\WinPCap\rpcapd.exe

c:\program files (x86)\WinPCap\Uninstall.exe

c:\users\Bart\AppData\Roaming\Microsoft\~DFK11bc8cf.tmp

c:\users\Bart\AppData\Roaming\Microsoft\1eaadjc.dll

c:\users\Bart\AppData\Roaming\Microsoft\bass.dll

c:\users\Bart\AppData\Roaming\Microsoft\kfgresk.dll

c:\users\Bart\AppData\Roaming\Microsoft\mjcriu.dll

c:\users\Bart\AppData\Roaming\Microsoft\peaadje.dll

c:\users\Bart\AppData\Roaming\Microsoft\qwadjb.dll

c:\users\Bart\AppData\Roaming\Microsoft\rsaadjd.dll

c:\windows\SysWow64\drivers\npf.sys

c:\windows\SysWow64\f3PSSavr.scr

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\system

c:\windows\SysWow64\windir

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_NPF

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-07-16 to 2011-08-16 ))))))))))))))))))))))))))))))

.

.

2011-08-16 14:29 . 2011-08-16 14:29 -------- d-----w- c:\users\Bart\AppData\Roaming\Malwarebytes

2011-08-16 14:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-16 14:29 . 2011-08-16 14:29 -------- d-----w- c:\programdata\Malwarebytes

2011-08-16 14:29 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-16 14:29 . 2011-08-16 14:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-16 11:02 . 2011-08-16 14:49 -------- d-----w- C:\HijackThis

2011-08-14 17:53 . 2011-08-14 17:53 -------- d-----w- c:\users\Public\CyberLink

2011-08-10 16:53 . 2011-07-16 05:41 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-30 11:23 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-07-30 11:23 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-07-30 11:23 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-07-28 20:33 . 2011-07-28 20:34 -------- d-----w- c:\programdata\Solidshield

2011-07-28 20:28 . 2011-07-28 20:28 -------- d-----w- c:\users\Bart\AppData\Roaming\Origin

2011-07-28 20:28 . 2011-07-28 20:28 -------- d-----w- c:\users\Bart\AppData\Local\Origin

2011-07-28 20:27 . 2011-07-28 20:27 -------- d-----w- c:\program files (x86)\Origin Games

2011-07-28 20:27 . 2011-07-28 20:27 -------- d-----w- c:\program files (x86)\Origin

2011-07-28 20:25 . 2011-07-28 20:25 -------- d-----w- c:\users\Bart\AppData\Local\Electronic Arts

2011-07-28 20:25 . 2011-08-15 18:08 -------- d-----w- c:\programdata\Origin

2011-07-28 20:25 . 2011-07-28 20:28 -------- d-----w- c:\programdata\Electronic Arts

2011-07-25 19:38 . 2011-07-25 20:46 -------- d-----w- c:\users\Bart\AppData\Roaming\Filter Forge

2011-07-25 15:40 . 2011-07-25 15:41 -------- d-----w- c:\program files (x86)\4D anaglyph

2011-07-24 15:54 . 2011-07-24 15:54 -------- d-----w- c:\users\Bart\AppData\Roaming\Blender Foundation

2011-07-24 15:49 . 2011-07-24 15:49 -------- d-----w- c:\users\Bart\.thumbnails

2011-07-24 15:48 . 2011-07-24 15:48 -------- d-----w- c:\program files (x86)\Blender Foundation

2011-07-23 14:39 . 2011-07-23 14:39 -------- d-----w- c:\users\Bart\AppData\Local\Apps

2011-07-22 14:27 . 2008-06-10 07:19 819 ----a-w- c:\windows\SysWow64\regpackages.bat

2011-07-22 14:27 . 2008-06-10 07:19 2682880 ----a-w- c:\windows\SysWow64\vcredist_x86.exe

2011-07-22 14:26 . 2011-07-24 15:24 -------- d-----w- C:\trueSpace7

2011-07-21 19:46 . 2011-07-21 19:47 -------- d-----w- c:\users\Bart\AppData\Roaming\MonoDevelop-Unity

2011-07-21 19:32 . 2011-07-21 19:34 -------- d-----w- c:\program files (x86)\Unity

2011-07-21 19:08 . 2011-07-21 20:08 -------- d-----w- c:\users\Bart\AppData\Roaming\PACE Anti-Piracy

2011-07-21 19:08 . 2011-07-21 20:08 -------- d-----w- c:\programdata\PACE Anti-Piracy

2011-07-21 19:08 . 2011-07-21 19:08 -------- d-----w- c:\users\Bart\AppData\Local\PACE Anti-Piracy

2011-07-21 19:08 . 2011-07-21 19:08 -------- d-----w- c:\program files (x86)\Common Files\PACE Anti-Piracy

