Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Verdacht op vervuilde PC

None
13 antwoorden
  • Mijn PC doet een beetje raar……lastig te omschrijven wat er precies schaalt…dat is een gevoel.
    Ik heb vanmiddag bij het downloaden wel per ongeluk wat "rotzooi" gedownload volgens mij, in de vorm van spam. Ik dacht dat het iets was dat ik nodig had, maar er stonden ineens dingen genaamd "Sweet IM" etc. op mijn pc. Ook VERMOED ik dat er zomaar bestanden van mijn bureaublad verdwenen. Toch even alles geback-upt naar externe HD. Mijn Avira heeft nog niets gemeld in ieder geval.

    Ik heb vanmiddag al een MBAM scan gedaan met 3 detecties (scan voortijdig moeten afbreken). Deze 3 zijn verwijderd (logje staat onderaan "eerste" genaamd). Net een volledige scan moeten doen en niets gevonden (logje genaamd "laatste). Dus
    1) HJT logje
    2) MBAM logje waarbij wel wat gevonden is (dit was de eerste scan van MBAM)…heet "eerste"
    3) MBAM logje waarbij niets gevonden is (dit was de tweede scan van MBAM)…heet "laatste"

    Ik hoop dat e.e.a. zo begrijpelijk is….:oops:
    Wie wil er even naar willen kijken?

    [quote:41372837c1][b:41372837c1][u:41372837c1]HJT LOGJE:[/u:41372837c1][/b:41372837c1]
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:27:10, on 19-10-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v8.00 (8.00.7601.17514)
    Boot mode: Normal

    Running processes:
    R:\Programma's\Logitech cam\LWS\Webcam Software\LWS.exe
    R:\Programma's\Avira\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    R:\Programma's\Logitech cam\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    R:\Programma's\Avira\Avira\AntiVir Desktop\avconfig.exe
    R:\Programma's\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={2EC89AD2-19FC-11E2-82BB-485B39EEA590}
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={2EC89AD2-19FC-11E2-82BB-485B39EEA590}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\PROGRA~1\OFFICE~1\Office14\GROOVEEX.DLL
    O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\PROGRA~1\OFFICE~1\Office14\URLREDIR.DLL
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKLM\..\Run: [LWS] R:\Programma's\Logitech cam\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [avgnt] "R:\Programma's\Avira\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    O4 - Startup: Logitech . Productregistratie.lnk = R:\Programma's\Logitech cam\Ereg\eReg.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://R:\PROGRA~1\OFFICE~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://R:\PROGRA~1\OFFICE~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - R:\Programma's\Office 2010\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - R:\Programma's\Office 2010\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - R:\Programma's\Office 2010\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - R:\Programma's\Office 2010\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - R:\Programma's\Avira\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - R:\Programma's\Avira\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32
    etlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 9201 bytes
    [/quote:41372837c1]

    [quote:41372837c1][u:41372837c1][b:41372837c1]MBAM logje EERSTE[/b:41372837c1][/u:41372837c1]
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.10.19.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Remco :: REMCO-PC [administrator]

    19-10-2012 17:52:46
    mbam-log-2012-10-19 (17-52-46).txt

    Scantype: Volledige scan (C:\|E:\|F:\|R:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 236929
    Verstreken tijd: 45 minuut/minuten, 31 seconde(n) [beëindigd]

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 3
    C:\Users\Remco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQAB6XRL\v378[1].exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Remco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XKF5PAS1\SaveAs[1].exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
    C:\Users\Remco\Desktop\RemoveWAT22.exe (HackTool.Wpakill) -> Succesvol in quarantaine geplaatst en verwijderd.

    (einde)
    [/quote:41372837c1]

    [quote:41372837c1][b:41372837c1][u:41372837c1]MBAM logje LAATSTE:[/u:41372837c1][/b:41372837c1]
    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Databaseversie: v2012.10.19.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Remco :: REMCO-PC [administrator]

    19-10-2012 20:19:31
    mbam-log-2012-10-19 (20-19-31).txt

    Scantype: Volledige scan (C:\|E:\|F:\|R:\|)
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 423302
    Verstreken tijd: 1 uur/uren, 3 minuut/minuten, 14 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
    [/quote:41372837c1]
  • Is jouw Windows 7 niet legitiem?

