Ga naar inhoud

Windows verkenner?


The_Moment

Aanbevolen berichten

Goeiedag

2 maanden geleden heb ik de Acer s3 aangekocht, een hele goede laptop en heb er nog geen problemen mee gehad, tot 2 dagen geleden.

Als ik mijn laptop opstart, gaat dit zoals gewoonlijk heel vlot tot ik op mijn bureaublad terechtkom. ik kan geen programma's openen, en als ik ergens op klik duurt het zo'n 3 minuten voordat het opent. Bovendien verandert de status meteen naar 'reageert niet' en mijn taakbalk is ook onbruikbaar. IK heb hem al opgestart in veilige modus, heb mijn Panda eens laten lopen en mijn Pc live ook nog eens een schoonmaak gehouden maar niets lijkt te helpen. Heeft er iemand een idee wat ik kan doen?

P.S. net geprobeerd om hem terug in de tijd te draaien, maar gedurende dat proces blijft hij hangen en is dat dus ook niets. Van zodra hij opstaat heb ik zo'n 5 minuten alvorens ik hem met de knop weer kan uitzetten.

Groeten

Link naar reactie
Delen op andere sites

Dag The_moment. Welkom bij PCH!

We zullen eerst eens nagaan of malware of virussen de oorzaak zijn van je probleem.

1. Download HijackThis. (klik er op)

Klik op HijackThis.msi en de download start automatisch na 5 seconden.

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Als je geen netwerkverbinding meer hebt, kan je de download doen met een andere pc en het bestand met een usb stick overbrengen

Als je enkel nog in veilige modus kan werken, moet je de executable (HijackThis.exe) downloaden.

Sla deze op in een nieuwe map op de C schijf (bvb C:\hijackthis) en start hijackthis dan vanaf deze map.

De logjes kan je dan ook in die map terugvinden.


2. Klik op de snelkoppeling om HijackThis te starten. (lees eerst de rode tekst hieronder!)

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis. (Bekijk hier de afbeelding ---> Klik hier)


3. Na het plaatsen van je logje wordt dit door een expert (Kape of Kweezie Wabbit) nagekeken en begeleidt hij jou verder door het ganse proces.

Tip!

Wil je in woord en beeld weten hoe je een logje met HijackThis maakt en plaatst op het forum, klik dan HIER.

Link naar reactie
Delen op andere sites

Hier is het logje, ook al bedankt voor de hulp tot nu toe!

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:55:25, on 28/08/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Safe mode with network support

Running processes:

C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\Inicio.exe"

O4 - HKLM\..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Lars\AppData\Local\Temp\E_S6D92.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: CurseClientStartup.ccip

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O4 - Global Startup: Acer VCM.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Sleep memory optimizer (FFSOpzSvc) - Acer Incorporated - C:\Program Files\Sleep Memory Optimizer\FFSService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe

O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\pavsrvx86.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda global protection 2012\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PsImSvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PskSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\TPSrvWow.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

--

End of file - 13570 bytes

Link naar reactie
Delen op andere sites

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O4 - Global Startup: Acer VCM.lnk = ?

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... Dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Link naar reactie
Delen op andere sites

Malwarebytes Anti-Malware (-evaluatieversie-) 1.62.0.1300

www.malwarebytes.org

Databaseversie: v2012.08.28.05

Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)

Internet Explorer 9.0.8112.16421

Lars :: LARS-PC [administrator]

Realtime bescherming: Uitgeschakeld

28/08/2012 15:33:52

mbam-log-2012-08-28 (15-33-52).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 193593

Verstreken tijd: 2 minuut/minuten, 33 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

+

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:39:13, on 28/08/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Boot mode: Safe mode with network support

Running processes:

C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\Inicio.exe"

O4 - HKLM\..\Run: [VC10Player] C:\Program Files (x86)\Virtual CD v10\System\VC10Play.exe

O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [EPSON SX230 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHKE.EXE /FU "C:\Users\Lars\AppData\Local\Temp\E_S6D92.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O4 - Startup: CurseClientStartup.ccip

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Sleep memory optimizer (FFSOpzSvc) - Acer Incorporated - C:\Program Files\Sleep Memory Optimizer\FFSService.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Start Technology Service (irstrtsv) - Intel Corporation - C:\Windows\SysWOW64\irstrtsv.exe

O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\pavsrvx86.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files (x86)\panda security\panda global protection 2012\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PsImSvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PskSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\TPSrvWow.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Program Files (x86)\Virtual CD v10\System\VC10SecS.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

--

End of file - 12947 bytes

Link naar reactie
Delen op andere sites

Ziet er allemaal netjes uit. Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Hier is het logje.

ComboFix 12-08-28.01 - Lars 28/08/2012 16:11:44.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3946.3106 [GMT 2:00]

Gestart vanuit: c:\users\Lars\Desktop\ComboFix.exe

AV: Panda Global Protection 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

FW: Panda Personal Firewall 2012 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}

SP: Panda Global Protection 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files (x86)\xfire_installer_45547.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-28 to 2012-08-28 ))))))))))))))))))))))))))))))

.

.

2012-08-28 14:18 . 2012-08-28 14:18 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-28 13:31 . 2012-08-28 13:31 -------- d-----w- c:\users\Lars\AppData\Roaming\Malwarebytes

2012-08-28 13:31 . 2012-08-28 13:31 -------- d-----w- c:\programdata\Malwarebytes

2012-08-28 13:31 . 2012-08-28 13:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-28 13:31 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 13:17 . 2012-08-28 13:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F6B40E1-5C39-44CC-9A8C-6D5239F7F4EA}\offreg.dll

2012-08-28 11:54 . 2012-08-28 13:39 -------- d-----w- C:\Hijack

2012-08-24 10:33 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0F6B40E1-5C39-44CC-9A8C-6D5239F7F4EA}\mpengine.dll

2012-08-16 22:59 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-16 22:52 . 2012-06-24 11:01 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-14 17:46 . 2012-07-05 10:40 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-14 17:46 . 2011-10-21 01:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

2012-06-24 11:27 . 2012-06-24 11:26 32448800 ----a-w- c:\program files (x86)\WoW-4.0.0-WOW-enGB-Installer.exe

2012-06-24 10:45 . 2012-06-24 10:45 15928 ----a-w- c:\windows\system32\drivers\COMFiltr.sys

2012-06-22 09:24 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-16 00:17 . 2012-06-16 00:17 28096 ----a-w- c:\windows\system32\xfcodec64.dll

2012-06-09 05:43 . 2012-07-11 12:40 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-11 12:42 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 12:42 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 12:04 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 12:42 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 12:42 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 12:04 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 09:27 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 09:27 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 09:27 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 09:27 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 09:27 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 09:27 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 09:27 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-22 09:27 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-22 09:27 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 11:35 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 11:35 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 11:35 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 11:35 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 11:35 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 11:35 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 11:35 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 11:35 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 11:35 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]

"Dolby Home Theater v4"="c:\dolby pcee4\pcee4.exe" [2011-06-01 506712]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-15 1081424]

"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]

"APVXDWIN"="c:\program files (x86)\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768]

"SCANINICIO"="c:\program files (x86)\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464]

"VC10Player"="c:\program files (x86)\Virtual CD v10\System\VC10Play.exe" [2011-10-19 411976]

"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2008-04-21 91432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

c:\users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CurseClientStartup.ccip [2012-7-4 0]

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

.

R0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [2010-06-22 30792]

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-11-16 22648]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-11-16 20520]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-11-16 62776]

R1 ShldFlt;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShldFlt.sys [2009-10-27 48136]

R1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2011-04-19 223256]

R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/06/28 01:32];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2011-12-20 12:56 146928]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]

R2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm6460.sys [2010-05-21 65608]

R2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT64.SYS [2011-01-31 129096]

R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-10-01 105120]

R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-05-13 249648]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2012-06-24 15928]

R2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT64.SYS [2009-09-25 82952]

R2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-15 352336]

R2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-06-27 168448]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-06-27 131072]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2010-09-14 1830400]

R2 FFSOpzSvc;Sleep memory optimizer;c:\program files\Sleep Memory Optimizer\FFSService.exe [2011-09-18 141192]

R2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetm64.SYS [2009-09-25 31752]

R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]

R2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT64.SYS [2010-09-09 78920]

R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-07-21 212944]

R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

R2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETTDI64.SYS [2009-09-25 12:54 170504]

R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]

R2 PskSvcRetail;Panda PSK service;c:\program files (x86)\Panda Security\Panda Global Protection 2012\PskSvc.exe [2010-08-16 28992]

R2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-09 2656536]

R2 VC10SecS;Virtual CD v10 Management Service;c:\program files (x86)\Virtual CD v10\System\VC10SecS.exe [2011-10-19 144712]

R2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT64.SYS [2009-09-25 74760]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-08-11 57344]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 250056]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-10-01 36000]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-01 330912]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-01 110240]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-10-01 167584]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-10-01 68256]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-10-01 280992]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-10-01 519328]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-05-21 276288]

R3 cpuz135;cpuz135;c:\users\Lars\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2009-07-09 24088]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

R3 irstrtsv;Intel® Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe [2011-07-07 184320]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [2008-06-17 40464]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-24 1255736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-10-01 30368]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2011-07-29 185128]

S3 irstrtdv;Intel® Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys [2011-06-16 26504]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\n64i1644.sys [2010-09-01 216648]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-07-28 313448]

S3 SSMO4Filter;MMO-4 Mouse;c:\windows\system32\drivers\MO4Driver.sys [2011-07-26 21504]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05 17:46]

.

2012-08-14 c:\windows\Tasks\Adobe Reader and Acrobat Manager simplitec PSP.job

- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 07:37]

.

2012-08-22 c:\windows\Tasks\Basis-opruiming.job

- c:\program files (x86)\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2012-06-24 12:23]

.

2012-08-28 c:\windows\Tasks\simplitec PCLive.job

- c:\program files (x86)\simplitec\PC Live\PCLive.exe [2012-03-14 10:35]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-08-10 2275944]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-10-01 981664]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-10-01 799904]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-21 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-21 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-21 440128]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://acer.msn.com

mLocal Page = c:\windows\SYSTEM32\blank.htm

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

.

------- Bestandsassociaties -------

.

JSEFile=c:\progra~2\PANDAS~1\PANDAG~1\PavScrip.exe "%1" %*

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrv1000]

"ImagePath"="system32\DRIVERS\vdrv1000.sys"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-28 16:20:24

ComboFix-quarantined-files.txt 2012-08-28 14:20

.

Pre-Run: 393.726.681.088 bytes beschikbaar

Post-Run: 393.625.505.792 bytes beschikbaar

.

- - End Of File - - FE06DE585EB2D90EEA6B626DEBF9CBBE

Link naar reactie
Delen op andere sites

Dat "terug in de tijd draaien" ... heb je dat gedaan mt systeemherstel naar een oud herstelpunt vóór de problemen zijn begonnen ?

Heb hem zonet een maand terug gezet, zit nog steeds met de problemen. Dit is veel vroeger dan wanneer het probleem begon, dit is pas sinds enkele dagen. Ik ben er ook zeker van dat ik niet met een virus zit, want de beveiliging is hoog genoeg + ik heb niet veel (of zelfs bijna niets) gedownload. Daar heb ik een andere PC voor. Enig idee aan wat het zou kunnen liggen?

Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.