Vraag & Antwoord
Verdacht op vervuilde PC
13 antwoorden
- Mijn PC doet een beetje raar……lastig te omschrijven wat er precies schaalt…dat is een gevoel.
Ik heb vanmiddag bij het downloaden wel per ongeluk wat "rotzooi" gedownload volgens mij, in de vorm van spam. Ik dacht dat het iets was dat ik nodig had, maar er stonden ineens dingen genaamd "Sweet IM" etc. op mijn pc. Ook VERMOED ik dat er zomaar bestanden van mijn bureaublad verdwenen. Toch even alles geback-upt naar externe HD. Mijn Avira heeft nog niets gemeld in ieder geval.
Ik heb vanmiddag al een MBAM scan gedaan met 3 detecties (scan voortijdig moeten afbreken). Deze 3 zijn verwijderd (logje staat onderaan "eerste" genaamd). Net een volledige scan moeten doen en niets gevonden (logje genaamd "laatste). Dus
1) HJT logje
2) MBAM logje waarbij wel wat gevonden is (dit was de eerste scan van MBAM)…heet "eerste"
3) MBAM logje waarbij niets gevonden is (dit was de tweede scan van MBAM)…heet "laatste"
Ik hoop dat e.e.a. zo begrijpelijk is….:oops:
Wie wil er even naar willen kijken?
[quote:41372837c1][b:41372837c1][u:41372837c1]HJT LOGJE:[/u:41372837c1][/b:41372837c1]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:10, on 19-10-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
R:\Programma's\Logitech cam\LWS\Webcam Software\LWS.exe
R:\Programma's\Avira\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
R:\Programma's\Logitech cam\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
R:\Programma's\Avira\Avira\AntiVir Desktop\avconfig.exe
R:\Programma's\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=6&barid={2EC89AD2-19FC-11E2-82BB-485B39EEA590}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10011&barid={2EC89AD2-19FC-11E2-82BB-485B39EEA590}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - R:\PROGRA~1\OFFICE~1\Office14\GROOVEEX.DLL
O2 - BHO: Aanmeldhulp voor Microsoft-account - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - R:\PROGRA~1\OFFICE~1\Office14\URLREDIR.DLL
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [LWS] R:\Programma's\Logitech cam\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [avgnt] "R:\Programma's\Avira\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - Startup: Logitech . Productregistratie.lnk = R:\Programma's\Logitech cam\Ereg\eReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://R:\PROGRA~1\OFFICE~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://R:\PROGRA~1\OFFICE~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - R:\Programma's\Office 2010\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - R:\Programma's\Office 2010\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - R:\Programma's\Office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - R:\Programma's\Office 2010\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - R:\Programma's\Avira\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - R:\Programma's\Avira\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 9201 bytes
[/quote:41372837c1]
[quote:41372837c1][u:41372837c1][b:41372837c1]MBAM logje EERSTE[/b:41372837c1][/u:41372837c1]
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Databaseversie: v2012.10.19.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Remco :: REMCO-PC [administrator]
19-10-2012 17:52:46
mbam-log-2012-10-19 (17-52-46).txt
Scantype: Volledige scan (C:\|E:\|F:\|R:\|)
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 236929
Verstreken tijd: 45 minuut/minuten, 31 seconde(n) [beëindigd]
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 3
C:\Users\Remco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CQAB6XRL\v378[1].exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Remco\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XKF5PAS1\SaveAs[1].exe (Affiliate.Downloader) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Remco\Desktop\RemoveWAT22.exe (HackTool.Wpakill) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
[/quote:41372837c1]
[quote:41372837c1][b:41372837c1][u:41372837c1]MBAM logje LAATSTE:[/u:41372837c1][/b:41372837c1]
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Databaseversie: v2012.10.19.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Remco :: REMCO-PC [administrator]
19-10-2012 20:19:31
mbam-log-2012-10-19 (20-19-31).txt
Scantype: Volledige scan (C:\|E:\|F:\|R:\|)
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 423302
Verstreken tijd: 1 uur/uren, 3 minuut/minuten, 14 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
[/quote:41372837c1] - Is jouw Windows 7 niet legitiem?
- Geen idee of mijn windows legitiem is, een vriend van me heeft hem voor me geïnstalleerd een tijdje terug omdat ik er geen software en tijd voor had. Hoezo? Ik merk er niets aan….zou er niet blij mee zijn als hij niet legitiem is 😠
Ik ga morgen meteen aan de slag met jou stappenplan! - RemoveWAT22.exe komt voor in het log, dus lijkt mij dat windows 7 dus niet legaal is.