  • Geen idee of mijn windows legitiem is, een vriend van me heeft hem voor me geïnstalleerd een tijdje terug omdat ik er geen software en tijd voor had. Hoezo? Ik merk er niets aan….zou er niet blij mee zijn als hij niet legitiem is 😠

    Ik ga morgen meteen aan de slag met jou stappenplan!
  • RemoveWAT22.exe komt voor in het log, dus lijkt mij dat windows 7 dus niet legaal is.
  • verdomme…….fijne vriend dus -.- kan ik me dus toch nog voor 400 euro een legitieme gaan aanschaffen….-.-

    Ik ga aan de slag met het stappenplan van Abraham54….ik hoop dat jullie mij wel nog hierin willen bijstaan nu? :oops:
  • 400 euro voor windows 7??
  • Had je echt verwacht een legale W7 voor niks te krijgen…?
    voor 86.50 heb je deze:
    http://afuture.nl/productview.php?productID=213460
  • Nee, legaal voor niks natuurlijk niet, maar ik heb altijd prijzen van honderden euri gezien voor windows versies. Die vriend zei dat hij me dat wel legaal kon installeren….weet ik veel hoe dat werkt. Nouja, weer wat geleerd in ieder geval. Bedankt voor het linkje! :-)

    Bij deze de logjes van AwdCleaner en Combofix:

    [quote:c91f26707e][b:c91f26707e][u:c91f26707e]AwdCleaner[/u:c91f26707e][/b:c91f26707e]
    # AdwCleaner v2.005 - Verslag gemaakt op 20/10/2012 om 16:09:02
    # Geactualiseerd op 14/10/2012 door Xplode
    # Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Gebruiker : Remco - REMCO-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Remco\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    Map Verwijdert : C:\Program Files (x86)\Smartdl
    Map Verwijdert : C:\Program Files (x86)\SweetIM
    Map Verwijdert : C:\ProgramData\InstallMate
    Map Verwijdert : C:\ProgramData\Premium
    Map Verwijdert : C:\ProgramData\SweetIM
    Map Verwijdert : C:\Users\Frans\AppData\LocalLow\SweetIM

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\Software\Iminent
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

    ***** [Browsers] *****

    -\\ Internet Explorer v8.0.7601.17514

    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={2EC89AD2-19FC-11E2-82BB-485B39EEA590} –> hxxp://www.google.com
    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=6&barid={2EC89AD2-19FC-11E2-82BB-485B39EEA590} –> hxxp://www.google.com

    -\\ Opera v12.2.1578.0

    File : C:\Users\Remco\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    File : C:\Users\Frans\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [6032 octets] - [20/10/2012 16:09:02]

    ########## EOF - C:\AdwCleaner[S1].txt - [6092 octets] ##########
    [/quote:c91f26707e]