2011-07-21 13:51 . 2011-07-21 20:14 -------- d-----w- c:\users\Bart\AppData\Roaming\Unity

2011-07-21 13:34 . 2011-07-21 23:22 -------- d-----w- c:\users\Bart\AppData\Local\Unity

2011-07-21 11:17 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-13 18:18 . 2010-04-30 15:36 270856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-08-13 18:18 . 2010-04-29 17:39 270856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-08-13 18:14 . 2010-04-29 17:39 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-08-13 17:14 . 2010-04-29 17:39 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-07-16 04:26 . 2011-08-10 16:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-03 21:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-07-03 21:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-30 16:34 . 2011-06-10 18:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-16 20:24 . 2011-04-10 12:59 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2011-06-10 23:58 . 2011-06-10 23:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll

2011-06-10 23:58 . 2011-06-10 23:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll

2011-06-10 23:58 . 2011-06-10 23:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll

2011-06-10 23:58 . 2011-06-10 23:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll

2011-06-10 23:58 . 2011-06-10 23:58 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll

2011-06-10 23:58 . 2011-06-10 23:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll

2011-06-10 23:58 . 2011-06-10 23:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll

2011-06-10 23:58 . 2011-06-10 23:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll

2011-06-10 23:58 . 2011-06-10 23:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll

2011-06-10 23:58 . 2011-06-10 23:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll

2011-06-10 23:58 . 2011-06-10 23:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll

2011-06-10 23:58 . 2011-06-10 23:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll

2011-06-10 23:58 . 2011-06-10 23:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll

2011-06-10 23:58 . 2011-06-10 23:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll

2011-06-10 23:58 . 2011-06-10 23:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2011-06-10 23:58 . 2011-06-10 23:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll

2011-06-10 23:58 . 2011-06-10 23:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll

2011-06-10 23:58 . 2011-06-10 23:58 138056 ----a-w- c:\windows\SysWow64\atl100.dll

2011-06-10 23:15 . 2011-06-10 23:15 93008 ----a-w- c:\windows\system32\mfcm100u.dll

2011-06-10 23:15 . 2011-06-10 23:15 93008 ----a-w- c:\windows\system32\mfcm100.dll

2011-06-10 23:15 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll

2011-06-10 23:15 . 2011-06-10 23:15 64336 ----a-w- c:\windows\system32\mfc100fra.dll

2011-06-10 23:15 . 2011-06-10 23:15 64336 ----a-w- c:\windows\system32\mfc100deu.dll

2011-06-10 23:15 . 2011-06-10 23:15 63824 ----a-w- c:\windows\system32\mfc100esn.dll

2011-06-10 23:15 . 2011-06-10 23:15 62288 ----a-w- c:\windows\system32\mfc100ita.dll

2011-06-10 23:15 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll

2011-06-10 23:15 . 2011-06-10 23:15 60752 ----a-w- c:\windows\system32\mfc100rus.dll

2011-06-10 23:15 . 2011-06-10 23:15 57168 ----a-w- c:\windows\system32\vcomp100.dll

2011-06-10 23:15 . 2011-06-10 23:15 5601616 ----a-w- c:\windows\system32\mfc100u.dll

2011-06-10 23:15 . 2011-06-10 23:15 5574984 ----a-w- c:\windows\system32\mfc100.dll

2011-06-10 23:15 . 2011-06-10 23:15 55120 ----a-w- c:\windows\system32\mfc100enu.dll

2011-06-10 23:15 . 2011-06-10 23:15 43856 ----a-w- c:\windows\system32\mfc100jpn.dll

2011-06-10 23:15 . 2011-06-10 23:15 43344 ----a-w- c:\windows\system32\mfc100kor.dll

2011-06-10 23:15 . 2011-06-10 23:15 36176 ----a-w- c:\windows\system32\mfc100cht.dll

2011-06-10 23:15 . 2011-06-10 23:15 36176 ----a-w- c:\windows\system32\mfc100chs.dll

2011-06-10 23:15 . 2011-06-10 23:15 158536 ----a-w- c:\windows\system32\atl100.dll

