Het is nu za aug 23, 2014 7:19 pm

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles




Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 8 berichten ] 
Auteur Bericht
BerichtGeplaatst: di feb 08, 2011 9:59 am 
Offline
Lid

Geregistreerd: di jan 18, 2011 5:54 pm
Berichten: 20
Besturingssysteem: Windows 7 Home Premium
Bescherming: AVG
Ik heb geprobeerd om ATI te uninstallen, en dan opnieuw te installeren, maar krijg nog steeds telkens wanneer ik mijn computer opstart de foutmelding dat de catalyst control center host application niet meer werkt.

Ik weet niet of het hierdoor komt, maar regelmatig lijkt de computer tijdens filmpjes, spelletjes of muziek te haperen.

Dit is het logje van de foutmelding:

Description:
Stopped working

Problem signature:
Problem Event Name: CLR20r3
Problem Signature 01: ccc.exe
Problem Signature 02: 3.5.0.0
Problem Signature 03: 4ca242ed
Problem Signature 04: mscorlib
Problem Signature 05: 2.0.0.0
Problem Signature 06: 4bebe8e2
Problem Signature 07: 20c8
Problem Signature 08: 143
Problem Signature 09: N3CTRYE2KN3C34SGL4ZQYRBFTE4M13NB
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 2067

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid= ... cid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

En hier is mijn hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:53:24, on 8/02/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 4300 Series\lxcemon.exe
C:\Program Files (x86)\Lexmark 4300 Series\ezprint.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Hans\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.netlog.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door Netlog
R3 - URLSearchHook: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\tbIMVU.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Flock Update] "C:\Users\Hans\AppData\Local\Flock\Update\FlockUpdate.exe" /c
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O15 - Trusted Zone: http://www.kongregate.com
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} ("Ma-Config.com control) - http://fichiers.touslesdrivers.com/maco ... _1_0_1.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-31-0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - - C:\Windows\system32\lxcecoms.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files (x86)\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11366 bytes

Ik hoop dat iemand me kan helpen. Bedankt!


Omhoog
 Profiel  
 
BerichtGeplaatst: vr feb 11, 2011 8:53 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Download TFC en sla deze op je Bureaublad op.
  • Dubbelklik op TFC.exe om het programma te openen.
  • Het programma zal alle andere programma's sluiten, zorg er dus voor dat je al je werk hebt opgeslagen voordat je verder gaat.
  • Klik op de knop Start om het programma te starten.
  • Als het programma klaar is, dan zal het je computer opnieuw opstarten.
    Als dit niet gebeurt, start dan je computer handmatig opnieuw op.


Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: di feb 15, 2011 2:17 pm 
Offline
Lid

Geregistreerd: di jan 18, 2011 5:54 pm
Berichten: 20
Besturingssysteem: Windows 7 Home Premium
Bescherming: AVG
Alvast bedankt voor de hulp. Alles is goed verlopen (ik moest eerst AVG verwijderen), hieronder de log.

ComboFix 11-02-14.02 - Hans 15/02/2011 12:29:37.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.6071.4542 [GMT 1:00]
Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\programdata\Desktop
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Hans\AppData\Roaming\inst.exe
c:\users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\THE GAME OF LIFE
c:\users\Susanne\AppData\Roaming\inst.exe
c:\windows\THE GAME OF LIFE
c:\windows\THE GAME OF LIFE \uninstall.exe

----- BITS: Mogelijk geïnfecteerde sites -----

hxxp://update.flock.com
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-01-15 to 2011-02-15 ))))))))))))))))))))))))))))))
.