    [quote:c91f26707e][b:c91f26707e][u:c91f26707e]Combofix[/u:c91f26707e][/b:c91f26707e]
    ComboFix 12-10-19.01 - Remco 20-10-2012 16:17:57.1.4 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4094.2887 [GMT 2:00]
    Gestart vanuit: c:\users\Remco\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-09-20 to 2012-10-20 ))))))))))))))))))))))))))))))
    .
    .
    2012-10-20 14:21 . 2012-10-20 14:21 ——– d—–w- c:\users\Frans\AppData\Local\temp
    2012-10-20 14:21 . 2012-10-20 14:21 ——– d—–w- c:\users\Default\AppData\Local\temp
    2012-10-19 18:45 . 2012-10-19 18:46 ——– d—–r- c:\users\Public\Sample Pictures
    2012-10-19 18:36 . 2012-10-19 18:36 388096 —-a-r- c:\users\Remco\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-10-19 18:24 . 2012-10-19 18:24 ——– d—–w- c:\users\Frans\AppData\Local\Microsoft Help
    2012-10-19 17:07 . 2012-10-19 17:47 ——– d—–w- c:\program files\Common Files\Adobe
    2012-10-19 17:05 . 2012-10-19 17:05 ——– d—–w- c:\program files (x86)\Adobe Media Player
    2012-10-19 15:38 . 2012-10-19 15:38 ——– d—–w- c:\users\Remco\AppData\Roaming\Malwarebytes
    2012-10-19 15:38 . 2012-10-19 15:38 ——– d—–w- c:\programdata\Malwarebytes
    2012-10-19 15:38 . 2012-09-29 17:54 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-19 15:25 . 2012-10-19 15:25 ——– d—–w- c:\users\Remco\AppData\Local\DownTango
    2012-10-19 15:25 . 2012-10-19 15:25 ——– d—–w- c:\program files (x86)\Red Sky
    2012-10-19 14:49 . 2012-10-19 14:51 ——– d—–w- c:\windows\system32\appmgmt
    2012-10-19 14:49 . 2012-10-19 14:49 ——– d—–w- c:\program files (x86)\OnlineHD.TV
    2012-10-19 14:41 . 2012-10-19 14:41 ——– d—–w- c:\users\Remco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-10-18 17:23 . 2012-10-19 17:10 ——– d—–w- c:\programdata\regid.1986-12.com.adobe
    2012-10-18 17:12 . 2012-10-19 14:43 ——– d—–w- c:\program files (x86)\Common Files\Adobe AIR
    2012-10-18 17:07 . 2012-10-18 17:07 ——– d—–w- c:\users\Remco\AppData\Local\Diagnostics
    2012-10-17 13:19 . 2012-10-17 13:19 ——– d—–w- c:\users\Remco\AppData\Roaming\Avira
    2012-10-17 13:13 . 2012-10-01 15:14 129576 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2012-10-17 13:13 . 2012-09-24 07:58 27800 —-a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-10-17 13:13 . 2012-09-13 13:52 99248 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-10-17 13:13 . 2012-10-17 13:13 ——– d—–w- c:\programdata\Avira
    2012-10-14 17:46 . 2012-10-19 18:30 ——– d—–w- c:\users\Remco\AppData\Roaming\uTorrent
    2012-10-05 14:51 . 2012-10-05 14:51 ——– d—–w- c:\users\Remco\AppData\Local\Logitech® Webcam Software
    2012-10-05 14:49 . 2012-10-05 14:49 ——– d—–w- c:\users\Remco\AppData\Local\LogiShrd
    2012-10-05 14:46 . 2012-10-05 14:46 ——– d—–w- c:\program files (x86)\Logitech
    2012-10-05 14:46 . 2012-10-05 14:46 ——– d—–w- c:\programdata\LogiShrd
    2012-10-05 14:46 . 2012-10-05 14:46 53248 —-a-r- c:\users\Remco\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2012-10-05 14:46 . 2012-10-05 14:46 ——– d—–w- c:\users\Remco\AppData\Roaming\Leadertech
    2012-10-05 14:45 . 2012-10-05 14:45 ——– d—–w- c:\programdata\Logitech
    2012-10-05 14:44 . 2012-10-05 14:44 ——– d—–w- c:\program files (x86)\Common Files\LWS
    2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\SysWow64\en
    2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\SysWow64\drivers\UMDF\en-US
    2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\SysWow64\0409
    2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\SysWow64\wbem\en-US
    2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\system32\en
    2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\system32\drivers\UMDF\en-US
    2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\system32\drivers\en-US
    2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\system32\0409
    2012-10-04 08:21 . 2012-10-04 08:21 ——– d—–w- c:\windows\system32\wbem\en-US
    2012-10-04 08:08 . 2009-07-13 16:30 3584 —-a-w- c:\windows\system32\Spool\prtprocs\x64\en-US\LXKPTPRC.DLL.mui
    2012-10-04 08:05 . 2012-10-04 08:05 ——– d—–w- c:\windows\de-DE
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\drivers\UMDF\de-DE
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\drivers\de-DE
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\de
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\0407