2011-06-10 18:08 . 2011-06-10 18:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-06-10 18:05 . 2011-06-10 18:05 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-06 21:55 . 2011-06-06 21:55 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-06 21:55 . 2011-06-06 21:55 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-06 21:55 . 2011-06-06 21:55 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-06 21:55 . 2011-06-06 21:55 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-06 21:55 . 2011-06-06 21:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-06 21:55 . 2011-06-06 21:55 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-06 21:55 . 2011-06-06 21:55 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-06 21:55 . 2011-06-06 21:55 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-06 21:55 . 2011-06-06 21:55 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-06 21:55 . 2011-06-06 21:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-06 21:55 . 2011-06-06 21:55 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-06 21:55 . 2011-06-06 21:55 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-06 21:55 . 2011-06-06 21:55 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-06 21:55 . 2011-06-06 21:55 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-06 21:55 . 2011-06-06 21:55 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-06 21:55 . 2011-06-06 21:55 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-06 21:55 . 2011-06-06 21:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-06 21:55 . 2011-06-06 21:55 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-06 21:55 . 2011-06-06 21:55 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-06 21:55 . 2011-06-06 21:55 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-06 21:55 . 2011-06-06 21:55 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-06 21:55 . 2011-06-06 21:55 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-06 21:55 . 2011-06-06 21:55 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-06 21:55 . 2011-06-06 21:55 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-06 21:55 . 2011-06-06 21:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-06 21:55 . 2011-06-06 21:55 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-06 21:55 . 2011-06-06 21:55 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-06 21:55 . 2011-06-06 21:55 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-06 21:55 . 2011-06-06 21:55 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-06 21:55 . 2011-06-06 21:55 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-06 21:55 . 2011-06-06 21:55 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-06 21:55 . 2011-06-06 21:55 448512 ----a-w- c:\windows\system32\html.iec

2011-06-06 21:55 . 2011-06-06 21:55 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-06 21:55 . 2011-06-06 21:55 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-06 21:55 . 2011-06-06 21:55 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-06 21:55 . 2011-06-06 21:55 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-05 14:24 . 2011-06-05 14:24 16384 ----a-w- c:\users\Bart\AppData\Roaming\Black Ops First Strike DLC Crack.exe

2011-05-24 11:42 . 2011-06-29 14:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 14:42 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 14:42 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 14:42 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 14:42 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-04-14 17:33 . 2011-04-14 16:36 3325396862 ----a-w- c:\program files (x86)\Autodesk_3ds_Max_2012_English_Win_32-64bit.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-03-18 06:11 2471240 ----a-w- c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-31 39408]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-30 3077528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\LaunchApp.exe" [2009-03-30 364032]

"OSD"="c:\program files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe" [2009-03-30 282624]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R0 AFS;AFS; [x]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 135664]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-03-18 947528]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 135664]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-06-08 16392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 X6va005;X6va005;c:\users\Bart\AppData\Local\Temp\0052E9E.tmp [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [x]

S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]

S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]

S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-10-27 308136]

S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2010-11-24 2331544]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-09-30 192512]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]

S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-10-27 132688]

S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-10-27 35920]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 14:57]

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 14:57]

.

2011-08-13 c:\windows\Tasks\Norton Security Scan for Bart.job

- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-05 07:48]

.

2010-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF4378.cfxxe" [X]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\avgrssta.dll

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_BE&c=94&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube Download - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab

FF - ProfilePath - c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9a175e&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - %profile%\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}

FF - Ext: Download Energy Community Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - %profile%\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}

FF - Ext: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - %profile%\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared

.

- - - - ORPHANS VERWIJDERD - - - -

.

Wow6432Node-HKCU-Run-Steam - c:\program files (x86)\steam\steam.exe

Wow6432Node-HKCU-Run-Raptr - c:\progra~2\Raptr\raptrstub.exe

Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

Wow6432Node-HKCU-Run-LightScribe Control Panel - c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

Wow6432Node-HKLM-Run-NPSStartup - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)

WebBrowser-{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-Raptr - c:\program files (x86)\Raptr\uninstall.exe

AddRemove-Steam App 10180 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 10190 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 42700 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 42710 - c:\program files (x86)\Steam\steam.exe

AddRemove-Steam App 42720 - c:\program files (x86)\Steam\steam.exe

AddRemove-Vuze_Remote Toolbar - c:\progra~2\VUZE_R~1\UNINST~1.EXE

AddRemove-WinPcapInst - c:\program files (x86)\WinPcap\Uninstall.exe

AddRemove-{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1 - c:\program files (x86)\Electronic Arts\Need For Speed World\unins000.exe

AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe

AddRemove-UnityWebPlayer - c:\users\Bart\AppData\Local\Unity\WebPlayer\Uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Bart\AppData\Local\Temp\0052E9E.tmp"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-655944472-1819512661-3377800763-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BD037FD-720A-A701-FF7A-8BBE184B5B72}*]

"hajenhoephfliemk"=hex:6a,61,70,61,6a,63,6f,62,67,70,6b,61,63,67,6c,68,69,6e,

6e,6f,00,01

"iadfdbnhjlkfdfpafo"=hex:6a,61,70,61,6a,63,6f,62,67,70,6b,61,63,67,6c,68,69,6e,

6e,6f,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3BD037FD-720A-A701-FF7A-8BBE184B5B72}\InProcServer32*]

"jandiddencokpannkdhc"=hex:6a,61,70,61,6a,63,6f,62,67,70,6b,61,63,67,6c,68,69,

6e,6e,6f,00,ce

"iandcmpmhemjfmfghi"=hex:6a,61,70,61,6a,63,6f,62,67,70,6b,61,63,67,6c,68,69,6e,

6e,6f,00,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

.