- verdomme…….fijne vriend dus -.- kan ik me dus toch nog voor 400 euro een legitieme gaan aanschaffen….-.-
Ik ga aan de slag met het stappenplan van Abraham54….ik hoop dat jullie mij wel nog hierin willen bijstaan nu? :oops: - 400 euro voor windows 7??
- Had je echt verwacht een legale W7 voor niks te krijgen…?
voor 86.50 heb je deze:
http://afuture.nl/productview.php?productID=213460 - Nee, legaal voor niks natuurlijk niet, maar ik heb altijd prijzen van honderden euri gezien voor windows versies. Die vriend zei dat hij me dat wel legaal kon installeren….weet ik veel hoe dat werkt. Nouja, weer wat geleerd in ieder geval. Bedankt voor het linkje! :-)
Bij deze de logjes van AwdCleaner en Combofix:
[quote:c91f26707e][b:c91f26707e][u:c91f26707e]AwdCleaner[/u:c91f26707e][/b:c91f26707e]
# AdwCleaner v2.005 - Verslag gemaakt op 20/10/2012 om 16:09:02
# Geactualiseerd op 14/10/2012 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruiker : Remco - REMCO-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Remco\Desktop\adwcleaner.exe
# Optie [Verwijderen]
***** [Diensten] *****
***** [Files / Mappen] *****
Map Verwijdert : C:\Program Files (x86)\Smartdl
Map Verwijdert : C:\Program Files (x86)\SweetIM
Map Verwijdert : C:\ProgramData\InstallMate
Map Verwijdert : C:\ProgramData\Premium
Map Verwijdert : C:\ProgramData\SweetIM
Map Verwijdert : C:\Users\Frans\AppData\LocalLow\SweetIM
***** [Register] *****
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\Software\Iminent
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
***** [Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={2EC89AD2-19FC-11E2-82BB-485B39EEA590} –> hxxp://www.google.com
Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?st=6&barid={2EC89AD2-19FC-11E2-82BB-485B39EEA590} –> hxxp://www.google.com
-\\ Opera v12.2.1578.0
File : C:\Users\Remco\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] De file bevat geen enkele ongeoorloofde invoer.
File : C:\Users\Frans\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] De file bevat geen enkele ongeoorloofde invoer.
*************************
AdwCleaner[S1].txt - [6032 octets] - [20/10/2012 16:09:02]
########## EOF - C:\AdwCleaner[S1].txt - [6092 octets] ##########
[/quote:c91f26707e]
[quote:c91f26707e][b:c91f26707e][u:c91f26707e]Combofix[/u:c91f26707e][/b:c91f26707e]
ComboFix 12-10-19.01 - Remco 20-10-2012 16:17:57.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.4094.2887 [GMT 2:00]
Gestart vanuit: c:\users\Remco\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-20 to 2012-10-20 ))))))))))))))))))))))))))))))
.
.