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\wbem\de-DE
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\0407
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\drivers\de-DE
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\drivers\UMDF\de-DE
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\de
    2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\wbem\de-DE
    2012-10-04 07:42 . 2009-07-13 17:05 3584 —-a-w- c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui
    2012-10-04 07:24 . 2012-05-04 11:00 366592 —-a-w- c:\windows\system32\qdvd.dll
    2012-10-04 07:24 . 2012-05-04 09:59 514560 —-a-w- c:\windows\SysWow64\qdvd.dll
    2012-10-03 18:51 . 2012-10-03 18:51 ——– d—–w- c:\users\Remco\AppData\Local\AMD
    2012-10-03 18:51 . 2012-10-03 18:51 ——– d—–w- c:\programdata\ATI
    2012-10-03 18:50 . 2012-10-03 18:50 ——– d—–w- c:\program files (x86)\AMD AVT
    2012-10-03 18:50 . 2012-10-03 18:50 ——– d—–w- c:\program files (x86)\AMD APP
    2012-10-03 18:49 . 2012-10-03 18:50 ——– d—–w- c:\programdata\AMD
    2012-10-03 18:49 . 2010-02-18 07:18 46136 —-a-w- c:\windows\system32\drivers\amdiox64.sys
    2012-10-03 18:45 . 2012-10-03 18:45 343040 —-a-w- c:\windows\system32\drivers\atikmpag.sys
    2012-10-03 18:45 . 2012-10-03 18:45 53248 —-a-w- c:\windows\system32\drivers\ati2erec.dll
    2012-10-03 18:45 . 2012-10-03 18:45 503808 —-a-w- c:\windows\system32\atieclxx.exe
    2012-10-03 18:45 . 2012-10-03 18:45 442368 —-a-w- c:\windows\system32\ATIDEMGX.dll
    2012-10-03 18:45 . 2012-10-03 18:45 44544 —-a-w- c:\windows\system32\aticalcl64.dll
    2012-10-03 18:45 . 2012-10-03 18:45 41984 —-a-w- c:\windows\system32\atig6txx.dll
    2012-10-03 18:45 . 2012-10-03 18:45 26181632 —-a-w- c:\windows\system32\atio6axx.dll
    2012-10-03 18:45 . 2012-10-03 18:46 1120768 —-a-w- c:\windows\system32\atiumd6v.dll
    2012-10-03 18:45 . 2012-10-03 18:45 4795904 —-a-w- c:\windows\SysWow64\atiumdva.dll
    2012-10-03 18:45 . 2012-10-03 18:45 360448 —-a-w- c:\windows\SysWow64\atiadlxy.dll
    2012-10-03 18:45 . 2012-10-03 18:45 17408 —-a-w- c:\windows\system32\atig6pxx.dll
    2012-10-03 18:43 . 2012-10-03 18:43 1831424 —-a-w- c:\windows\SysWow64\atiumdmv.dll
    2012-10-03 18:43 . 2012-10-03 18:44 6800896 —-a-w- c:\windows\SysWow64\atidxx32.dll
    2012-10-03 18:43 . 2012-10-03 18:43 33280 —-a-w- c:\windows\SysWow64\atigktxx.dll
    2012-10-03 18:43 . 2012-10-03 18:43 59392 —-a-w- c:\windows\system32\atiedu64.dll
    2012-10-03 18:43 . 2012-10-03 18:43 21504 —-a-w- c:\windows\system32\atimuixx.dll
    2012-10-03 18:43 . 2012-10-03 18:43 6203392 —-a-w- c:\windows\SysWow64\atiumdag.dll
    2012-10-03 18:43 . 2012-10-03 18:43 44544 —-a-w- c:\windows\system32\atiu9p64.dll
    2012-10-03 18:43 . 2012-10-03 18:43 7431680 —-a-w- c:\windows\system32\atiumd64.dll
    2012-10-03 18:43 . 2012-10-03 18:43 51200 —-a-w- c:\windows\system32\aticalrt64.dll
    2012-10-03 18:43 . 2012-10-03 18:43 236544 —-a-w- c:\windows\system32\atiesrxx.exe
    2012-09-30 12:38 . 2012-08-22 18:12 950128 —-a-w- c:\windows\system32\drivers
    dis.sys
    2012-09-30 12:38 . 2012-07-04 20:26 41472 —-a-w- c:\windows\system32\drivers\RNDISMP.sys
    2012-09-30 12:38 . 2012-08-22 18:12 1913200 —-a-w- c:\windows\system32\drivers\tcpip.sys
    2012-09-30 12:38 . 2012-08-22 18:12 376688 —-a-w- c:\windows\system32\drivers
    etio.sys
    2012-09-30 12:38 . 2012-08-22 18:12 288624 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-09-30 12:38 . 2012-08-21 21:01 245760 —-a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-30 12:34 . 2012-09-30 12:34 ——– d—–w- c:\program files\Microsoft Silverlight
    2012-09-30 12:34 . 2012-09-30 12:34 ——– d—–w- c:\program files (x86)\Microsoft Silverlight
    2012-09-30 12:30 . 2012-10-04 16:26 ——– d—–w- c:\program files (x86)\Common Files\Steam
    2012-09-30 12:28 . 2011-02-19 12:05 1139200 —-a-w- c:\windows\system32\FntCache.dll
    2012-09-30 12:28 . 2011-02-19 12:04 902656 —-a-w- c:\windows\system32\d2d1.dll
    2012-09-30 12:28 . 2011-02-19 06:30 739840 —-a-w- c:\windows\SysWow64\d2d1.dll
    2012-09-29 08:02 . 2012-08-02 17:58 574464 —-a-w- c:\windows\system32\d3d10level9.dll
    2012-09-29 08:02 . 2012-08-02 16:57 490496 —-a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-09-28 14:36 . 2012-09-28 14:36 ——– d—–w- c:\windows\system32\SPReview
    2012-09-28 14:35 . 2012-09-28 14:35 ——– d—–w- c:\windows\system32\EventProviders