**************************************************************************

.

Voltooingstijd: 2011-08-16 17:55:51 - machine werd herstart

ComboFix-quarantined-files.txt 2011-08-16 15:55

.

Pre-Run: 348.420.751.360 bytes beschikbaar

Post-Run: 347.700.166.656 bytes beschikbaar

.

- - End Of File - - 799EF9B00180C8C58CFDE411E2DA8671

Het is wel raar dat hij steam heeft verwijdert, daar zouden toch geen malware in kunnen zitten?

kape · 16 augustus 2011

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]

"ImagePath"=-

Driver::

AFS

Firefox::

FF - ProfilePath - c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage -

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - %profile%\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}

FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

ultraking x2 · 16 augustus 2011

De pc blokkeert al niet meer spontaan, het probleem is dus ongeveer opgelost

Hier is het combofix.txt bestand:

ComboFix 11-08-16.02 - Bart 16/08/2011 20:03:26.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4095.2902 [GMT 2:00]

Gestart vanuit: c:\users\Bart\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Bart\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Steam\Steam.exe

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome.manifest

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\chrome\freesoundrecorder.jar

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\ConduitAutoCompleteSearch.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\ConduitAutoCompleteSearch.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\ConduitToolbar.idl

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\ConduitToolbar.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\ConduitToolbar.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\FFExternalAlert.dll

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\FFExternalAlert.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\RadioWMPCore.dll

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\components\RadioWMPCore.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\defaults\default_radio_skin.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\defaults\fbAlert.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\install.rdf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\lib\xpcom.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\META-INF\manifest.mf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\META-INF\zigbert.rsa

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\META-INF\zigbert.sf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\searchplugin\conduit.gif

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\searchplugin\conduit.ico

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\searchplugin\conduit.PNG

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\searchplugin\conduit.src

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\searchplugin\conduit.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}\version.txt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome.manifest

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\chrome\vuze_remote.jar

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitAutoCompleteSearch.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitAutoCompleteSearch.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitToolbar.idl

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitToolbar.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\ConduitToolbar.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\alertSettingsComponent.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\appContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\engineContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\engineSettings.json

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\fbAlert.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\getAppsContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\postAppsContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\toolbarContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\defaults\unsharedAppsContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\INSTALL.LOG

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\install.rdf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\lib\xpcom.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF\manifest.mf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF\zigbert.rsa

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\META-INF\zigbert.sf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.gif

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.ico

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.PNG

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.src

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\searchplugin\conduit.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\setup.ini

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\version.txt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\chrome.manifest

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\chrome\conduitengine.jar

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\components\ConduitToolbar.idl

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\components\ConduitToolbar.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\components\RadioWMPCore.dll

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\appContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\engineSettings.json

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\fbAlert.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\DualPackage\install.rdf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\install.rdf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\lib\xpcom.js

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\META-INF\manifest.mf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\META-INF\zigbert.rsa

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\META-INF\zigbert.sf

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\searchplugin\conduit.gif

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\searchplugin\conduit.ico

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\searchplugin\conduit.PNG

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\searchplugin\conduit.src

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\searchplugin\conduit.xml

c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\extensions\engine@conduit.com\version.txt

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_AFS

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-07-16 to 2011-08-16 ))))))))))))))))))))))))))))))

.

.

2011-08-16 18:19 . 2011-08-16 18:19 -------- d-----w- C:\Device

2011-08-16 18:10 . 2011-08-16 18:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-16 16:06 . 2011-08-16 18:10 -------- d-----w- c:\program files (x86)\Steam

2011-08-16 14:29 . 2011-08-16 14:29 -------- d-----w- c:\users\Bart\AppData\Roaming\Malwarebytes

2011-08-16 14:29 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-16 14:29 . 2011-08-16 14:29 -------- d-----w- c:\programdata\Malwarebytes

2011-08-16 14:29 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-16 14:29 . 2011-08-16 14:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-16 11:02 . 2011-08-16 14:49 -------- d-----w- C:\HijackThis

2011-08-14 17:53 . 2011-08-14 17:53 -------- d-----w- c:\users\Public\CyberLink

2011-08-10 16:53 . 2011-07-16 05:41 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-30 11:23 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll

2011-07-30 11:23 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll

2011-07-30 11:23 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll

2011-07-28 20:33 . 2011-07-28 20:34 -------- d-----w- c:\programdata\Solidshield

2011-07-28 20:28 . 2011-07-28 20:28 -------- d-----w- c:\users\Bart\AppData\Roaming\Origin

2011-07-28 20:28 . 2011-07-28 20:28 -------- d-----w- c:\users\Bart\AppData\Local\Origin

2011-07-28 20:27 . 2011-07-28 20:27 -------- d-----w- c:\program files (x86)\Origin Games

2011-07-28 20:27 . 2011-07-28 20:27 -------- d-----w- c:\program files (x86)\Origin

2011-07-28 20:25 . 2011-07-28 20:25 -------- d-----w- c:\users\Bart\AppData\Local\Electronic Arts

2011-07-28 20:25 . 2011-08-15 18:08 -------- d-----w- c:\programdata\Origin

2011-07-28 20:25 . 2011-07-28 20:28 -------- d-----w- c:\programdata\Electronic Arts

2011-07-25 19:38 . 2011-07-25 20:46 -------- d-----w- c:\users\Bart\AppData\Roaming\Filter Forge

2011-07-25 15:40 . 2011-07-25 15:41 -------- d-----w- c:\program files (x86)\4D anaglyph

2011-07-24 15:54 . 2011-07-24 15:54 -------- d-----w- c:\users\Bart\AppData\Roaming\Blender Foundation

2011-07-24 15:49 . 2011-07-24 15:49 -------- d-----w- c:\users\Bart\.thumbnails

2011-07-24 15:48 . 2011-07-24 15:48 -------- d-----w- c:\program files (x86)\Blender Foundation

2011-07-23 14:39 . 2011-07-23 14:39 -------- d-----w- c:\users\Bart\AppData\Local\Apps

2011-07-22 14:27 . 2008-06-10 07:19 819 ----a-w- c:\windows\SysWow64\regpackages.bat

2011-07-22 14:27 . 2008-06-10 07:19 2682880 ----a-w- c:\windows\SysWow64\vcredist_x86.exe

2011-07-22 14:26 . 2011-07-24 15:24 -------- d-----w- C:\trueSpace7

2011-07-21 19:46 . 2011-07-21 19:47 -------- d-----w- c:\users\Bart\AppData\Roaming\MonoDevelop-Unity

2011-07-21 19:32 . 2011-07-21 19:34 -------- d-----w- c:\program files (x86)\Unity

2011-07-21 19:08 . 2011-07-21 20:08 -------- d-----w- c:\users\Bart\AppData\Roaming\PACE Anti-Piracy

2011-07-21 19:08 . 2011-07-21 20:08 -------- d-----w- c:\programdata\PACE Anti-Piracy

2011-07-21 19:08 . 2011-07-21 19:08 -------- d-----w- c:\users\Bart\AppData\Local\PACE Anti-Piracy

2011-07-21 19:08 . 2011-07-21 19:08 -------- d-----w- c:\program files (x86)\Common Files\PACE Anti-Piracy

2011-07-21 13:51 . 2011-07-21 20:14 -------- d-----w- c:\users\Bart\AppData\Roaming\Unity

2011-07-21 13:34 . 2011-07-21 23:22 -------- d-----w- c:\users\Bart\AppData\Local\Unity

2011-07-21 11:17 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-13 18:18 . 2010-04-30 15:36 270856 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2011-08-13 18:18 . 2010-04-29 17:39 270856 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2011-08-13 18:14 . 2010-04-29 17:39 218496 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2011-08-13 17:14 . 2010-04-29 17:39 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2011-07-16 04:26 . 2011-08-10 16:53 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-03 21:13 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-07-03 21:13 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-06-30 16:34 . 2011-06-10 18:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-06-16 20:24 . 2011-04-10 12:59 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll

2011-06-10 23:58 . 2011-06-10 23:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll

2011-06-10 23:58 . 2011-06-10 23:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll

2011-06-10 23:58 . 2011-06-10 23:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll

2011-06-10 23:58 . 2011-06-10 23:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll

2011-06-10 23:58 . 2011-06-10 23:58 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll

2011-06-10 23:58 . 2011-06-10 23:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll

2011-06-10 23:58 . 2011-06-10 23:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll

2011-06-10 23:58 . 2011-06-10 23:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll

2011-06-10 23:58 . 2011-06-10 23:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll

2011-06-10 23:58 . 2011-06-10 23:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll

2011-06-10 23:58 . 2011-06-10 23:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll

2011-06-10 23:58 . 2011-06-10 23:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll

2011-06-10 23:58 . 2011-06-10 23:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll

2011-06-10 23:58 . 2011-06-10 23:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll

2011-06-10 23:58 . 2011-06-10 23:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2011-06-10 23:58 . 2011-06-10 23:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll

2011-06-10 23:58 . 2011-06-10 23:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll

2011-06-10 23:58 . 2011-06-10 23:58 138056 ----a-w- c:\windows\SysWow64\atl100.dll

2011-06-10 23:15 . 2011-06-10 23:15 93008 ----a-w- c:\windows\system32\mfcm100u.dll

2011-06-10 23:15 . 2011-06-10 23:15 93008 ----a-w- c:\windows\system32\mfcm100.dll

2011-06-10 23:15 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll

2011-06-10 23:15 . 2011-06-10 23:15 64336 ----a-w- c:\windows\system32\mfc100fra.dll

2011-06-10 23:15 . 2011-06-10 23:15 64336 ----a-w- c:\windows\system32\mfc100deu.dll

2011-06-10 23:15 . 2011-06-10 23:15 63824 ----a-w- c:\windows\system32\mfc100esn.dll

2011-06-10 23:15 . 2011-06-10 23:15 62288 ----a-w- c:\windows\system32\mfc100ita.dll

2011-06-10 23:15 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll

2011-06-10 23:15 . 2011-06-10 23:15 60752 ----a-w- c:\windows\system32\mfc100rus.dll

2011-06-10 23:15 . 2011-06-10 23:15 57168 ----a-w- c:\windows\system32\vcomp100.dll

2011-06-10 23:15 . 2011-06-10 23:15 5601616 ----a-w- c:\windows\system32\mfc100u.dll

2011-06-10 23:15 . 2011-06-10 23:15 5574984 ----a-w- c:\windows\system32\mfc100.dll

2011-06-10 23:15 . 2011-06-10 23:15 55120 ----a-w- c:\windows\system32\mfc100enu.dll

2011-06-10 23:15 . 2011-06-10 23:15 43856 ----a-w- c:\windows\system32\mfc100jpn.dll

2011-06-10 23:15 . 2011-06-10 23:15 43344 ----a-w- c:\windows\system32\mfc100kor.dll

2011-06-10 23:15 . 2011-06-10 23:15 36176 ----a-w- c:\windows\system32\mfc100cht.dll

2011-06-10 23:15 . 2011-06-10 23:15 36176 ----a-w- c:\windows\system32\mfc100chs.dll

2011-06-10 23:15 . 2011-06-10 23:15 158536 ----a-w- c:\windows\system32\atl100.dll

2011-06-10 18:08 . 2011-06-10 18:08 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-06-10 18:05 . 2011-06-10 18:05 525544 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-06 21:55 . 2011-06-06 21:55 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-06-06 21:55 . 2011-06-06 21:55 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-06-06 21:55 . 2011-06-06 21:55 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-06-06 21:55 . 2011-06-06 21:55 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-06-06 21:55 . 2011-06-06 21:55 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-06-06 21:55 . 2011-06-06 21:55 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-06-06 21:55 . 2011-06-06 21:55 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-06-06 21:55 . 2011-06-06 21:55 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-06 21:55 . 2011-06-06 21:55 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-06-06 21:55 . 2011-06-06 21:55 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-06-06 21:55 . 2011-06-06 21:55 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-06-06 21:55 . 2011-06-06 21:55 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-06-06 21:55 . 2011-06-06 21:55 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-06-06 21:55 . 2011-06-06 21:55 222208 ----a-w- c:\windows\system32\msls31.dll

2011-06-06 21:55 . 2011-06-06 21:55 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-06-06 21:55 . 2011-06-06 21:55 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-06-06 21:55 . 2011-06-06 21:55 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-06-06 21:55 . 2011-06-06 21:55 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-06-06 21:55 . 2011-06-06 21:55 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-06-06 21:55 . 2011-06-06 21:55 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-06-06 21:55 . 2011-06-06 21:55 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-06 21:55 . 2011-06-06 21:55 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-06-06 21:55 . 2011-06-06 21:55 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-06-06 21:55 . 2011-06-06 21:55 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-06 21:55 . 2011-06-06 21:55 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-06 21:55 . 2011-06-06 21:55 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-06 21:55 . 2011-06-06 21:55 12288 ----a-w- c:\windows\system32\mshta.exe

2011-06-06 21:55 . 2011-06-06 21:55 114176 ----a-w- c:\windows\system32\admparse.dll

2011-06-06 21:55 . 2011-06-06 21:55 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-06 21:55 . 2011-06-06 21:55 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-06-06 21:55 . 2011-06-06 21:55 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-06-06 21:55 . 2011-06-06 21:55 448512 ----a-w- c:\windows\system32\html.iec

2011-06-06 21:55 . 2011-06-06 21:55 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-06 21:55 . 2011-06-06 21:55 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-06-06 21:55 . 2011-06-06 21:55 160256 ----a-w- c:\windows\system32\wextract.exe