2011-02-15 11:37 . 2011-02-15 11:37 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2011-02-15 10:37 . 2011-02-15 10:37 -------- d-----w- c:\users\Hans\AppData\Local\Adobe
2011-02-13 07:22 . 2011-02-13 07:22 -------- d-----w- c:\users\Hans\AppData\Local\Apple
2011-02-08 07:48 . 2011-02-08 07:48 -------- d-----w- c:\programdata\ATI
2011-02-08 07:47 . 2011-02-08 07:47 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-02-08 07:47 . 2011-02-08 07:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-02-08 07:46 . 2011-02-08 07:47 -------- d-----w- c:\program files (x86)\ATI Stream
2011-02-08 07:46 . 2011-02-08 07:47 -------- d-----w- c:\program files (x86)\ATI
2011-02-08 07:46 . 2011-02-08 07:46 -------- d-----w- c:\program files\ATI Technologies
2011-02-08 07:31 . 2011-02-08 07:31 -------- d-----w- C:\ATI
2011-01-24 18:00 . 2011-01-24 18:00 -------- d-----w- c:\users\Hans\AppData\Roaming\Vivox
2011-01-24 17:56 . 2011-02-14 20:50 -------- d-----w- c:\users\Hans\AppData\Roaming\IMVU
2011-01-18 09:54 . 2011-01-18 09:54 -------- d-----w- c:\program files (x86)\ESET
2011-01-18 08:13 . 2011-01-18 09:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-18 08:13 . 2011-01-18 09:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-01-16 21:26 . 2011-01-16 21:26 -------- dc----w- c:\programdata\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2011-01-16 21:26 . 2011-01-16 21:26 -------- d-----w- c:\programdata\Lavasoft
2011-01-16 21:26 . 2011-01-16 21:26 -------- d-----w- c:\program files (x86)\Lavasoft
2011-01-16 20:22 . 2011-01-16 20:23 -------- d-----w- c:\program files (x86)\Google
2011-01-16 20:22 . 2011-01-16 20:22 -------- d-----w- c:\users\Hans\AppData\Local\Google
2011-01-16 19:46 . 2011-01-16 19:46 -------- d-----w- c:\users\Hans\AppData\Local\The Lord of the Rings Online

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-05 03:37 . 2011-01-05 03:37 8283136 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-05 03:22 . 2011-01-05 03:22 22100480 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-05 03:03 . 2011-01-05 03:03 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-05 03:02 . 2011-01-05 03:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-05 03:02 . 2011-01-05 03:02 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-05 03:01 . 2011-01-05 03:01 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-05 02:58 . 2011-01-05 02:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-05 02:58 . 2011-01-05 02:58 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-05 02:57 . 2011-01-05 02:57 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-05 02:56 . 2011-01-05 02:56 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-05 02:56 . 2011-01-05 02:56 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-05 02:56 . 2011-01-05 02:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-05 02:55 . 2011-01-05 02:55 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-05 02:55 . 2011-01-05 02:55 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-05 02:55 . 2011-01-05 02:55 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-05 02:55 . 2011-01-05 02:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-05 02:52 . 2011-01-05 02:52 4101632 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-05 02:43 . 2010-01-14 18:30 4844544 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-05 02:33 . 2011-01-05 02:33 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-05 02:33 . 2011-01-05 02:33 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-05 02:33 . 2011-01-05 02:33 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-05 02:33 . 2010-01-14 18:30 4162048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-05 02:33 . 2011-01-05 02:33 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-05 02:33 . 2011-01-05 02:33 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-05 02:32 . 2011-01-05 02:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-05 02:32 . 2010-01-14 18:30 3218944 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-05 02:31 . 2011-01-05 02:31 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-05 02:28 . 2011-01-05 02:28 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-05 02:27 . 2010-01-14 18:30 5305856 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-05 02:25 . 2010-01-14 18:30 3461120 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-05 02:20 . 2011-01-05 02:20 353792 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-05 02:20 . 2011-01-05 02:20 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-05 02:19 . 2011-01-05 02:19 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 32256 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-05 02:19 . 2011-01-05 02:19 27648 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 294400 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-05 02:18 . 2011-01-05 02:18 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-05 02:18 . 2011-01-05 02:18 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-05 02:18 . 2011-01-05 02:18 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-05 02:18 . 2011-01-05 02:18 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-05 02:17 . 2011-01-05 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-12-20 17:09 . 2011-01-12 21:20 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-12 21:20 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\tbIMVU.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2010-10-18 11:26 3908192 ----a-w- c:\program files (x86)\IMVU_Inc\tbIMVU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\tbIMVU.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Flock Update"="c:\users\Hans\AppData\Local\Flock\Update\FlockUpdate.exe" [2010-10-25 136312]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-01-13 3046808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-05-01 15872]
R3 maconfservice;Ma-Config Service;c:\program files (x86)\ma-config.com\maconfservice.exe [2010-05-01 271728]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-05 203776]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-05 294400]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [2009-08-21 543872]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [2009-08-21 39936]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 netr28ux;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhoud van de 'Gedeelde Taken' map

2011-02-01 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2352102947-2679591395-2865643605-1006Core.job
- c:\users\Hans\AppData\Local\Flock\Update\FlockUpdate.exe [2010-10-25 22:06]

2011-02-15 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2352102947-2679591395-2865643605-1006UA.job
- c:\users\Hans\AppData\Local\Flock\Update\FlockUpdate.exe [2010-10-25 22:06]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 20:22]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 20:22]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352102947-2679591395-2865643605-1001Core.job
- c:\users\Susanne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 05:15]

2011-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352102947-2679591395-2865643605-1001UA.job
- c:\users\Susanne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 05:15]

2010-10-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCEtime.dll" [2007-02-22 28672]
"lxcemon.exe"="c:\program files (x86)\Lexmark 4300 Series\lxcemon.exe" [2007-05-17 205744]
"EzPrint"="c:\program files (x86)\Lexmark 4300 Series\ezprint.exe" [2007-05-17 103344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: kongregate.com\www
FF - ProfilePath - c:\users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\74hggam8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT26126 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4beb9294 ... g=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Space: {B9C8BE50-7105-4ec6-8FB4-4935C0671648} - %profile%\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
FF - Ext: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - %profile%\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
.
- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKCU-Run-Power2GoExpress - (no file)
Wow6432Node-HKLM-Run-HP Remote Solution - %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-THE GAME OF LIFE - c:\windows\THE GAME OF LIFE \uninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Voltooingstijd: 2011-02-15 13:06:38 - machine werd herstart
ComboFix-quarantined-files.txt 2011-02-15 12:06

Pre-Run: 557.354.770.432 bytes free
Post-Run: 556.851.810.304 bytes free

- - End Of File - - 9FBD7EDC723BC14137C6CE36AB715BE4


Omhoog
 Profiel  
 
BerichtGeplaatst: di feb 15, 2011 4:59 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Scan het volgende bestand bij Jotti: http://virusscan.jotti.org/

c:\users\Hans\AppData\Local\Flock\Update\FlockUpdate.exe

Post het resultaat.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: di feb 15, 2011 6:06 pm 
Offline
Lid

Geregistreerd: di jan 18, 2011 5:54 pm
Berichten: 20
Besturingssysteem: Windows 7 Home Premium
Bescherming: AVG
Filename: FlockUpdate.exe
Status: Scan finished. 0 out of 18 scanners reported malware.
Scan taken on: Thu 1 Jul 2010 18:21:21 (CET) Permalink


Omhoog
 Profiel  
 
BerichtGeplaatst: di feb 15, 2011 8:12 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
ah prima, verwijder handmatig combofix en start opnieuw op. Download combofix opnieuw en start het, plaats de uitslag aub.

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
BerichtGeplaatst: wo feb 16, 2011 2:04 pm 
Offline
Lid

Geregistreerd: di jan 18, 2011 5:54 pm
Berichten: 20
Besturingssysteem: Windows 7 Home Premium
Bescherming: AVG
Hieronder de log:

ComboFix 11-02-15.04 - Hans 16/02/2011 11:32:15.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1033.18.6071.4626 [GMT 1:00]
Gestart vanuit: c:\users\Hans\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((( Bestanden Gemaakt van 2011-01-16 to 2011-02-16 ))))))))))))))))))))))))))))))
.

2011-02-16 10:42 . 2011-02-16 10:42 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2011-02-16 10:42 . 2011-02-16 10:42 -------- d-----w- c:\users\Shannon\AppData\Local\temp
2011-02-16 10:42 . 2011-02-16 10:42 -------- d-----w- c:\users\Sam\AppData\Local\temp
2011-02-16 10:42 . 2011-02-16 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-16 10:42 . 2011-02-16 10:42 -------- d-----w- c:\users\Brianna\AppData\Local\temp
2011-02-16 10:27 . 2011-02-02 16:10 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18646DFA-4E6C-4937-B966-DB1C31A13681}\mpengine.dll
2011-02-15 10:37 . 2011-02-15 10:37 -------- d-----w- c:\users\Hans\AppData\Local\Adobe
2011-02-13 07:22 . 2011-02-13 07:22 -------- d-----w- c:\users\Hans\AppData\Local\Apple
2011-02-08 07:48 . 2011-02-08 07:48 -------- d-----w- c:\programdata\ATI
2011-02-08 07:47 . 2011-02-08 07:47 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-02-08 07:47 . 2011-02-08 07:47 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-02-08 07:46 . 2011-02-08 07:47 -------- d-----w- c:\program files (x86)\ATI Stream
2011-02-08 07:46 . 2011-02-08 07:47 -------- d-----w- c:\program files (x86)\ATI
2011-02-08 07:46 . 2011-02-08 07:46 -------- d-----w- c:\program files\ATI Technologies
2011-02-08 07:31 . 2011-02-08 07:31 -------- d-----w- C:\ATI
2011-01-24 18:00 . 2011-01-24 18:00 -------- d-----w- c:\users\Hans\AppData\Roaming\Vivox
2011-01-24 17:56 . 2011-02-14 20:50 -------- d-----w- c:\users\Hans\AppData\Roaming\IMVU
2011-01-18 09:54 . 2011-01-18 09:54 -------- d-----w- c:\program files (x86)\ESET
2011-01-18 08:13 . 2011-01-18 09:42 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-01-18 08:13 . 2011-01-18 09:31 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 16:11 . 2010-07-23 21:58 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-05 03:37 . 2011-01-05 03:37 8283136 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-01-05 03:22 . 2011-01-05 03:22 22100480 ----a-w- c:\windows\system32\atio6axx.dll
2011-01-05 03:03 . 2011-01-05 03:03 17043968 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-01-05 03:02 . 2011-01-05 03:02 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-01-05 03:02 . 2011-01-05 03:02 596480 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-01-05 03:01 . 2011-01-05 03:01 708608 ----a-w- c:\windows\system32\aticfx64.dll
2011-01-05 02:58 . 2011-01-05 02:58 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-01-05 02:58 . 2011-01-05 02:58 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-01-05 02:57 . 2011-01-05 02:57 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-01-05 02:56 . 2011-01-05 02:56 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-01-05 02:56 . 2011-01-05 02:56 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-01-05 02:56 . 2011-01-05 02:56 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-01-05 02:55 . 2011-01-05 02:55 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-01-05 02:55 . 2011-01-05 02:55 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-01-05 02:55 . 2011-01-05 02:55 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-01-05 02:55 . 2011-01-05 02:55 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-01-05 02:52 . 2011-01-05 02:52 4101632 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-01-05 02:43 . 2010-01-14 18:30 4844544 ----a-w- c:\windows\system32\atidxx64.dll
2011-01-05 02:33 . 2011-01-05 02:33 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-01-05 02:33 . 2011-01-05 02:33 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-01-05 02:33 . 2011-01-05 02:33 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-01-05 02:33 . 2010-01-14 18:30 4162048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-01-05 02:33 . 2011-01-05 02:33 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-01-05 02:33 . 2011-01-05 02:33 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
2011-01-05 02:32 . 2011-01-05 02:32 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-01-05 02:32 . 2010-01-14 18:30 3218944 ----a-w- c:\windows\system32\atiumd6a.dll
2011-01-05 02:31 . 2011-01-05 02:31 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-01-05 02:28 . 2011-01-05 02:28 58880 ----a-w- c:\windows\system32\coinst.dll
2011-01-05 02:27 . 2010-01-14 18:30 5305856 ----a-w- c:\windows\system32\atiumd64.dll
2011-01-05 02:25 . 2010-01-14 18:30 3461120 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-01-05 02:20 . 2011-01-05 02:20 353792 ----a-w- c:\windows\system32\atiadlxx.dll
2011-01-05 02:20 . 2011-01-05 02:20 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-01-05 02:19 . 2011-01-05 02:19 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 32256 ----a-w- c:\windows\system32\atig6txx.dll
2011-01-05 02:19 . 2011-01-05 02:19 27648 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-01-05 02:19 . 2011-01-05 02:19 294400 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-01-05 02:18 . 2011-01-05 02:18 39936 ----a-w- c:\windows\system32\atiuxp64.dll
2011-01-05 02:18 . 2011-01-05 02:18 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-01-05 02:18 . 2011-01-05 02:18 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-01-05 02:18 . 2011-01-05 02:18 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-01-05 02:17 . 2011-01-05 02:17 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-01-05 02:11 . 2011-01-05 02:11 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-01-05 02:11 . 2011-01-05 02:11 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2010-12-20 17:09 . 2011-01-12 21:20 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2011-01-12 21:20 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 11:17 . 2010-12-07 11:17 51200 ----a-w- c:\windows\SysWow64\OpenCL.dll
2010-12-07 11:15 . 2010-12-07 11:15 52736 ----a-w- c:\windows\system32\OpenCL.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-02-15_12.03.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-14 09:54 . 2011-02-16 10:24 47744 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-02-15 11:17 29720 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-02-16 10:24 29720 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-03-13 09:15 . 2011-02-16 10:24 14910 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2352102947-2679591395-2865643605-1006_UserData.bin
+ 2010-03-09 19:24 . 2011-02-15 19:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-09 19:24 . 2011-02-15 11:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-15 11:12 . 2011-02-15 19:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-02-15 11:12 . 2011-02-15 11:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-02-15 19:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-02-15 11:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-09 21:28 . 2011-02-15 11:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-09 21:28 . 2011-02-16 11:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2011-02-15 21:15 78720 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-03-09 21:28 . 2011-02-15 11:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-09 21:28 . 2011-02-16 11:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-03-09 21:28 . 2011-02-16 11:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-09 21:28 . 2011-02-15 11:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-03-09 19:34 . 2011-02-15 11:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-03-09 19:34 . 2011-02-16 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-03-09 19:34 . 2011-02-15 11:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-09 19:34 . 2011-02-16 11:19 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-23 23:26 . 2011-02-15 12:20 3040 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-12-07 09:34 . 2011-02-15 16:10 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat
- 2010-12-07 09:34 . 2011-02-02 23:34 8192 c:\windows\system32\Microsoft\Protect\Recovery\Recovery.dat
+ 2011-02-16 11:18 . 2011-02-16 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-02-15 11:38 . 2011-02-15 11:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-02-16 11:18 . 2011-02-16 11:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-15 11:38 . 2011-02-15 11:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-03-09 21:28 . 2011-02-15 15:41 343366 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2011-02-16 10:48 615760 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-15 11:19 615760 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-02-15 11:19 107396 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-02-16 10:48 107396 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-02-16 10:43 346184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-02-15 11:37 346184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-03-10 02:17 . 2011-02-15 21:00 2101112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-03-10 23:24 . 2011-02-16 10:43 1284648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2352102947-2679591395-2865643605-1006-8192.dat
- 2010-03-10 23:24 . 2011-02-15 11:12 1284648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2352102947-2679591395-2865643605-1006-8192.dat
- 2010-03-10 23:24 . 2011-02-13 21:08 1284648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2352102947-2679591395-2865643605-1004-8192.dat
+ 2010-03-10 23:24 . 2011-02-15 21:00 1284648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2352102947-2679591395-2865643605-1004-8192.dat
- 2010-03-13 03:07 . 2011-01-31 21:10 1284648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2352102947-2679591395-2865643605-1003-8192.dat
+ 2010-03-13 03:07 . 2011-02-15 21:00 1284648 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2352102947-2679591395-2865643605-1003-8192.dat
- 2009-07-14 02:34 . 2011-02-15 11:54 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-02-16 10:59 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\tbIMVU.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90b49673-5506-483e-b92b-ca0265bd9ca8}]
2010-10-18 11:26 3908192 ----a-w- c:\program files (x86)\IMVU_Inc\tbIMVU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{90b49673-5506-483e-b92b-ca0265bd9ca8}"= "c:\program files (x86)\IMVU_Inc\tbIMVU.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{90b49673-5506-483e-b92b-ca0265bd9ca8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Flock Update"="c:\users\Hans\AppData\Local\Flock\Update\FlockUpdate.exe" [2010-10-25 136312]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-01-13 3046808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 136176]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files (x86)\ma-config.com\Drivers\driverhardwarev2x64.sys [2010-05-01 15872]
R3 maconfservice;Ma-Config Service;c:\program files (x86)\ma-config.com\maconfservice.exe [2010-05-01 271728]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-19 1255736]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-01-05 203776]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-01-05 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-01-05 294400]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [2009-08-21 543872]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [2009-08-21 39936]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 netr28ux;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Inhoud van de 'Gedeelde Taken' map

2011-02-01 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2352102947-2679591395-2865643605-1006Core.job
- c:\users\Hans\AppData\Local\Flock\Update\FlockUpdate.exe [2010-10-25 22:06]

2011-02-16 c:\windows\Tasks\FlockUpdateTaskUserS-1-5-21-2352102947-2679591395-2865643605-1006UA.job
- c:\users\Hans\AppData\Local\Flock\Update\FlockUpdate.exe [2010-10-25 22:06]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 20:22]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-16 20:22]

2011-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352102947-2679591395-2865643605-1001Core.job
- c:\users\Susanne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 05:15]

2011-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2352102947-2679591395-2865643605-1001UA.job
- c:\users\Susanne\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-07 05:15]

2010-10-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-09-14 610360]
"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]
"LXCECATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCEtime.dll" [2007-02-22 28672]
"lxcemon.exe"="c:\program files (x86)\Lexmark 4300 Series\lxcemon.exe" [2007-05-17 205744]
"EzPrint"="c:\program files (x86)\Lexmark 4300 Series\ezprint.exe" [2007-05-17 103344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: kongregate.com\www
FF - ProfilePath - c:\users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\74hggam8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT26126 ... hSource=13
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4beb9294 ... g=en-GB&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Gmail Space: {B9C8BE50-7105-4ec6-8FB4-4935C0671648} - %profile%\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
FF - Ext: IMVU Inc Toolbar: {90b49673-5506-483e-b92b-ca0265bd9ca8} - %profile%\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
.
- - - - ORPHANS VERWIJDERD - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{90B49673-5506-483E-B92B-CA0265BD9CA8} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
AddRemove-THE GAME OF LIFE - c:\windows\THE GAME OF LIFE \uninstall.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Voltooingstijd: 2011-02-16 12:22:50 - machine werd herstart
ComboFix-quarantined-files.txt 2011-02-16 11:22
ComboFix2.txt 2011-02-15 12:06

Pre-Run: 556.674.924.544 bytes free
Post-Run: 556.295.159.808 bytes free

- - End Of File - - 8DF9B88B99267C5320DD78C1F6F82895


Omhoog
 Profiel  
 
BerichtGeplaatst: wo feb 16, 2011 3:48 pm 
Offline
Moderator
Avatar gebruiker

Geregistreerd: wo apr 13, 2005 3:54 pm
Berichten: 33552
Woonplaats: Kotje aan de kust.
Besturingssysteem: Windows 7
Bescherming: Malwarebytes pro
Prima dacht ik, nog ergens last van ?

_________________
****Afbeelding****
Lid van Team Opleiding.

traagheidtips
Keuze in AV
wat is een rootkit


Omhoog
 Profiel  
 
Geef de vorige berichten weer:  Sorteer op  
Dit onderwerp is gesloten, je kunt geen berichten wijzigen of nieuwe antwoorden plaatsen  [ 8 berichten ] 

Forumoverzicht » RSIT/DDS/HijackThis logfiles » Opgeloste RSIT/DDS/HijackThis logfiles


Wie is er online

Gebruikers op dit forum: Bing [Bot] en 2 gasten


Je mag geen nieuwe onderwerpen in dit forum plaatsen
Je mag niet antwoorden op een onderwerp in dit forum
Je mag je berichten in dit forum niet wijzigen
Je mag je berichten niet uit dit forum verwijderen
Je mag geen bijlagen toevoegen in dit forum

Ga naar:  
Powered by phpBB® Forum Software © phpBB Group
phpBB.nl Vertaling