Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Smerige pest, die antivirusprogramma's niet vinden!!!

Anoniem
None
30 antwoorden
  • http://www.removespywareguides.com/InstallIQUpdater-exe-how-to-remove.html
  • Spam Alert
  • Deze pest blokkeert tekens de internetverbinding.

    Mijn dank aan 'SpyShelter', voor het opsporen van deze ellende:

    "2/19/2011 9:25:18 AM,C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe,26,Blocked ;Changing registry".
  • Waarom zet je dan alleen een link van een .exe in je post zonder enige uitleg? en zeg je daarna dat een of ander programma genaamd "SpyShelter" het moet oplossen. SpyShelter is voor het grootste gedeelte een anti Keylogger…
  • Ik ben blij dat dit probleem eindelijk is gevonden, verder weet ik nog niet hoe ik de besmetting volledig kan verwijderen, omdat deze besmetting zich verder in het systeem heeft genesteld. Ik kan bijvoorbeeld 'w3i' niet verwijderen omdat een ander programma mee aan 'het werk' schijnt te zijn. :evil:
  • Waarom praat je in je zelf en reageer je niet op mij?
  • Indien ik zou weten hoe dit probleem te werk gaat, en waar het toe dient; dan had ik het jou willen zeggen. Hopelijk dat iemand hier meer ervaring mee heeft, hoe dit varkentje te wassen. :wink:
  • MBAM Downloaden hier
    Volledig laten scannen
    HijackThis downloaden en een logje posten hier
  • Hoi Maanvol:

    Doe onderstaande:

    1) [b:0a36fbbd2c]Welk programma[/b:0a36fbbd2c]: Malwarebytes MBAM
    [b:0a36fbbd2c]Waarvoor/waarom[/b:0a36fbbd2c]: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:0a36fbbd2c]Moeilijkheidsgraad[/b:0a36fbbd2c]: geen.

    [b:0a36fbbd2c]Download Malwarebytes MBAM via één van deze locaties[/b:0a36fbbd2c]:
    [list:0a36fbbd2c] [*:0a36fbbd2c][b:0a36fbbd2c]Download.com[/b:0a36fbbd2c]
    [*:0a36fbbd2c][b:0a36fbbd2c]Softpedia.com[/b:0a36fbbd2c][*:0a36fbbd2c][b:0a36fbbd2c]Majorgeeks.com[/b:0a36fbbd2c][/list:u:0a36fbbd2c]
    [b:0a36fbbd2c]Allereerst[/b:0a36fbbd2c]:[list:0a36fbbd2c][*:0a36fbbd2c] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:0a36fbbd2c] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:0a36fbbd2c]
    [b:0a36fbbd2c]Malwarebytes MBAM opstarten[/b:0a36fbbd2c]:
    Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
    Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

    [b:0a36fbbd2c]Scannen[/b:0a36fbbd2c]:
    [list:0a36fbbd2c][*:0a36fbbd2c] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:0a36fbbd2c]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:0a36fbbd2c]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:0a36fbbd2c]
    [b:0a36fbbd2c]Infecties gevonden[/b:0a36fbbd2c]:
    [list:0a36fbbd2c][*:0a36fbbd2c]Klik nu eerst op OK om de melding weg te klikken
    [*:0a36fbbd2c]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:0a36fbbd2c]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:0a36fbbd2c]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:0a36fbbd2c]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:0a36fbbd2c]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:0a36fbbd2c]
    [b:0a36fbbd2c]MBAM-Log[/b:0a36fbbd2c]:
    [list:0a36fbbd2c][*:0a36fbbd2c] Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.[/list:u:0a36fbbd2c]
    [b:0a36fbbd2c]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:0a36fbbd2c]


    2) [b:0a36fbbd2c]Welk programma[/b:0a36fbbd2c]: Trend Micro [b:0a36fbbd2c]Hijack This Versie 2.0.4[/b:0a36fbbd2c]
    [b:0a36fbbd2c]Waarvoor/waarom[/b:0a36fbbd2c]: maakt een duidelijk overzicht van Windows door middel van een scan.
    [b:0a36fbbd2c]Moeilijkheidsgraad[/b:0a36fbbd2c]: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven.

    [b:0a36fbbd2c]Download[/b:0a36fbbd2c] de [b:0a36fbbd2c]HijackThis Installer[/b:0a36fbbd2c]

    [b:0a36fbbd2c]Installatie[/b:0a36fbbd2c]:
    [list:0a36fbbd2c][*:0a36fbbd2c]Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn![/list:u:0a36fbbd2c]
    Gebruikers van [b:0a36fbbd2c]Windows Vista[/b:0a36fbbd2c] en [b:0a36fbbd2c]Windows 7[/b:0a36fbbd2c] gaan daarna naar de installatielokatie van HijackThis.
    [list:0a36fbbd2c][*:0a36fbbd2c]Vervolgens met rechts hijackthis.exe aanklikken en dan Eigenschappen kiezen.
    [*:0a36fbbd2c]Klik nu op de tab Comptabiliteit en zet dan een vinkje bij Als Administrator uitvoeren.
    [*:0a36fbbd2c]Als laatste wordt dan nog op [b:0a36fbbd2c]Toepassen[/b:0a36fbbd2c] en [b:0a36fbbd2c]OK[/b:0a36fbbd2c] geklikt[/list:u:0a36fbbd2c]
    [b:0a36fbbd2c]Hijack This gebruiken[/b:0a36fbbd2c]:
    [list:0a36fbbd2c][*:0a36fbbd2c]Sluit eerst alle openstaande programma's en de webbrowsers.
    [*:0a36fbbd2c]Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile'
    [*:0a36fbbd2c]Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'.
    [*:0a36fbbd2c]Kopieer en plak inhoud van het Hijack This-logfile in je aansluitende bericht.
    [*:0a36fbbd2c]Hierna mag je Hijack This weer sluiten[/list:u:0a36fbbd2c]
  • Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:44:13 PM, on 2/19/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
    C:\Users\tosh\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe
    C:\Program Files (x86)\AllChars\AllChars.exe
    C:\Program Files (x86)\AVG\AVG9\avgtray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Users\tosh\AppData\Local\Autobahn\autobahn.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Monitor
    usb3mon.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 9\firefox.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: QuickNet - {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - C:\Program Files (x86)\RegTweaker\key.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Bonus.SSR.FR10] "C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Monitor
    usb3mon.exe"
    O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\tosh\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [SpyShelter] C:\Program Files (x86)\SpyShelter Premium\SpyShelter.exe
    O4 - Startup: autobahn.lnk = C:\Users\tosh\AppData\Local\Autobahn\autobahn.exe
    O4 - Global Startup: AllChars.lnk = C:\Program Files (x86)\AllChars\AllChars.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
    O23 - Service: ABBYY FineReader 10 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.10.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Brother BRAdminPro Scheduler (BRA_Scheduler) - Unknown owner - C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 10157 bytes





    Malware:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5808

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    2/19/2011 2:48:23 PM
    mbam-log-2011-02-19 (14-48-23).txt

    Scan type: Full scan (C:\|E:\|F:\|)
    Objects scanned: 803618
    Time elapsed: 2 hour(s), 29 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0


    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)


  • Hoi Maanvol, je mag het volgende doen:

    [b:ca826ddf19]Welk programma[/b:ca826ddf19]: ComboFix
    [b:ca826ddf19]Waarvoor/waarom[/b:ca826ddf19]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en zo mogelijk op te schonen.
    [b:ca826ddf19]Moeilijkheidsgraad[/b:ca826ddf19]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:ca826ddf19]Downloadlokatie[/b:ca826ddf19]: Dit programma absoluut naar het bureaublad downloaden!
    [b:ca826ddf19]Download ComboFix via één van deze locaties[/b:ca826ddf19]:
    [list:ca826ddf19][*:ca826ddf19][b:ca826ddf19]Bleepingcomputer[/b:ca826ddf19]
    [*:ca826ddf19][b:ca826ddf19]ForoSpyware[/b:ca826ddf19]
    [*:ca826ddf19][b:ca826ddf19]Geekstogo[/b:ca826ddf19][/list:u:ca826ddf19]
    [b:ca826ddf19]Hier[/b:ca826ddf19] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor de ComboFix start gedeaktiveert zijn!
    [b:ca826ddf19]Hier[/b:ca826ddf19] en [b:ca826ddf19]hier[/b:ca826ddf19] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:ca826ddf19]Voor alle duidelijkheid nogmaals[/b:ca826ddf19]: ComboFix dient vanaf het bureaublad gestart te worden.

    [b:ca826ddf19]Opmerkingen[/b:ca826ddf19]:
    [list:ca826ddf19][*:ca826ddf19] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:ca826ddf19]Vista- en Windows 7 gebruikers starten Combofix op via rechtsklik met Administratorrechten.
    [*:ca826ddf19]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:ca826ddf19]
    [b:ca826ddf19]ComboFix is opgestart[/b:ca826ddf19]:
    [list:ca826ddf19][*:ca826ddf19]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:ca826ddf19]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:ca826ddf19]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:ca826ddf19]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:ca826ddf19]Post de inhoud van dit logbestand in je volgende bericht.
    [*:ca826ddf19]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:ca826ddf19]
    [b:ca826ddf19]Belangrijke opmerking[/b:ca826ddf19]:
    [list:ca826ddf19][*:ca826ddf19][b:ca826ddf19]
  • Ik zie bij 'AVG Internet Security', geen mogelijkheid om het uit te zetten.
  • In orde 'AVG' is off. :wink:
  • ComboFix 11-02-18.05 - Maanvol 02/19/2011 18:20:37.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.3242 [GMT 1:00]
    Running from: c:\users\Maanvol\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Outdated* {D68DDD4B-831F-4fae-9E44-DA132C1ACJ64}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Install.exe
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

    —– BITS: Possible infected sites —–

    hxxp://updates.swarmcast.net
    .
    ((((((((((((((((((((((((( Files Created from 2011-01-19 to 2011-02-19 )))))))))))))))))))))))))))))))
    .

    2011-02-19 17:32 . 2011-02-19 17:32 0 —ha-w- c:\users\Maanvol\AppData\Local\BITF49B.tmp
    2011-02-19 17:26 . 2011-02-19 17:26 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-02-19 14:24 . 2011-02-19 14:24 388096 —-a-r- c:\users\Maanvol\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-19 14:24 . 2011-02-19 14:24 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-02-19 14:00 . 2011-02-19 14:13 ——– d—–w- C:\Downloads
    2011-02-19 11:08 . 2011-02-19 11:08 ——– d—–w- c:\users\Maanvol\AppData\Roaming\Malwarebytes
    2011-02-19 11:06 . 2011-02-19 11:06 ——– d—–w- c:\programdata\Malwarebytes
    2011-02-19 11:06 . 2010-12-20 17:09 38224 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-19 11:06 . 2011-02-19 13:46 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-02-19 11:06 . 2010-12-20 17:08 24152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-19 11:01 . 2011-02-19 11:01 ——– d—–w- c:\program files (x86)\RegCleaner
    2011-02-19 10:22 . 2011-02-19 10:22 ——– d—–w- c:\program files (x86)\RegTweaker
    2011-02-18 12:52 . 2011-02-18 13:42 ——– d—–w- c:\users\Maanvol\AppData\Roaming\Q-Dir
    2011-02-18 12:52 . 2011-02-18 12:52 ——– d—–w- c:\program files\Q-Dir
    2011-02-18 12:30 . 2011-02-18 12:30 81920 —ha-w- c:\windows\SysWow64\v3shrtkgn.dll
    2011-02-18 12:15 . 2011-02-19 13:48 ——– d—–w- c:\program files (x86)\SpyShelter Premium
    2011-02-18 12:15 . 2011-02-18 12:15 ——– d—–w- c:\users\Maanvol\AppData\Roaming\SpyShelter
    2011-02-18 12:15 . 2011-02-05 17:34 36864 —-a-w- c:\windows\system32\SpyShelterShellExt.dll
    2011-02-18 12:15 . 2011-02-05 15:56 28160 —-a-w- c:\windows\SysWow64\SpyShelterShellExt.dll
    2011-02-16 12:56 . 2011-02-16 12:57 ——– d—–w- C:\Aldi
    2011-02-13 14:50 . 2011-02-13 14:50 ——– d—–w- c:\program files (x86)\Microsoft.NET
    2011-02-13 14:48 . 2011-02-13 14:53 ——– d—–w- c:\programdata\Spotnet
    2011-02-13 14:48 . 2011-02-13 14:48 ——– d—–w- c:\program files (x86)\Spotnet
    2011-02-09 09:40 . 2011-02-09 09:42 ——– d—–w- C:\d1c6f51cb2ad22cb38bb
    2011-02-09 09:39 . 2010-12-18 03:35 2381824 —-a-w- c:\windows\system32\mshtml.tlb
    2011-02-09 09:39 . 2010-12-18 03:15 2381824 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2011-02-09 09:39 . 2010-12-18 03:39 1502208 —-a-w- c:\windows\system32\inetcpl.cpl
    2011-02-09 09:39 . 2010-12-18 03:19 1448448 —-a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-02-05 14:32 . 2011-02-05 14:32 ——– d—–w- c:\users\Maanvol\AppData\Roaming\Canneverbe Limited
    2011-02-05 14:32 . 2011-02-05 14:32 ——– d—–w- c:\programdata\Canneverbe Limited
    2011-02-05 14:15 . 2011-02-05 14:20 ——– d—–w- c:\users\Maanvol\AppData\Roaming\VSO
    2011-02-05 14:15 . 2011-02-05 14:15 ——– d—–w- c:\program files (x86)\VSO
    2011-02-05 14:04 . 2011-02-05 14:04 ——– d—–w- c:\users\Maanvol\AppData\Roaming\Foxit Software
    2011-02-05 14:02 . 2011-02-05 14:02 ——– d—–w- c:\program files\CDBurnerXP
    2011-02-04 15:48 . 2011-02-04 15:51 ——– d—–w- c:\users\Maanvol\AppData\Roaming\FreeFileViewer
    2011-02-03 15:31 . 2011-02-03 15:31 ——– d—–w- c:\program files (x86)\Unknown File Assistant
    2011-02-03 15:30 . 2011-02-03 15:31 ——– d—–w- c:\program files (x86)\FreeFileViewer
    2011-02-03 15:30 . 2011-02-03 15:30 ——– d—–w- c:\programdata\W3i
    2011-02-02 14:22 . 2011-02-02 14:22 ——– d—–w- c:\program files (x86)\NEC Electronics
    2011-02-01 16:47 . 2011-02-01 16:47 ——– d—–w- c:\program files\Foxit Software
    2011-01-27 13:22 . 2010-08-16 14:31 19936 ——w- c:\windows\system32\pwdrvio.sys
    2011-01-27 13:22 . 2010-08-16 14:31 801352 —-a-w- c:\windows\system32\pwNative.exe
    2011-01-27 13:22 . 2010-08-16 14:31 13280 ——w- c:\windows\system32\pwdspio.sys
    2011-01-27 13:22 . 2011-01-27 13:22 ——– d—–w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 5.2
    2011-01-23 12:05 . 2011-01-23 12:05 ——– d—–w- c:\programdata\eSellerate
    2011-01-23 12:05 . 2011-01-23 12:05 ——– d—–w- c:\program files (x86)\SmartSound Software
    2011-01-23 12:04 . 2011-01-23 12:04 ——– d—–w- c:\program files\CyberLink
    2011-01-23 11:55 . 2011-01-23 11:55 ——– d—–w- c:\users\Maanvol\AppData\Local\Stardock
    2011-01-23 11:55 . 2011-01-23 11:55 ——– dc-h–w- c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
    2011-01-23 11:55 . 2011-01-23 11:55 ——– d—–w- c:\program files (x86)\Stardock
    2011-01-22 14:14 . 2011-01-22 14:14 110080 —-a-r- c:\users\Maanvol\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
    2011-01-22 14:14 . 2011-01-22 14:14 110080 —-a-r- c:\users\Maanvol\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
    2011-01-22 14:14 . 2011-01-22 14:14 ——– d—–w- C:\sh4ldr
    2011-01-22 14:14 . 2011-01-22 14:14 ——– d—–w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    2011-01-22 12:46 . 2011-01-22 12:46 ——– d—–w- c:\program files (x86)\Enigma Software Group
    2011-01-22 12:45 . 2011-01-22 14:12 ——– d—–w- c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
    2011-01-22 12:45 . 2011-01-22 14:14 ——– d—–w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2011-01-22 12:21 . 2011-01-22 12:21 ——– d—–w- c:\users\Maanvol\AppData\Roaming\BitZipper
    2011-01-22 12:21 . 2011-01-22 12:21 ——– d—–w- c:\program files (x86)\BitZipper
    2011-01-22 12:21 . 2006-07-24 07:56 212240 —-a-w- c:\windows\SysWow64\Richtx32.ocx
    2011-01-22 12:15 . 2011-01-22 12:15 ——– d—–w- c:\program files (x86)\Elaborate Bytes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-19 16:41 . 2011-01-19 12:10 15664 —-a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
    2011-02-19 16:41 . 2010-05-26 14:10 109360 —-a-w- c:\windows\SysWow64\GEARAspi.dll
    2011-01-16 13:27 . 2011-01-16 13:27 65536 —-a-w- c:\users\Maanvol\AppData\Roaming\Microsoft\Windows\.autobahn\libwin32proxyconfig.dll
    2010-11-30 16:24 . 2010-12-17 12:39 553984 —-a-w- c:\windows\system32\RCoRes64.dat
    2010-11-30 16:06 . 2010-12-17 12:39 2647528 —-a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2010-11-29 17:47 . 2010-12-17 12:39 2578576 —-a-w- c:\windows\system32\WavesGUILib.dll
    2010-11-29 17:47 . 2010-12-17 12:39 1868944 —-a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2010-11-29 16:38 . 2010-11-29 16:38 94208 —-a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 16:38 . 2010-11-29 16:38 69632 —-a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-24 13:24 . 2010-12-17 12:39 2815592 —-a-w- c:\windows\system32\RtkAPO64.dll
    2010-11-24 13:24 . 2010-12-17 12:39 2189416 —-a-w- c:\windows\system32\RtPgEx64.dll
    2010-11-23 17:45 . 2010-12-17 12:39 1247848 —-a-w- c:\windows\system32\RTCOM64.dll
    2010-11-22 10:39 . 2010-12-17 12:39 626792 —-a-w- c:\windows\system32\RtkApi64.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-28 21:44 1400712 —-a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]
    2010-12-12 08:56 242176 —-a-w- c:\program files (x86)\RegTweaker\key.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2010-11-21 397176]
    "Google Update"="c:\users\Maanvol\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-04 136176]
    "CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
    "SpyShelter"="c:\program files (x86)\SpyShelter Premium\SpyShelter.exe" [2011-02-07 2504128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-07-01 941320]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Monitor
    usb3mon.exe" [2009-06-08 106496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]

    c:\users\Maanvol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    autobahn.lnk - c:\users\Maanvol\AppData\Local\Autobahn\autobahn.exe [2009-4-2 710360]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 19936]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 13280]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [2010-05-20 34840]
    S1 SpyShelter;SpyShelter;c:\program files (x86)\SpyShelter Premium\SpyShelter.sys [2011-02-07 173504]
    S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-10 814344]
    S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-08-04 65536]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-02-24 67616]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS
    etw5v64.sys [2009-06-10 5434368]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS
    usb3hub.sys [2009-06-08 74312]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS
    usb3xhc.sys [2009-06-08 170056]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-19 c:\windows\Tasks\Free File Viewer Update Checker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-03 15:35]

    2011-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958121151-2580792942-2571257227-1000Core.job
    - c:\users\Maanvol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-04 13:36]

    2011-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958121151-2580792942-2571257227-1000UA.job
    - c:\users\Maanvol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-04 13:36]
    .

    ——— x86-64 ———–


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ——- Supplementary Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    FF - ProfilePath - c:\users\Maanvol\AppData\Roaming\Mozilla\Firefox\Profiles\mhe2qqtr.default\
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


    "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
    [\]^_å\00\00å\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~å\00\00å\00\00\00\00c\00\00\00\00\00\00\00\00‘’“"

    .
    ——————— LOCKED REGISTRY KEYS ———————

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Other Running Processes ————————
    .
    c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    c:\users\Maanvol\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-19 18:35:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-19 17:35

    Pre-Run: 279,979,098,112 bytes free
    Post-Run: 281,886,654,464 bytes free

    - - End Of File - - 9D81C018A283FD702B085DD8EBBE3C32



  • Hoi Maanvol, wil je nu eerst het volgende doen:


    [b:9907155341]Download CKScanner by askey 127 en sla het op je bueaublad op[/b:9907155341].
    Vista en Win 7 gebruikers gebruiken dit tool via rechtsklik en kiezen voor Als Administrator uitvoeren.
    • Klik/dubbelklik op [b:9907155341]CKScanner by askey 127[/b:9907155341] om het tool te starten en klik op Search for Files.
    • Na een korte tijd, wanneer de zandloper verdwijnt, klik dan op Save List To File
    • Een berichtvenster zal bevestigen dat het dokument is opgelagen.
    • Klik/dubbelklik op de CKFiles.txt snelkoppeling op je bureaublad en kopiëer en plak de inhoud in je volgende post.
  • CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11
    —– EOF —–


    Dit ziet er al veel mooier uit! Dank je zeer, Abraham. :D
  • Hoi Manvol, volgende ronde:

    Open een nieuw kladblok bestand, via Start>Alle programma’s>Bureau-accessoires>Kladblok.


    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:986ecaea1d]
  • ComboFix 11-02-18.05 - Maanvol 02/20/2011 17:33:18.2.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.3056 [GMT 1:00]
    Running from: c:\users\Maanvol\Desktop\ComboFix.exe
    Command switches used :: c:\users\Maanvol\Desktop\CFScript.txt

    FILE ::
    "c:\users\Maanvol\AppData\Local\BITF49B.tmp"
    "c:\windows\SysWow64\v3shrtkgn.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files (x86)\Ask.com
    c:\program files (x86)\Ask.com\cb_8288.ico
    c:\program files (x86)\Ask.com\cobrand.ico
    c:\program files (x86)\Ask.com\config.xml
    c:\program files (x86)\Ask.com\favicon.ico
    c:\program files (x86)\Ask.com\fv_7d0b.ico
    c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    c:\program files (x86)\Ask.com\mupcfg.xml
    c:\program files (x86)\Ask.com\SaUpdate.exe
    c:\program files (x86)\Ask.com\UpdateTask.exe
    c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}
    c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.dat
    c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.exe
    c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.msi
    c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.par
    c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.res
    c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\instance.dat
    c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\mia.lib
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    C:\sh4ldr
    c:\sh4ldr\initrd.gz
    c:\sh4ldr\shldr
    c:\sh4ldr\vmlinuz
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCall.dll
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla.dll
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla17.dll
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla18.exe
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla19.dll
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla2.dll
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla20.dll
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla21.dll
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseCustomCalla21.exe
    c:\windows\41EBC322660F4D16A0DF53147210CBDB.TMP\WiseData.ini
    c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
    c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP\WiseCustomCalla11.exe
    c:\windows\SysWow64\v3shrtkgn.dll

    —– BITS: Possible infected sites —–

    hxxp://updates.swarmcast.net
    .
    ((((((((((((((((((((((((( Files Created from 2011-01-20 to 2011-02-20 )))))))))))))))))))))))))))))))
    .

    2011-02-20 16:41 . 2011-02-20 16:41 0 —ha-w- c:\users\Maanvol\AppData\Local\BIT956C.tmp
    2011-02-20 16:39 . 2011-02-20 16:39 ——– d—–w- c:\users\Default\AppData\Local\temp
    2011-02-20 07:45 . 2011-02-20 07:45 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2011-02-19 17:52 . 2011-02-19 17:52 ——– d—–w- c:\users\Maanvol\AppData\Roaming\AVG10
    2011-02-19 17:51 . 2011-02-19 17:51 ——– d–h–w- c:\programdata\Common Files
    2011-02-19 17:51 . 2011-02-20 16:26 ——– d—–w- c:\programdata\AVG10
    2011-02-19 17:49 . 2011-02-19 17:50 ——– d—–w- c:\programdata\MFAData
    2011-02-19 14:24 . 2011-02-19 14:24 388096 —-a-r- c:\users\Maanvol\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-19 14:24 . 2011-02-19 14:24 ——– d—–w- c:\program files (x86)\Trend Micro
    2011-02-19 14:00 . 2011-02-20 07:44 ——– d—–w- C:\Downloads
    2011-02-19 11:08 . 2011-02-19 11:08 ——– d—–w- c:\users\Maanvol\AppData\Roaming\Malwarebytes
    2011-02-19 11:06 . 2011-02-19 11:06 ——– d—–w- c:\programdata\Malwarebytes
    2011-02-19 11:06 . 2010-12-20 17:09 38224 —-a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-02-19 11:06 . 2011-02-19 13:46 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-02-19 11:06 . 2010-12-20 17:08 24152 —-a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-19 11:01 . 2011-02-19 11:01 ——– d—–w- c:\program files (x86)\RegCleaner
    2011-02-19 10:22 . 2011-02-19 10:22 ——– d—–w- c:\program files (x86)\RegTweaker
    2011-02-18 12:52 . 2011-02-18 13:42 ——– d—–w- c:\users\Maanvol\AppData\Roaming\Q-Dir
    2011-02-18 12:52 . 2011-02-18 12:52 ——– d—–w- c:\program files\Q-Dir
    2011-02-18 12:15 . 2011-02-19 13:48 ——– d—–w- c:\program files (x86)\SpyShelter Premium
    2011-02-18 12:15 . 2011-02-18 12:15 ——– d—–w- c:\users\Maanvol\AppData\Roaming\SpyShelter
    2011-02-18 12:15 . 2011-02-05 17:34 36864 —-a-w- c:\windows\system32\SpyShelterShellExt.dll
    2011-02-18 12:15 . 2011-02-05 15:56 28160 —-a-w- c:\windows\SysWow64\SpyShelterShellExt.dll
    2011-02-16 12:56 . 2011-02-16 12:57 ——– d—–w- C:\Aldi
    2011-02-13 14:50 . 2011-02-13 14:50 ——– d—–w- c:\program files (x86)\Microsoft.NET
    2011-02-13 14:48 . 2011-02-13 14:53 ——– d—–w- c:\programdata\Spotnet
    2011-02-13 14:48 . 2011-02-13 14:48 ——– d—–w- c:\program files (x86)\Spotnet
    2011-02-09 09:40 . 2011-02-09 09:42 ——– d—–w- C:\d1c6f51cb2ad22cb38bb
    2011-02-05 14:32 . 2011-02-05 14:32 ——– d—–w- c:\users\Maanvol\AppData\Roaming\Canneverbe Limited
    2011-02-05 14:32 . 2011-02-05 14:32 ——– d—–w- c:\programdata\Canneverbe Limited
    2011-02-05 14:15 . 2011-02-05 14:20 ——– d—–w- c:\users\Maanvol\AppData\Roaming\VSO
    2011-02-05 14:15 . 2011-02-05 14:15 ——– d—–w- c:\program files (x86)\VSO
    2011-02-05 14:04 . 2011-02-05 14:04 ——– d—–w- c:\users\Maanvol\AppData\Roaming\Foxit Software
    2011-02-05 14:02 . 2011-02-05 14:02 ——– d—–w- c:\program files\CDBurnerXP
    2011-02-04 15:48 . 2011-02-04 15:51 ——– d—–w- c:\users\Maanvol\AppData\Roaming\FreeFileViewer
    2011-02-03 15:31 . 2011-02-03 15:31 ——– d—–w- c:\program files (x86)\Unknown File Assistant
    2011-02-03 15:30 . 2011-02-03 15:31 ——– d—–w- c:\program files (x86)\FreeFileViewer
    2011-02-03 15:30 . 2011-02-03 15:30 ——– d—–w- c:\programdata\W3i
    2011-02-02 14:22 . 2011-02-02 14:22 ——– d—–w- c:\program files (x86)\NEC Electronics
    2011-02-01 16:47 . 2011-02-01 16:47 ——– d—–w- c:\program files\Foxit Software
    2011-01-27 13:22 . 2010-08-16 14:31 19936 ——w- c:\windows\system32\pwdrvio.sys
    2011-01-27 13:22 . 2010-08-16 14:31 801352 —-a-w- c:\windows\system32\pwNative.exe
    2011-01-27 13:22 . 2010-08-16 14:31 13280 ——w- c:\windows\system32\pwdspio.sys
    2011-01-27 13:22 . 2011-01-27 13:22 ——– d—–w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 5.2
    2011-01-23 12:05 . 2011-01-23 12:05 ——– d—–w- c:\programdata\eSellerate
    2011-01-23 12:05 . 2011-01-23 12:05 ——– d—–w- c:\program files (x86)\SmartSound Software
    2011-01-23 12:04 . 2011-01-23 12:04 ——– d—–w- c:\program files\CyberLink
    2011-01-23 11:55 . 2011-01-23 11:55 ——– d—–w- c:\users\Maanvol\AppData\Local\Stardock
    2011-01-23 11:55 . 2011-01-23 11:55 ——– d—–w- c:\program files (x86)\Stardock
    2011-01-22 14:14 . 2011-01-22 14:14 110080 —-a-r- c:\users\Maanvol\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
    2011-01-22 14:14 . 2011-01-22 14:14 110080 —-a-r- c:\users\Maanvol\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
    2011-01-22 12:46 . 2011-01-22 12:46 ——– d—–w- c:\program files (x86)\Enigma Software Group
    2011-01-22 12:45 . 2011-01-22 14:14 ——– d—–w- c:\program files (x86)\Common Files\Wise Installation Wizard
    2011-01-22 12:21 . 2011-01-22 12:21 ——– d—–w- c:\users\Maanvol\AppData\Roaming\BitZipper
    2011-01-22 12:21 . 2011-01-22 12:21 ——– d—–w- c:\program files (x86)\BitZipper
    2011-01-22 12:21 . 2006-07-24 07:56 212240 —-a-w- c:\windows\SysWow64\Richtx32.ocx
    2011-01-22 12:15 . 2011-01-22 12:15 ——– d—–w- c:\program files (x86)\Elaborate Bytes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-19 16:41 . 2011-01-19 12:10 15664 —-a-w- c:\windows\SysWow64\drivers\GEARAspiWDM.sys
    2011-02-19 16:41 . 2010-05-26 14:10 109360 —-a-w- c:\windows\SysWow64\GEARAspi.dll
    2011-01-16 13:27 . 2011-01-16 13:27 65536 —-a-w- c:\users\Maanvol\AppData\Roaming\Microsoft\Windows\.autobahn\libwin32proxyconfig.dll
    2010-11-30 16:24 . 2010-12-17 12:39 553984 —-a-w- c:\windows\system32\RCoRes64.dat
    2010-11-30 16:06 . 2010-12-17 12:39 2647528 —-a-w- c:\windows\system32\drivers\RTKVHD64.sys
    2010-11-29 17:47 . 2010-12-17 12:39 2578576 —-a-w- c:\windows\system32\WavesGUILib.dll
    2010-11-29 17:47 . 2010-12-17 12:39 1868944 —-a-w- c:\windows\system32\MaxxAudioRealtek.dll
    2010-11-29 16:38 . 2010-11-29 16:38 94208 —-a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 16:38 . 2010-11-29 16:38 69632 —-a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-24 13:24 . 2010-12-17 12:39 2815592 —-a-w- c:\windows\system32\RtkAPO64.dll
    2010-11-24 13:24 . 2010-12-17 12:39 2189416 —-a-w- c:\windows\system32\RtPgEx64.dll
    2010-11-23 17:45 . 2010-12-17 12:39 1247848 —-a-w- c:\windows\system32\RTCOM64.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2011-02-19_17.32.27 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2011-01-11 08:59 . 2010-08-31 23:43 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
    + 2011-02-20 07:46 . 2011-02-20 07:46 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
    - 2011-01-11 08:59 . 2010-08-31 23:43 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 54272 c:\windows\SysWOW64\pngfilt.dll
    - 2011-01-11 08:59 . 2010-08-31 23:42 48640 c:\windows\SysWOW64\mshtmler.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 48640 c:\windows\SysWOW64\mshtmler.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 72704 c:\windows\SysWOW64\mshtmled.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 11776 c:\windows\SysWOW64\mshta.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 10240 c:\windows\SysWOW64\msfeedssync.exe
    - 2011-01-11 08:59 . 2010-08-31 23:42 10240 c:\windows\SysWOW64\msfeedssync.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 41472 c:\windows\SysWOW64\msfeedsbs.dll
    - 2011-01-11 08:59 . 2010-08-31 23:43 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2011-02-20 07:46 . 2011-02-20 07:46 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 23552 c:\windows\SysWOW64\licmgr10.dll
    - 2011-01-11 08:59 . 2010-08-31 23:43 23552 c:\windows\SysWOW64\licmgr10.dll
    + 2011-02-20 07:46 . 2011-02-20 07:46 64512 c:\windows\SysWOW64\jsproxy.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 78848 c:\windows\SysWOW64\inseng.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 35840 c:\windows\SysWOW64\imgutil.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 74752 c:\windows\SysWOW64\iesetup.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 31744 c:\windows\SysWOW64\iernonce.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 74240 c:\windows\SysWOW64\ie4uinit.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 66048 c:\windows\SysWOW64\icardie.dll
    + 2010-05-08 13:43 . 2011-02-20 16:28 40702 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-02-20 16:28 40912 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-05-08 13:43 . 2011-02-20 16:28 10080 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2958121151-2580792942-2571257227-1000_UserData.bin
    + 2011-02-20 07:45 . 2011-02-20 07:45 91648 c:\windows\system32\SetIEInstalledDate.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 89088 c:\windows\system32\RegisterIEPKEYs.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 65024 c:\windows\system32\pngfilt.dll
    - 2011-01-11 08:59 . 2010-08-31 23:41 65024 c:\windows\system32\pngfilt.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 48640 c:\windows\system32\mshtmler.dll
    - 2011-01-11 08:59 . 2010-08-31 23:41 48640 c:\windows\system32\mshtmler.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 96256 c:\windows\system32\mshtmled.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 12288 c:\windows\system32\mshta.exe
    - 2011-01-11 08:59 . 2010-08-31 23:41 12288 c:\windows\system32\mshta.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 10240 c:\windows\system32\msfeedssync.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 55296 c:\windows\system32\msfeedsbs.dll
    - 2011-01-11 08:59 . 2010-08-31 23:41 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 30720 c:\windows\system32\licmgr10.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 85504 c:\windows\system32\jsproxy.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 49664 c:\windows\system32\imgutil.dll
    - 2011-01-11 08:59 . 2010-08-31 23:41 49664 c:\windows\system32\imgutil.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 85504 c:\windows\system32\iesetup.dll
    - 2011-01-11 08:59 . 2010-08-31 23:41 85504 c:\windows\system32\iesetup.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 39936 c:\windows\system32\iernonce.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 89088 c:\windows\system32\ie4uinit.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 82432 c:\windows\system32\icardie.dll
    + 2010-04-25 01:07 . 2011-02-20 12:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-04-25 01:07 . 2011-02-16 09:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-04-25 01:07 . 2011-02-20 12:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-04-25 01:07 . 2011-02-16 09:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-02-16 09:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-02-20 12:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2011-02-20 11:01 71944 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2011-02-19 17:31 . 2011-02-19 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-20 16:41 . 2011-02-20 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-02-20 16:41 . 2011-02-20 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-02-19 17:31 . 2011-02-19 17:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-02-20 07:45 . 2011-02-20 07:45 152064 c:\windows\SysWOW64\wextract.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 203776 c:\windows\SysWOW64\webcheck.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 420864 c:\windows\SysWOW64\vbscript.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 231936 c:\windows\SysWOW64\url.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 123392 c:\windows\SysWOW64\occache.dll
    + 2011-02-20 07:46 . 2011-02-20 07:46 162304 c:\windows\SysWOW64\msrating.dll
    + 2011-02-20 07:46 . 2011-02-20 07:46 161280 c:\windows\SysWOW64\msls31.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 580096 c:\windows\SysWOW64\msfeeds.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 716800 c:\windows\SysWOW64\jscript.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 150528 c:\windows\SysWOW64\iexpress.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 142848 c:\windows\SysWOW64\ieUnatt.exe
    - 2011-01-11 08:59 . 2010-08-31 23:43 142848 c:\windows\SysWOW64\ieUnatt.exe
    - 2011-02-09 09:39 . 2010-12-18 03:13 176640 c:\windows\SysWOW64\ieui.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 176640 c:\windows\SysWOW64\ieui.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 117760 c:\windows\SysWOW64\iepeers.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 356664 c:\windows\SysWOW64\iedkcs32.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 434176 c:\windows\SysWOW64\ieapfltr.dll
    - 2011-01-11 08:59 . 2010-08-31 23:42 163840 c:\windows\SysWOW64\ieakui.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 163840 c:\windows\SysWOW64\ieakui.dll
    - 2011-01-11 08:59 . 2010-08-31 23:43 227840 c:\windows\SysWOW64\ieaksie.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 227840 c:\windows\SysWOW64\ieaksie.dll
    - 2011-01-11 08:59 . 2010-08-31 23:43 130560 c:\windows\SysWOW64\ieakeng.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 130560 c:\windows\SysWOW64\ieakeng.dll
    - 2011-01-11 08:59 . 2010-08-31 23:42 110592 c:\windows\SysWOW64\IEAdvpack.dll
    + 2011-02-20 07:46 . 2011-02-20 07:46 110592 c:\windows\SysWOW64\IEAdvpack.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 223744 c:\windows\SysWOW64\dxtrans.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 353792 c:\windows\SysWOW64\dxtmsft.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 101888 c:\windows\SysWOW64\admparse.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 160256 c:\windows\system32\wextract.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 249344 c:\windows\system32\webcheck.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 603648 c:\windows\system32\vbscript.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 236544 c:\windows\system32\url.dll
    - 2009-07-14 02:36 . 2011-02-19 17:22 624178 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-02-20 16:30 624178 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-02-19 17:22 106522 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2011-02-20 16:30 106522 c:\windows\system32\perfc009.dat
    + 2011-02-20 07:45 . 2011-02-20 07:45 149504 c:\windows\system32\occache.dll
    - 2011-01-11 08:59 . 2010-08-31 23:42 197120 c:\windows\system32\msrating.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 197120 c:\windows\system32\msrating.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 222208 c:\windows\system32\msls31.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 696832 c:\windows\system32\msfeeds.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 817664 c:\windows\system32\jscript.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 103936 c:\windows\system32\inseng.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 165888 c:\windows\system32\iexpress.exe
    - 2011-01-11 08:59 . 2010-08-31 23:41 165888 c:\windows\system32\iexpress.exe
    - 2011-01-11 08:59 . 2010-08-31 23:41 173056 c:\windows\system32\ieUnatt.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 173056 c:\windows\system32\ieUnatt.exe
    + 2011-02-20 07:45 . 2011-02-20 07:45 248320 c:\windows\system32\ieui.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 111616 c:\windows\system32\iesysprep.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 145408 c:\windows\system32\iepeers.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 406840 c:\windows\system32\iedkcs32.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 534528 c:\windows\system32\ieapfltr.dll
    - 2011-01-11 08:59 . 2010-08-31 23:41 163840 c:\windows\system32\ieakui.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 163840 c:\windows\system32\ieakui.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 267776 c:\windows\system32\ieaksie.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 160256 c:\windows\system32\ieakeng.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 135168 c:\windows\system32\IEAdvpack.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 282624 c:\windows\system32\dxtrans.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 453632 c:\windows\system32\dxtmsft.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 114176 c:\windows\system32\admparse.dll
    - 2009-07-14 05:01 . 2011-02-19 17:26 317684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-02-20 16:39 317684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-01-16 15:15 . 2011-02-20 16:39 595952 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2958121151-2580792942-2571257227-1000-8192.dat
    - 2011-01-22 15:00 . 2011-02-19 17:15 317684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2958121151-2580792942-2571257227-1000-12288.dat
    + 2011-01-22 15:00 . 2011-02-19 17:54 317684 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2958121151-2580792942-2571257227-1000-12288.dat
    + 2010-04-21 13:42 . 2010-04-21 13:42 223232 c:\windows\Installer\11367e.msi
    + 2011-02-20 07:46 . 2011-02-20 07:46 1125376 c:\windows\SysWOW64\wininet.dll
    + 2011-02-20 07:46 . 2011-02-20 07:46 1098240 c:\windows\SysWOW64\urlmon.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 1791488 c:\windows\SysWOW64\jscript9.dll
    + 2011-02-20 07:46 . 2011-02-20 07:46 1784832 c:\windows\SysWOW64\iertutil.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 9593344 c:\windows\SysWOW64\ieframe.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 3695416 c:\windows\SysWOW64\ieapfltr.dat
    + 2011-02-20 07:45 . 2011-02-20 07:45 1387520 c:\windows\system32\wininet.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 1339392 c:\windows\system32\urlmon.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 2272768 c:\windows\system32\jscript9.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 2136064 c:\windows\system32\iertutil.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 3695416 c:\windows\system32\ieapfltr.dat
    - 2009-07-14 04:45 . 2011-02-13 11:55 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2011-02-20 09:49 3607895 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2011-01-25 11:37 . 2011-01-25 11:37 4920832 c:\windows\Installer\11368a.msi
    + 2010-12-08 08:14 . 2010-12-08 08:14 1944064 c:\windows\Installer\113686.msi
    + 2010-07-23 12:08 . 2010-07-23 12:08 8544256 c:\windows\Installer\113682.msi
    + 2011-02-20 07:45 . 2011-02-20 07:45 12213760 c:\windows\SysWOW64\mshtml.dll
    - 2009-07-14 02:34 . 2011-02-19 08:52 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2009-07-14 02:34 . 2011-02-20 16:39 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    + 2011-02-20 07:45 . 2011-02-20 07:45 17700352 c:\windows\system32\mshtml.dll
    + 2011-02-20 07:45 . 2011-02-20 07:45 10772480 c:\windows\system32\ieframe.dll
    .
    – Snapshot reset to current date –
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7}]
    2010-12-12 08:56 242176 —-a-w- c:\program files (x86)\RegTweaker\key.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2010-11-21 397176]
    "Google Update"="c:\users\Maanvol\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-04 136176]
    "CursorFX"="c:\program files (x86)\Stardock\CursorFX\CursorFX.exe" [2010-03-23 417280]
    "SpyShelter"="c:\program files (x86)\SpyShelter Premium\SpyShelter.exe" [2011-02-07 2504128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
    "NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Monitor
    usb3mon.exe" [2009-06-08 106496]

    c:\users\Maanvol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    autobahn.lnk - c:\users\Maanvol\AppData\Local\Autobahn\autobahn.exe [2009-4-2 710360]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AllChars.lnk - c:\program files (x86)\AllChars\AllChars.exe [2007-7-25 626688]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    R1 CSN5PDTS82;CSN5PDTS82 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 esgiguard;esgiguard;c:\program files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [2010-01-27 5248]
    R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 19936]
    R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 13280]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-27 1255736]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S1 CSN5PDTS82x64;CSN5PDTS82x64 NDIS Protocol Driver;c:\windows\system32\Drivers\CSN5PDTS82x64.sys [2010-05-20 34840]
    S1 SpyShelter;SpyShelter;c:\program files (x86)\SpyShelter Premium\SpyShelter.sys [2011-02-07 173504]
    S2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2010-08-04 65536]
    S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
    S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-02-24 67616]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS
    etw5v64.sys [2009-06-10 5434368]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS
    usb3hub.sys [2009-06-08 74312]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS
    usb3xhc.sys [2009-06-08 170056]


    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-20 c:\windows\Tasks\Free File Viewer Update Checker.job
    - c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-03 15:35]

    2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958121151-2580792942-2571257227-1000Core.job
    - c:\users\Maanvol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-04 13:36]

    2011-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2958121151-2580792942-2571257227-1000UA.job
    - c:\users\Maanvol\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-04 13:36]
    .

    ——— x86-64 ———–


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
    .
    ——- Supplementary Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    FF - ProfilePath - c:\users\Maanvol\AppData\Roaming\Mozilla\Firefox\Profiles\mhe2qqtr.default\
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    AddRemove-CursorFX - c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.exe
    AddRemove-{C1080852-065E-4991-9260-F3756E3CC182} - c:\programdata\{E568B6A0-8E02-46C8-8954-00ECD7CD3554}\CursorFX_setup.exe


    "ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
    [\]^_å\00\00å\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~å\00\00å\00\00\00\00c\00\00\00\00\00\00\00\00‘’“"

    .
    ——————— LOCKED REGISTRY KEYS ———————

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Other Running Processes ————————
    .
    c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
    c:\users\Maanvol\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-20 17:44:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-20 16:44
    ComboFix2.txt 2011-02-19 17:35

    Pre-Run: 279,478,730,752 bytes free
    Post-Run: 279,062,007,808 bytes free

    - - End Of File - - 9A49B8949F70E3889AE357A835858E9E



  • Ik krijg aanbiedingen, zoals dit:


    http://www.youtube.com/watch?v=rf40TRWHSNg



    – is dit goed of niet?
  • Die link zegt mij in ieder geval niks!

    Wat bedoel je nu met "Ik krijg aanbiedingen, ………"?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.