2011-06-06 21:55 . 2011-06-06 21:55 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-05 14:24 . 2011-06-05 14:24 16384 ----a-w- c:\users\Bart\AppData\Roaming\Black Ops First Strike DLC Crack.exe

2011-05-24 11:42 . 2011-06-29 14:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-24 10:40 . 2011-06-29 14:42 64512 ----a-w- c:\windows\SysWow64\devobj.dll

2011-05-24 10:40 . 2011-06-29 14:42 44544 ----a-w- c:\windows\SysWow64\devrtl.dll

2011-05-24 10:39 . 2011-06-29 14:42 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll

2011-05-24 10:37 . 2011-06-29 14:42 252928 ----a-w- c:\windows\SysWow64\drvinst.exe

2011-04-14 17:33 . 2011-04-14 16:36 3325396862 ----a-w- c:\program files (x86)\Autodesk_3ds_Max_2012_English_Win_32-64bit.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-16_15.49.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-01 00:55 . 2011-08-16 15:52 68986 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-08-16 16:26 31150 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-12-30 08:19 . 2011-08-16 16:26 25420 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-655944472-1819512661-3377800763-1000_UserData.bin

- 2009-12-30 07:41 . 2011-08-07 15:26 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-30 07:41 . 2011-08-16 16:45 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-12-30 07:41 . 2011-08-16 16:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-30 07:41 . 2011-08-07 15:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-08-07 15:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-08-16 16:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-08-16 16:19 . 2011-08-16 16:19 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll

- 2011-08-16 15:49 . 2011-08-16 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-16 18:21 . 2011-08-16 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-16 18:21 . 2011-08-16 18:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-08-16 15:49 . 2011-08-16 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-12-30 10:53 . 2011-08-16 17:56 366152 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 05:01 . 2011-08-16 15:48 414712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2011-08-16 18:20 414712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-08-16 18:11 . 2011-08-16 18:11 241664 c:\windows\ERDNT\subs\NTUSER.DAT

+ 2011-08-12 19:03 . 2011-08-12 19:03 888320 c:\windows\assembly\temp\NWAXL7BLPM\System.DirectoryServices.AccountManagement.ni.dll

+ 2011-08-12 18:41 . 2011-08-12 18:41 442880 c:\windows\assembly\temp\HTPFPN7Q30\ehiProxy.ni.dll

+ 2011-08-12 18:42 . 2011-08-12 18:42 839680 c:\windows\assembly\temp\5ZY4HSUIYK\Microsoft.Build.Engine.ni.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll

+ 2011-08-16 16:05 . 2011-08-16 16:05 1606656 c:\windows\Installer\ca085.msi

+ 2011-08-12 19:08 . 2011-08-12 19:08 2011136 c:\windows\assembly\temp\Y0DIAA6X03\System.Speech.ni.dll

+ 2011-08-12 19:08 . 2011-08-12 19:08 2452480 c:\windows\assembly\temp\W3TPWKYFG1\Microsoft.JScript.ni.dll

+ 2011-08-12 19:04 . 2011-08-12 19:04 2698752 c:\windows\assembly\temp\T208QT6SYR\Microsoft.Data.Schema.ni.dll

+ 2011-08-12 19:05 . 2011-08-12 19:05 1360896 c:\windows\assembly\temp\SITP3KBP89\Microsoft.VisualStudio.Project.Contracts.Implementation.ni.dll

+ 2011-08-12 18:42 . 2011-08-12 18:42 1888768 c:\windows\assembly\temp\ROE94YXWQN\Microsoft.Build.Engine.ni.dll

+ 2011-08-12 19:05 . 2011-08-12 19:05 1291264 c:\windows\assembly\temp\QZEYZGC8I3\Microsoft.VisualStudio.Shell.ViewManager.ni.dll

+ 2011-08-12 19:05 . 2011-08-12 19:05 2330112 c:\windows\assembly\temp\KVCTZ3TCHR\Microsoft.VisualStudio.Platform.WindowManagement.ni.dll

+ 2011-08-12 19:05 . 2011-08-12 19:05 1852416 c:\windows\assembly\temp\HN8DFHWAIV\Microsoft.VisualStudio.Shell.UI.Internal.ni.dll

+ 2011-08-12 19:03 . 2011-08-12 19:03 2403328 c:\windows\assembly\temp\E9EXYEUXLK\System.Web.Extensions.ni.dll

+ 2011-08-12 18:42 . 2011-08-12 18:42 2623488 c:\windows\assembly\temp\BIBIX4ZJ7U\Narrator.ni.exe

+ 2011-08-12 18:43 . 2011-08-12 18:43 2029568 c:\windows\assembly\temp\BF2LXKL7TS\System.Data.Services.ni.dll