    2012-09-28 14:33 . 2012-08-30 22:43 64462936 —-a-w- c:\windows\system32\MRT.exe
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-11 13:04 . 2012-07-31 12:47 419840 —-a-w- c:\windows\system32\systemcpl.dll
    2012-10-11 13:04 . 2012-07-31 12:47 14848 —-a-w- c:\windows\system32\slwga.dll
    2012-10-11 13:04 . 2012-07-31 12:47 13824 —-a-w- c:\windows\SysWow64\slwga.dll
    2012-10-09 15:51 . 2012-07-29 17:53 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 15:51 . 2012-07-29 17:53 696760 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-03 18:45 . 2010-09-29 01:23 64000 —-a-w- c:\windows\system32\coinst.dll
    2012-10-03 18:45 . 2010-09-29 01:37 7479296 —-a-w- c:\windows\system32\atidxx64.dll
    2012-10-03 18:43 . 2010-09-29 01:13 32256 —-a-w- c:\windows\SysWow64\atiu9pag.dll
    2012-10-03 18:43 . 2010-09-29 01:54 1067520 —-a-w- c:\windows\system32\aticfx64.dll
    2012-10-03 18:43 . 2010-09-29 01:14 54784 —-a-w- c:\windows\system32\atiuxp64.dll
    2012-09-28 14:43 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2012-09-28 14:43 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2012-08-27 13:46 . 2012-08-27 13:46 283200 —-a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-08-22 20:22 . 2012-08-22 20:22 209269 —-a-w- C:\torrent.exe
    2012-08-04 15:21 . 2012-08-04 15:20 121416 —-a-w- c:\windows\system32\drivers\MijXfilt.sys
    2012-07-28 01:09 . 2012-07-28 01:09 57792 —-a-w- c:\windows\SysWow64\sirenacm.dll
    2012-07-26 17:08 . 2012-07-26 17:08 862664 —-a-w- c:\windows\SysWow64\msvcr110.dll
    2012-07-26 17:08 . 2012-07-26 17:08 534480 —-a-w- c:\windows\SysWow64\msvcp110.dll
    2012-07-26 17:08 . 2012-07-26 17:08 251864 —-a-w- c:\windows\SysWow64\vccorlib110.dll
    2012-07-26 17:08 . 2012-07-26 17:08 153536 —-a-w- c:\windows\SysWow64\atl110.dll
    2012-07-26 17:08 . 2012-07-26 17:08 115656 —-a-w- c:\windows\SysWow64\vcomp110.dll
    2012-07-26 13:22 . 2012-07-26 13:22 828872 —-a-w- c:\windows\system32\msvcr110.dll
    2012-07-26 13:22 . 2012-07-26 13:22 661448 —-a-w- c:\windows\system32\msvcp110.dll
    2012-07-26 13:22 . 2012-07-26 13:22 354264 —-a-w- c:\windows\system32\vccorlib110.dll
    2012-07-26 13:22 . 2012-07-26 13:22 177096 —-a-w- c:\windows\system32\atl110.dll
    2012-07-26 13:22 . 2012-07-26 13:22 124360 —-a-w- c:\windows\system32\vcomp110.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
    "LWS"="r:\programma's\Logitech cam\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "avgnt"="r:\programma's\Avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    .
    c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech . Productregistratie.lnk - r:\programma's\Logitech cam\Ereg\eReg.exe [2009-11-16 517384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;r:\programma's\Office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-28 1255736]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-27 283200]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-10-03 236544]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
    S2 AntiVirSchedulerService;Avira Scheduler;r:\programma's\Avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
    S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-10-03 11174400]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-10-03 343040]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-10-03 95760]
    S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
    S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-08-04 121416]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS
    usb3hub.sys [2010-01-22 77824]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS
    usb3xhc.sys [2010-01-22 180224]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 15:51]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - r:\progra~1\OFFICE~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - r:\progra~1\OFFICE~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.254
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    AddRemove-Origin - r:\games\FIFA 12\Origin\OriginUninstall.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-10-20 16:23:47
    ComboFix-quarantined-files.txt 2012-10-20 14:23
    .
    Pre-Run: 91.560.181.760 bytes beschikbaar
    Post-Run: 90.978.676.736 bytes beschikbaar
    .
    - - End Of File - - 647B1F85B3490B45C8C7F79493396AD7
    [/quote:c91f26707e]



  • Doe het volgende:

    [b:813d80b94f]Welk programma[/b:813d80b94f]:
  • Het logje:

    [quote:928a7e63a6]
    Emsisoft Emergency Kit - Versie 3.0
    Laatste Update: 22-10-2012 18:34:11

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, E:\, F:\, R:\

    Detecteer riskware: Uit
    Scan archieven: Aan
    ADS Scan: Aan
    Bestandsextensiefilter: Uit
    Geavanceerde cache: Aan
    Directe schijftoegang: Uit

    Scan gestart: 22-10-2012 18:35:21


    Gescand 521727
    Gevonden 0

    Scan geëindigd: 22-10-2012 20:12:46
    Scantijd: 1:37:25
    [/quote:928a7e63a6]

    Hij heeft niets gevonden…..ik vermoed dat het schoon is of heb je nog iets om te scannen? :D
  • Ik krijg ook de indruk dat het leed geleden is.
    Maar zekerheid is zekerheid.

    [b:5db7a3a567]Doe de ESET online scan (Klik).[/b:5db7a3a567]
    [list:5db7a3a567]
    [*:5db7a3a567]Klik op de knop [b:5db7a3a567]ESET Online Scanner[/b:5db7a3a567]
    [*:5db7a3a567]Zet een vinkje bij [b:5db7a3a567]YES, I accept the Terms of Use[/b:5db7a3a567]
    [*:5db7a3a567]Klik op [b:5db7a3a567]Start[/b:5db7a3a567]
    [*:5db7a3a567]Sta het ActiveX control toe om te installeren.
    [*:5db7a3a567]Zet een vinkje bij de volgende opties:
    [list:5db7a3a567][*:5db7a3a567][b:5db7a3a567]Remove found threats[/b:5db7a3a567]
    [*:5db7a3a567][b:5db7a3a567]Scan archives[/b:5db7a3a567][/list:u:5db7a3a567]
    [*:5db7a3a567]Klik vervolgens op [b:5db7a3a567]
  • [quote:e08ac02bf2]ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=920f484a2af30f40baf2794256e0e91c
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-10-23 10:13:18
    # local_time=2012-10-23 12:13:18 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1792 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776574 100 94 1643953 102612735 0 0
    # compatibility_mode=8192 67108863 100 0 116 116 0 0
    # scanned=215875
    # found=1
    # cleaned=1
    # scan_time=4313
    C:\torrent.exe Win32/BundleInstaller.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C[/quote:e08ac02bf2]

    Ik had ook graag geweten wat ik naast Avira en CCleaner (die gebruik ik nu al) nog kan doen om mijn pc schoon te houden.
  • Mooi resultaat van de scan; met jouw Windows is er niks aan de hand!

    Ik zal jou alvast een extra tool geven om daarmee geregeld jouw Windows op te ruimen!

    [b:6469e04ed2]Welk programma[/b:6469e04ed2]: TFC.
    [b:6469e04ed2]Waarvoor/waarom[/b:6469e04ed2]:grondige reiniging van Windows.
    [b:6469e04ed2]Moeilijkheidsgraad[/b:6469e04ed2]: geen.
    [b:6469e04ed2]Download:

    [b:6469e04ed2]TFC opstarten[/b:6469e04ed2]:
    Windows 2000 en Windows XP: dubbelklik op [b:6469e04ed2]TFC.exe[/b:6469e04ed2].
    Windows Vista en Windows 7: rechtsklik op [b:6469e04ed2]TFC.exe[/b:6469e04ed2] en kies "Als Administrator uitvoeren".
    [list:6469e04ed2][*:6469e04ed2] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
    [*:6469e04ed2] Vervolgens klik je op de knop [b:6469e04ed2]Start[/b:6469e04ed2] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
    [*:6469e04ed2] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
    [*:6469e04ed2] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
    [*:6469e04ed2] Noot: TFC vertoont geen log en je mag het tool blijven gebruiken![/list:u:6469e04ed2]

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.