2012-10-20 14:21 . 2012-10-20 14:21 ——– d—–w- c:\users\Frans\AppData\Local\temp
2012-10-20 14:21 . 2012-10-20 14:21 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-10-19 18:45 . 2012-10-19 18:46 ——– d—–r- c:\users\Public\Sample Pictures
2012-10-19 18:36 . 2012-10-19 18:36 388096 —-a-r- c:\users\Remco\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-10-19 18:24 . 2012-10-19 18:24 ——– d—–w- c:\users\Frans\AppData\Local\Microsoft Help
2012-10-19 17:07 . 2012-10-19 17:47 ——– d—–w- c:\program files\Common Files\Adobe
2012-10-19 17:05 . 2012-10-19 17:05 ——– d—–w- c:\program files (x86)\Adobe Media Player
2012-10-19 15:38 . 2012-10-19 15:38 ——– d—–w- c:\users\Remco\AppData\Roaming\Malwarebytes
2012-10-19 15:38 . 2012-10-19 15:38 ——– d—–w- c:\programdata\Malwarebytes
2012-10-19 15:38 . 2012-09-29 17:54 25928 —-a-w- c:\windows\system32\drivers\mbam.sys
2012-10-19 15:25 . 2012-10-19 15:25 ——– d—–w- c:\users\Remco\AppData\Local\DownTango
2012-10-19 15:25 . 2012-10-19 15:25 ——– d—–w- c:\program files (x86)\Red Sky
2012-10-19 14:49 . 2012-10-19 14:51 ——– d—–w- c:\windows\system32\appmgmt
2012-10-19 14:49 . 2012-10-19 14:49 ——– d—–w- c:\program files (x86)\OnlineHD.TV
2012-10-19 14:41 . 2012-10-19 14:41 ——– d—–w- c:\users\Remco\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-10-18 17:23 . 2012-10-19 17:10 ——– d—–w- c:\programdata\regid.1986-12.com.adobe
2012-10-18 17:12 . 2012-10-19 14:43 ——– d—–w- c:\program files (x86)\Common Files\Adobe AIR
2012-10-18 17:07 . 2012-10-18 17:07 ——– d—–w- c:\users\Remco\AppData\Local\Diagnostics
2012-10-17 13:19 . 2012-10-17 13:19 ——– d—–w- c:\users\Remco\AppData\Roaming\Avira
2012-10-17 13:13 . 2012-10-01 15:14 129576 —-a-w- c:\windows\system32\drivers\avipbb.sys
2012-10-17 13:13 . 2012-09-24 07:58 27800 —-a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-17 13:13 . 2012-09-13 13:52 99248 —-a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-17 13:13 . 2012-10-17 13:13 ——– d—–w- c:\programdata\Avira
2012-10-14 17:46 . 2012-10-19 18:30 ——– d—–w- c:\users\Remco\AppData\Roaming\uTorrent
2012-10-05 14:51 . 2012-10-05 14:51 ——– d—–w- c:\users\Remco\AppData\Local\Logitech® Webcam Software
2012-10-05 14:49 . 2012-10-05 14:49 ——– d—–w- c:\users\Remco\AppData\Local\LogiShrd
2012-10-05 14:46 . 2012-10-05 14:46 ——– d—–w- c:\program files (x86)\Logitech
2012-10-05 14:46 . 2012-10-05 14:46 ——– d—–w- c:\programdata\LogiShrd
2012-10-05 14:46 . 2012-10-05 14:46 53248 —-a-r- c:\users\Remco\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-10-05 14:46 . 2012-10-05 14:46 ——– d—–w- c:\users\Remco\AppData\Roaming\Leadertech
2012-10-05 14:45 . 2012-10-05 14:45 ——– d—–w- c:\programdata\Logitech
2012-10-05 14:44 . 2012-10-05 14:44 ——– d—–w- c:\program files (x86)\Common Files\LWS
2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\SysWow64\en
2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\SysWow64\drivers\UMDF\en-US
2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\SysWow64\0409
2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\SysWow64\wbem\en-US
2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\system32\en
2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\system32\drivers\UMDF\en-US
2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\system32\drivers\en-US
2012-10-04 08:22 . 2012-10-04 08:22 ——– d—–w- c:\windows\system32\0409
2012-10-04 08:21 . 2012-10-04 08:21 ——– d—–w- c:\windows\system32\wbem\en-US
2012-10-04 08:08 . 2009-07-13 16:30 3584 —-a-w- c:\windows\system32\Spool\prtprocs\x64\en-US\LXKPTPRC.DLL.mui
2012-10-04 08:05 . 2012-10-04 08:05 ——– d—–w- c:\windows\de-DE
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\drivers\UMDF\de-DE
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\drivers\de-DE
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\de
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\0407
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\SysWow64\wbem\de-DE
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\0407
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\drivers\de-DE
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\drivers\UMDF\de-DE
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\de
2012-10-04 08:04 . 2012-10-04 08:04 ——– d—–w- c:\windows\system32\wbem\de-DE
2012-10-04 07:42 . 2009-07-13 17:05 3584 —-a-w- c:\windows\system32\Spool\prtprocs\x64\de-DE\LXKPTPRC.DLL.mui
2012-10-04 07:24 . 2012-05-04 11:00 366592 —-a-w- c:\windows\system32\qdvd.dll
2012-10-04 07:24 . 2012-05-04 09:59 514560 —-a-w- c:\windows\SysWow64\qdvd.dll
2012-10-03 18:51 . 2012-10-03 18:51 ——– d—–w- c:\users\Remco\AppData\Local\AMD
2012-10-03 18:51 . 2012-10-03 18:51 ——– d—–w- c:\programdata\ATI
2012-10-03 18:50 . 2012-10-03 18:50 ——– d—–w- c:\program files (x86)\AMD AVT
2012-10-03 18:50 . 2012-10-03 18:50 ——– d—–w- c:\program files (x86)\AMD APP
2012-10-03 18:49 . 2012-10-03 18:50 ——– d—–w- c:\programdata\AMD
2012-10-03 18:49 . 2010-02-18 07:18 46136 —-a-w- c:\windows\system32\drivers\amdiox64.sys
2012-10-03 18:45 . 2012-10-03 18:45 343040 —-a-w- c:\windows\system32\drivers\atikmpag.sys
2012-10-03 18:45 . 2012-10-03 18:45 53248 —-a-w- c:\windows\system32\drivers\ati2erec.dll
2012-10-03 18:45 . 2012-10-03 18:45 503808 —-a-w- c:\windows\system32\atieclxx.exe
2012-10-03 18:45 . 2012-10-03 18:45 442368 —-a-w- c:\windows\system32\ATIDEMGX.dll
2012-10-03 18:45 . 2012-10-03 18:45 44544 —-a-w- c:\windows\system32\aticalcl64.dll
2012-10-03 18:45 . 2012-10-03 18:45 41984 —-a-w- c:\windows\system32\atig6txx.dll
2012-10-03 18:45 . 2012-10-03 18:45 26181632 —-a-w- c:\windows\system32\atio6axx.dll
2012-10-03 18:45 . 2012-10-03 18:46 1120768 —-a-w- c:\windows\system32\atiumd6v.dll
2012-10-03 18:45 . 2012-10-03 18:45 4795904 —-a-w- c:\windows\SysWow64\atiumdva.dll
2012-10-03 18:45 . 2012-10-03 18:45 360448 —-a-w- c:\windows\SysWow64\atiadlxy.dll
2012-10-03 18:45 . 2012-10-03 18:45 17408 —-a-w- c:\windows\system32\atig6pxx.dll
2012-10-03 18:43 . 2012-10-03 18:43 1831424 —-a-w- c:\windows\SysWow64\atiumdmv.dll
2012-10-03 18:43 . 2012-10-03 18:44 6800896 —-a-w- c:\windows\SysWow64\atidxx32.dll
2012-10-03 18:43 . 2012-10-03 18:43 33280 —-a-w- c:\windows\SysWow64\atigktxx.dll
2012-10-03 18:43 . 2012-10-03 18:43 59392 —-a-w- c:\windows\system32\atiedu64.dll
2012-10-03 18:43 . 2012-10-03 18:43 21504 —-a-w- c:\windows\system32\atimuixx.dll
2012-10-03 18:43 . 2012-10-03 18:43 6203392 —-a-w- c:\windows\SysWow64\atiumdag.dll
2012-10-03 18:43 . 2012-10-03 18:43 44544 —-a-w- c:\windows\system32\atiu9p64.dll
2012-10-03 18:43 . 2012-10-03 18:43 7431680 —-a-w- c:\windows\system32\atiumd64.dll
2012-10-03 18:43 . 2012-10-03 18:43 51200 —-a-w- c:\windows\system32\aticalrt64.dll
2012-10-03 18:43 . 2012-10-03 18:43 236544 —-a-w- c:\windows\system32\atiesrxx.exe
2012-09-30 12:38 . 2012-08-22 18:12 950128 —-a-w- c:\windows\system32\drivers\ndis.sys
2012-09-30 12:38 . 2012-07-04 20:26 41472 —-a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-30 12:38 . 2012-08-22 18:12 1913200 —-a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-30 12:38 . 2012-08-22 18:12 376688 —-a-w- c:\windows\system32\drivers\netio.sys
2012-09-30 12:38 . 2012-08-22 18:12 288624 —-a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-30 12:38 . 2012-08-21 21:01 245760 —-a-w- c:\windows\system32\OxpsConverter.exe
2012-09-30 12:34 . 2012-09-30 12:34 ——– d—–w- c:\program files\Microsoft Silverlight
2012-09-30 12:34 . 2012-09-30 12:34 ——– d—–w- c:\program files (x86)\Microsoft Silverlight
2012-09-30 12:30 . 2012-10-04 16:26 ——– d—–w- c:\program files (x86)\Common Files\Steam
2012-09-30 12:28 . 2011-02-19 12:05 1139200 —-a-w- c:\windows\system32\FntCache.dll
2012-09-30 12:28 . 2011-02-19 12:04 902656 —-a-w- c:\windows\system32\d2d1.dll
2012-09-30 12:28 . 2011-02-19 06:30 739840 —-a-w- c:\windows\SysWow64\d2d1.dll
2012-09-29 08:02 . 2012-08-02 17:58 574464 —-a-w- c:\windows\system32\d3d10level9.dll
2012-09-29 08:02 . 2012-08-02 16:57 490496 —-a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-28 14:36 . 2012-09-28 14:36 ——– d—–w- c:\windows\system32\SPReview
2012-09-28 14:35 . 2012-09-28 14:35 ——– d—–w- c:\windows\system32\EventProviders
2012-09-28 14:33 . 2012-08-30 22:43 64462936 —-a-w- c:\windows\system32\MRT.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 13:04 . 2012-07-31 12:47 419840 —-a-w- c:\windows\system32\systemcpl.dll
2012-10-11 13:04 . 2012-07-31 12:47 14848 —-a-w- c:\windows\system32\slwga.dll
2012-10-11 13:04 . 2012-07-31 12:47 13824 —-a-w- c:\windows\SysWow64\slwga.dll
2012-10-09 15:51 . 2012-07-29 17:53 73656 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 15:51 . 2012-07-29 17:53 696760 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-03 18:45 . 2010-09-29 01:23 64000 —-a-w- c:\windows\system32\coinst.dll
2012-10-03 18:45 . 2010-09-29 01:37 7479296 —-a-w- c:\windows\system32\atidxx64.dll
2012-10-03 18:43 . 2010-09-29 01:13 32256 —-a-w- c:\windows\SysWow64\atiu9pag.dll
2012-10-03 18:43 . 2010-09-29 01:54 1067520 —-a-w- c:\windows\system32\aticfx64.dll
2012-10-03 18:43 . 2010-09-29 01:14 54784 —-a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 14:43 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
2012-09-28 14:43 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
2012-08-27 13:46 . 2012-08-27 13:46 283200 —-a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-22 20:22 . 2012-08-22 20:22 209269 —-a-w- C:\torrent.exe
2012-08-04 15:21 . 2012-08-04 15:20 121416 —-a-w- c:\windows\system32\drivers\MijXfilt.sys
2012-07-28 01:09 . 2012-07-28 01:09 57792 —-a-w- c:\windows\SysWow64\sirenacm.dll
2012-07-26 17:08 . 2012-07-26 17:08 862664 —-a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08 534480 —-a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 251864 —-a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08 153536 —-a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08 115656 —-a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 828872 —-a-w- c:\windows\system32\msvcr110.dll
2012-07-26 13:22 . 2012-07-26 13:22 661448 —-a-w- c:\windows\system32\msvcp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 354264 —-a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 13:22 . 2012-07-26 13:22 177096 —-a-w- c:\windows\system32\atl110.dll
2012-07-26 13:22 . 2012-07-26 13:22 124360 —-a-w- c:\windows\system32\vcomp110.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LWS"="r:\programma's\Logitech cam\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avgnt"="r:\programma's\Avira\Avira\AntiVir Desktop\avgnt.exe" [2012-09-25 386336]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
.
c:\users\Remco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Productregistratie.lnk - r:\programma's\Logitech cam\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;r:\programma's\Office 2010\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-28 1255736]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-27 283200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-10-03 236544]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AntiVirSchedulerService;Avira Scheduler;r:\programma's\Avira\Avira\AntiVir Desktop\sched.exe [2012-09-25 84256]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-10-03 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-10-03 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-10-03 95760]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [2012-01-18 25632]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-08-04 121416]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 77824]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 180224]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-29 15:51]
.
.
——— X64 Entries ———–
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - r:\progra~1\OFFICE~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - r:\progra~1\OFFICE~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.254
.
- - - - ORPHANS VERWIJDERD - - - -
.
AddRemove-Origin - r:\games\FIFA 12\Origin\OriginUninstall.exe
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-10-20 16:23:47
ComboFix-quarantined-files.txt 2012-10-20 14:23
.
Pre-Run: 91.560.181.760 bytes beschikbaar
Post-Run: 90.978.676.736 bytes beschikbaar
.
- - End Of File - - 647B1F85B3490B45C8C7F79493396AD7
[/quote:c91f26707e] - Doe het volgende:
[b:813d80b94f]Welk programma[/b:813d80b94f]: - Het logje:
[quote:928a7e63a6]
Emsisoft Emergency Kit - Versie 3.0
Laatste Update: 22-10-2012 18:34:11
Scaninstellingen:
Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, E:\, F:\, R:\
Detecteer riskware: Uit
Scan archieven: Aan
ADS Scan: Aan
Bestandsextensiefilter: Uit
Geavanceerde cache: Aan
Directe schijftoegang: Uit
Scan gestart: 22-10-2012 18:35:21
Gescand 521727
Gevonden 0
Scan geëindigd: 22-10-2012 20:12:46
Scantijd: 1:37:25
[/quote:928a7e63a6]
Hij heeft niets gevonden…..ik vermoed dat het schoon is of heb je nog iets om te scannen?
- Ik krijg ook de indruk dat het leed geleden is.
Maar zekerheid is zekerheid.
[b:5db7a3a567]Doe de ESET online scan (Klik).[/b:5db7a3a567]
[list:5db7a3a567]
[*:5db7a3a567]Klik op de knop [b:5db7a3a567]ESET Online Scanner[/b:5db7a3a567]
[*:5db7a3a567]Zet een vinkje bij [b:5db7a3a567]YES, I accept the Terms of Use[/b:5db7a3a567]
[*:5db7a3a567]Klik op [b:5db7a3a567]Start[/b:5db7a3a567]
[*:5db7a3a567]Sta het ActiveX control toe om te installeren.
[*:5db7a3a567]Zet een vinkje bij de volgende opties:
[list:5db7a3a567][*:5db7a3a567][b:5db7a3a567]Remove found threats[/b:5db7a3a567]
[*:5db7a3a567][b:5db7a3a567]Scan archives[/b:5db7a3a567][/list:u:5db7a3a567]
[*:5db7a3a567]Klik vervolgens op [b:5db7a3a567] - [quote:e08ac02bf2]ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=920f484a2af30f40baf2794256e0e91c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-23 10:13:18
# local_time=2012-10-23 12:13:18 (+0100, West-Europa (zomertijd))
# country="Netherlands"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 1643953 102612735 0 0
# compatibility_mode=8192 67108863 100 0 116 116 0 0
# scanned=215875
# found=1
# cleaned=1
# scan_time=4313
C:\torrent.exe Win32/BundleInstaller.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C[/quote:e08ac02bf2]
Ik had ook graag geweten wat ik naast Avira en CCleaner (die gebruik ik nu al) nog kan doen om mijn pc schoon te houden. - Mooi resultaat van de scan; met jouw Windows is er niks aan de hand!
Ik zal jou alvast een extra tool geven om daarmee geregeld jouw Windows op te ruimen!
[b:6469e04ed2]Welk programma[/b:6469e04ed2]: TFC.
[b:6469e04ed2]Waarvoor/waarom[/b:6469e04ed2]:grondige reiniging van Windows.
[b:6469e04ed2]Moeilijkheidsgraad[/b:6469e04ed2]: geen.
[b:6469e04ed2]Download:
[b:6469e04ed2]TFC opstarten[/b:6469e04ed2]:
Windows 2000 en Windows XP: dubbelklik op [b:6469e04ed2]TFC.exe[/b:6469e04ed2].
Windows Vista en Windows 7: rechtsklik op [b:6469e04ed2]TFC.exe[/b:6469e04ed2] en kies "Als Administrator uitvoeren".
[list:6469e04ed2][*:6469e04ed2] Niet schrikken - het tool sluit alle lopende programma's - ergo: verzeker je dus ervan, dat je werk al is opgeslagen!
[*:6469e04ed2] Vervolgens klik je op de knop [b:6469e04ed2]Start[/b:6469e04ed2] om de scan te starten. Deze scan kan kort of langer duren, wees geduldig en laat TFC zijn taak doen en wacht to TFC klaaar is.
[*:6469e04ed2] Indien TFC klaar is, dan komt de melding dat de computer opnieuw opgestart wordt.
[*:6469e04ed2] Gebeurt het afsluiten niet automatisch, start dan zelf de computer opnieuw op.
[*:6469e04ed2] Noot: TFC vertoont geen log en je mag het tool blijven gebruiken![/list:u:6469e04ed2]
Beantwoord deze vraag
Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.