+ 2011-08-12 19:03 . 2011-08-12 19:03 1707008 c:\windows\assembly\temp\4BE60A4E44\System.ServiceModel.Web.ni.dll

+ 2011-08-12 19:06 . 2011-08-12 19:06 1478144 c:\windows\assembly\temp\1RO3XN53O1\PresentationBuildTasks.ni.dll

+ 2011-08-12 19:06 . 2011-08-12 19:06 3713024 c:\windows\assembly\temp\0TUUF9OZ3Q\System.Activities.Presentation.ni.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2011-08-16 16:19 . 2011-08-16 16:19 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

- 2010-11-10 19:38 . 2010-11-10 19:38 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll

+ 2010-08-30 21:58 . 2011-08-16 18:20 28230838 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-655944472-1819512661-3377800763-1000-12288.dat

- 2010-08-30 21:58 . 2011-08-16 15:48 28230838 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-655944472-1819512661-3377800763-1000-12288.dat

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-03-18 06:11 2471240 ----a-w- c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-31 39408]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-07-30 3077528]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\LaunchApp.exe" [2009-03-30 364032]

"OSD"="c:\program files (x86)\Hewlett-Packard\KBD\OSD\OSD.exe" [2009-03-30 282624]

"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]

"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\users\Bart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 135664]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-03-18 947528]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 135664]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-06-08 16392]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD-ondersteuning voor afdrukken via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 X6va005;X6va005; [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [x]

S0 AvgRkx64;avgrkx64.sys;c:\windows\System32\Drivers\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\Drivers\avgldx64.sys [x]

S1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\Drivers\avgmfx64.sys [x]

S1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\Drivers\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-10-27 308136]

S2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [2010-11-24 2331544]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-09-30 192512]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]

S3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-10-27 132688]

S3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-10-27 35920]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Inhoud van de 'Gedeelde Taken' map

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 14:57]

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-31 14:57]

.

2011-08-13 c:\windows\Tasks\Norton Security Scan for Bart.job

- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-10-05 07:48]

.

2010-08-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF32184.cfxxe" [X]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\avgrssta.dll

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=nl_BE&c=94&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube Download - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\Bart\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab

FF - ProfilePath - c:\users\Bart\AppData\Roaming\Mozilla\Firefox\Profiles\ojuyhlx5.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c9a175e&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com

FF - Ext: Download Energy Community Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - %profile%\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}

FF - Ext: IncrediMail MediaBar 2 Toolbar: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - %profile%\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}

FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: AVG Security Toolbar em:version=6.103.018.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{A8864317-E18B-4292-99D9-E6E65AB905D3} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{32B29DF0-2237-4370-9A29-37CEBB730E9B} - (no file)

WebBrowser-{AD708C09-D51B-45B3-9D28-4EBA2681FEBF} - (no file)

WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-655944472-1819512661-3377800763-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3BD037FD-720A-A701-FF7A-8BBE184B5B72}*]

"hajenhoephfliemk"=hex:6a,61,70,61,6a,63,6f,62,67,70,6b,61,63,67,6c,68,69,6e,

6e,6f,00,01

"iadfdbnhjlkfdfpafo"=hex:6a,61,70,61,6a,63,6f,62,67,70,6b,61,63,67,6c,68,69,6e,

6e,6f,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3BD037FD-720A-A701-FF7A-8BBE184B5B72}\InProcServer32*]

"jandiddencokpannkdhc"=hex:6a,61,70,61,6a,63,6f,62,67,70,6b,61,63,67,6c,68,69,

6e,6e,6f,00,ce

"iandcmpmhemjfmfghi"=hex:6a,61,70,61,6a,63,6f,62,67,70,6b,61,63,67,6c,68,69,6e,

6e,6f,00,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\AVG\AVG9\avgtray.exe

c:\program files (x86)\Hewlett-Packard\KBD\kbd.exe

.

**************************************************************************

.

Voltooingstijd: 2011-08-16 20:27:12 - machine werd herstart

ComboFix-quarantined-files.txt 2011-08-16 18:27

ComboFix2.txt 2011-08-16 15:55

.

Pre-Run: 368.354.390.016 bytes beschikbaar

Post-Run: 366.654.853.120 bytes beschikbaar

.

- - End Of File - - D973166F3A4B541CFC5932FCD1F6F3E9

kape · 16 augustus 2011

De pc blokkeert al niet meer spontaan, het probleem is dus ongeveer opgelost.

Dat klinkt goed

Bekijk het nog even of het ook zo blijft.

Ondertussen mag je Combofix al verwijderen en wat cleanen.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Inloggen

Pc blokkeerd volledig na +-5 minuten na systeemherstel

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie