• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Microsoft word 2007

Status
Niet open voor verdere reacties.

blackwood0

Vaak hier
Lid geworden
26 jan 2011
Berichten
950
Waarderingsscore
1
Hallo,

Ik heb al lang problemen met Word 2007 maar vandaag maakt dat ***programma het te bont. Ik kan het bestand niet meer opslaan, en voordat ik een bestand open staat er : Word kan het werkbestand niet maken. Controleer de omgevingsvariabele. Ik kan niet meer printen op word. Als ik bestand wil opslaan blijft hij vragen of ik het bestand wil opslaan, en als ik nee klik dan sluit hij wel, maar dan staat er weer een foutmelding over dat de schijf vol is of beschadigt... WAT EEN ***PROGRAMMA...
Wie kan mij helpen?

Groet, Mark
 
Doe maar eerst eens het volgende:

Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Download Malwarebytes MBAM via n van deze locaties:
Allereerst:
  • Al meteen na de installatie wil 'MBAM' zijn database opwaarderen toestaan dus.
  • Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'!
Malwarebytes MBAM opstarten:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
  • Let op:
    • Malwarebytes verstrekt nu de volledige versie van MBAM.
    • Bij de eerstse start kijg je de mogelijkheid de volledige versie te gebruiken of de gratis versie.
    • Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan de optie "Weigeren" te gebruiken.
    • Zodoende zal MBAM als gratis versie verder te gebruiken zijn
mbam2.png


  • Doe ook nog het volgende:
    • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
    • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".

Scannen:
  • Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
  • Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
  • Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
Infecties gevonden:
  • Klik nu eerst op OK om de melding weg te klikken
  • Klik vervolgens rechtsonder op de knop Bekijk resultaten.
  • Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
  • Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.
MBAM-Log:
  • Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken'.
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.
 
:frusty: Mooi uitgebreid, maar wat heeft malware met microsoft word en de temp-files te maken...?

Groet, Mark

EDIT Zal de log zo snel mogelijk erop zetten
 
Malware Kan je hele pc over de zeik helpen. :rules:
 
Hier de logbestanden van 7:45 27-09-2011

(ZE KONDEN NIET IN N TXT BESTAND GEUPLOAD WORDEN)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Databaseversie: 7806

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

27-9-2011 7:45:47
mbam-log-2011-09-27 (07-45-47).txt

Scantype: Snelle scan
Objecten gescand: 193991
Verstreken tijd: 8 minuut/minuten, 13 seconde(n)

Geheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 56
Registerwaarden genfecteerd: 6
Registerdata genfecteerd: 0
Mappen genfecteerd: 15
Bestanden genfecteerd: 84

Geheugenprocessen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels genfecteerd:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E2DFD6A-4E20-4D4C-AA8B-E1F9DBEF3C80} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{714E0876-FCEE-49CE-A429-B9AD8AEFCB56} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F244A744-534D-4A46-855F-C0C7E9F27DAA} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{030C9927-10FC-4169-97A2-55BECD5D88D8} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avSofT (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSuitE (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden genfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419D-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Value: {EB620C54-E229-4942-87CE-E717109FC8C6} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{DB38E21A-0133-419d-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Value: {DB38E21A-0133-419d-92AD-ECDFD5244D6D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.

Registerdata genfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen genfecteerd:
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Bestanden genfecteerd:
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> Not selected for removal.
c:\program files (x86)\hackhound.txt (Malware.Trace) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\3.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\4.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\4.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\4.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\4.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
 

Bijlagen

  • mbam-log-2011-09-27 (07-45-47) (1).txt
    13,3 KB · Weergaven: 35
  • mbam-log-2011-09-27 (07-45-47) (2).txt
    8 KB · Weergaven: 27
Laatst bewerkt door een moderator:
ik corrigeer mezelf Malware heeft je pc goed over de zeik geholpen. maar geen zorgen. Onze ab gaat je pc weer volledig rommel vrij en soepel lopend krijgen :rules:
 
Serieus?
 
eheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 56
Registerwaarden genfecteerd: 6
Registerdata genfecteerd: 0
Mappen genfecteerd: 15
Bestanden genfecteerd: 84

Let maar op abraham gaat je hier mee helpen en je er goed vanaf helpen :smile:
 
eheugenprocessen genfecteerd: 0
Geheugenmodulen genfecteerd: 0
Registersleutels genfecteerd: 56
Registerwaarden genfecteerd: 6
Registerdata genfecteerd: 0
Mappen genfecteerd: 15
Bestanden genfecteerd: 84

Let maar op abraham gaat je hier mee helpen en je er goed vanaf helpen :smile:

Oke thx :fun:
 
Ik ga jou verplaatsen naar Hijack This om zoals de anderen je al beloofd hebben dat ik jou helpen ga!

Even dit: logs post je niet als bijlage, maar direkt in je bericht!

Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:
  • Lees alle instrukties goed door.
  • Maak je fouten bij de uitvoering van tools tijdens de fix, kan dat serieuze problemen in Windows veroorzaken.
  • Onthou je van het gebruik van tools cq. updates anders dan die ik jou adviseer te gebruiken.
  • Gebruik altijd n scanner per keer, nooit meerdere tegelijk gebruiken.
  • Hou mij op de hoogte hoe jou computer op de fix reageert - goed of slecht.
  • De fix, eenmaal gestart, moet afgewerkt worden. Zelfs indien jij denkt dat alles in orde is, zijn er mogelijk nog steeds infecties.

Stap 1
Welk programma: Trend Micro Hijack This Versie 2.0.4
Waarvoor/waarom: maakt een duidelijk overzicht van Windows door middel van een scan.
Moeilijkheidsgraad: geen, enkel Vista- en Win 7 gebruikers dienen even extra aandacht te geven.

Download de HijackThis Installer

Installatie:
  • Installeer HijackThis op de aangegeven lokatie - daarmee wordt voorkomen dat eventuele back-ups niet terugvindbaar zijn!
Gebruikers van Windows Vista en Windows 7 gaan daarna naar de installatielokatie van HijackThis.
  • Vervolgens met rechts "hijackthis.exe" aanklikken en dan "Eigenschappen" kiezen.
  • Klik nu op de tab "Comptabiliteit" en zet dan een vinkje bij "Als Administrator uitvoeren".
  • Als laatste wordt dan nog op Toepassen en OK geklikt

Hijack This gebruiken:
  • Sluit eerst alle openstaande programma's en de webbrowsers.
  • Start nu 'Hijack This' en klik vervolgens op de knop 'Do a system scan and save a logfile'
    • Start HijackThis op met het scanvenster, klik dan eerst op de knop 'Main Menu'
  • Sluit nu alle openstaande vensters en start vervolgens 'HijackThis' en kies voor 'Do a system scan and save a logfile'.
  • Ga naar DDRMMR's kleurcodeerder (Klik)
  • Kopieer en plak de inhoud van het Hijack This-logfile in het webvenster en klik op de knop 'Converteer'.
  • Kopieer en plak de inhoud van de kleurcodeerder in je aansluitende bericht.
  • Hierna mag je Hijack This weer sluiten
Stap 2
Welk programma: Microsoft Safety Scanner
Waarvoor/waarom: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.
Opmerking: Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.
Als u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.
Dowload de Microsoft Safety Scanner hier.

Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

Scannen:
  • Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'.
  • Het scannen duurt wel even, dus wees geduldig.

Stap 3
Welk programma: Malwarebytes MBAM
Waarvoor/waarom: specialistische scanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.

Malwarebytes MBAM opstarten:
Windows 2000 en Windows XP: start MBAM middels dubbelklik op de snelkoppeling.
Windows Vista en Windows 7: start MBAM middels rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.

Let op:
  • Malwarebytes MBAM nu eerst updaten

Scannen:
  • Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
  • Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
  • Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.
Infecties gevonden:
  • Klik nu eerst op OK om de melding weg te klikken
  • Klik vervolgens rechtsonder op de knop Bekijk resultaten.
  • Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven dan telkens op 'OK' klikken!
  • Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.
MBAM-Log:
  • Het log wordt automatisch bewaard door 'MBAM en dat kan je terugvinden door in het hoofdmenu van MBAM op de tab 'Logbestanden' te klikken.
Post aansluitend in je volgende bericht de inhoud van het MBAM-log.


Stap 4
Samenvattend: hierna post je in jouw volgende bericht de inhoud van de volgende logs:
  • een nieuw Hijackthis-log
  • MBAM scanlog
Tevens een Uninstall-lijst posten:
  • start HijackThis,
  • klik op de knop Open the Misc Tools section,
  • klik op de knop Open Uninstall Manager,
  • Klik op de knop Save.
 
kleurcodeerder hijack this:

[hjt]
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:01, on 27-9-2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
c:\program files (x86)\slimdrivers\slimdrivers.exe
c:\program files (x86)\hotspot shield\bin\openvpntray.exe
c:\program files (x86)\utorrent\utorrent.exe
c:\program files (x86)\steam\steam.exe
c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe
c:\program files (x86)\launch manager\lmanager.exe
c:\program files (x86)\acer\acer vcm\acervcm.exe
c:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe
c:\program files (x86)\common files\real\update_ob\realsched.exe
c:\program files (x86)\divx\divx update\divxupdate.exe
c:\program files (x86)\common files\java\java update\jusched.exe
c:\program files (x86)\microsoft office\office12\onenotem.exe
c:\program files (x86)\common files\spigot\search settings\searchsettings.exe
c:\windows\webcam\s6000\s6000mnt.exe
c:\program files (x86)\itunes\ituneshelper.exe
c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe
c:\program files (x86)\launch manager\lmworker.exe
c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe
c:\windows\syswow64\macromed\flash\flashutil10x_activex.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\trend micro\hijackthis\hijackthis.exe

r1 - hkcu\software\microsoft\internet explorer\main,default_page_url = [noparse]http://nl.msn.com/?ocid=oie9hp[/noparse]
r0 - hkcu\software\microsoft\internet explorer\main,start page = [noparse]http://www.google.nl/[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_page_url = [noparse]http://homepage.acer.com/rdr.aspx?b=acaw&l=0413&m=travelmate_5740&r=27360610l705l0464z195x4572m66p[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = [noparse]http://go.microsoft.com/fwlink/?linkid=54896[/noparse]
r1 - hklm\software\microsoft\internet explorer\main,search page = [noparse]http://nl.woofi.info[/noparse]
r0 - hklm\software\microsoft\internet explorer\main,start page = [noparse]http://nl.woofi.info[/noparse]
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hklm\software\microsoft\internet explorer\main,local page = c:\windows\syswow64\blank.htm
r1 - hkcu\software\microsoft\internet explorer\main,window title = windows internet explorer wordt aangeboden door msn and bing
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = http=127.0.0.1:5577;
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
r3 - urlsearchhook: youtube downloader toolbar - {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files (x86)\youtube downloader toolbar\ie\4.6\youtubedownloadertoolbarie.dll
r3 - urlsearchhook: (no name) - {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - (no file)
r3 - urlsearchhook: phpnukeen toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files (x86)\phpnukeen\tbphpn.dll
f2 - reg:system.ini: userinit=userinit.exe,
o2 - bho: mediabar - {0974ba1e-64ec-11de-b2a5-e43756d89593} - (no file)
o2 - bho: acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
o2 - bho: increase performance and video formats for your html5 <video> - {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files (x86)\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll
o2 - bho: aanmeldhulp voor windows live id - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: windows live messenger companion helper - {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files (x86)\windows live\companion\companioncore.dll
o2 - bho: java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
o2 - bho: phpnukeen toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files (x86)\phpnukeen\tbphpn.dll
o2 - bho: youtube downloader toolbar - {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files (x86)\youtube downloader toolbar\ie\4.6\youtubedownloadertoolbarie.dll
o2 - bho: hotspot shield class - {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files (x86)\hotspot shield\hssie\hssie.dll
o3 - toolbar: (no name) - {0974ba1e-64ec-11de-b2a5-e43756d89593} - (no file)
o3 - toolbar: phpnukeen toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files (x86)\phpnukeen\tbphpn.dll
o3 - toolbar: youtube downloader toolbar - {f3fee66e-e034-436a-86e4-9690573bee8a} - c:\program files (x86)\youtube downloader toolbar\ie\4.6\youtubedownloadertoolbarie.dll
o4 - hklm\..\run: [iastoricon] c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe
o4 - hklm\..\run: [backupmanagertray] c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe -h -k
o4 - hklm\..\run: [lmanager] c:\program files (x86)\launch manager\lmanager.exe
o4 - hklm\..\run: [virtualclonedrive] c:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe /s
o4 - hklm\..\run: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
o4 - hklm\..\run: [tkbellexe] c:\program files (x86)\common files\real\update_ob\realsched.exe -osboot
o4 - hklm\..\run: [quicktime task] c:\program files (x86)\quicktime\qttask.exe -atboottime
o4 - hklm\..\run: [divxupdate] c:\program files (x86)\divx\divx update\divxupdate.exe /checknow
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files (x86)\common files\java\java update\jusched.exe
o4 - hklm\..\run: [s6000mnt] c:\windows\syswow64\rundll32.exe s6000rmv.dll,winmainrmv /startstillmnt
o4 - hklm\..\run: [searchsettings] c:\program files (x86)\common files\spigot\search settings\searchsettings.exe
o4 - hklm\..\run: [ituneshelper] c:\program files (x86)\itunes\ituneshelper.exe
o4 - hklm\..\run: [malwarebytes' anti-malware] c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe /starttray
o4 - hkcu\..\run: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
o4 - hkcu\..\run: [utorrent] c:\program files (x86)\utorrent\utorrent.exe
o4 - hkcu\..\run: [steam] c:\program files (x86)\steam\steam.exe -silent
o4 - hkcu\..\run: [kpeernexoneu] c:\nexon\nexon_eu_downloader\nxeulauncher.exe
o4 - hkcu\..\run: [registry mechanic] c:\users\marc\desktop\rminstall_revenuewire207_10.0.1.140.exe -min
o4 - hkus\s-1-5-19\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [sidebar] %programfiles%\windows sidebar\sidebar.exe /autorun (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [mctadmin] c:\windows\system32\mctadmin.exe (user 'network service')
o4 - startup: onenote 2007 schermopname en snel starten.lnk = c:\program files (x86)\microsoft office\office12\onenotem.exe
o4 - startup: runescape hacker.exe
o4 - global startup: acer vcm.lnk = ?
o4 - global startup: gamersfirst live!.lnk = c:\program files (x86)\gamersfirst\live!\live.exe
o8 - extra context menu item: &verzenden naar onenote - res://c:\progra~2\micros~1\office14\onbttnie.dll/105
o8 - extra context menu item: e&xporteren naar microsoft excel - res://c:\progra~2\micros~1\office14\excel.exe/3000
o8 - extra context menu item: free youtube download - c:\users\marc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
o8 - extra context menu item: free youtube to mp3 converter - c:\users\marc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
o8 - extra context menu item: google sidewiki... - res://c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_2ec7709873947e87.dll/cmsidewiki.html
o9 - extra button: @c:\program files (x86)\windows live\companion\companionlang.dll,-600 - {0000036b-c524-4050-81a0-243669a86b9f} - c:\program files (x86)\windows live\companion\companioncore.dll
o9 - extra button: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1004 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: @c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1003 - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
o9 - extra button: verzenden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - (no file)
o9 - extra 'tools' menuitem: verz&enden naar onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - (no file)
o9 - extra button: research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~2\micros~1\office12\refiebar.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o10 - unknown file in winsock lsp: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
o11 - options group: [accelerated_graphics] accelerated graphics
o16 - dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501} (checkers class) - [noparse]http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[/noparse]
o16 - dpf: {5d6f45b3-9043-443d-a792-115447494d24} (unoctrl class) - [noparse]http://messenger.zone.msn.com/messengergamescontent/gamecontent/nl/uno1/game_uno1.cab[/noparse]
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) - [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse]
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - [noparse]http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab[/noparse]
o17 - hklm\system\ccs\services\tcpip\..\{685c3a43-6893-46ab-9280-072bd32f64cb}: nameserver = 10.7.8.1
o18 - protocol: wlpg - {e43ef6cd-a37a-4a9b-9e6f-83f89b8e6324} - c:\program files (x86)\windows live\photo gallery\albumdownloadprotocolhandler.dll
o20 - winlogon notify: pmhooks - c:\windows\system32\pmhooks.dll (file missing)
o23 - service: adobe acrobat update service (adobearmservice) - adobe systems incorporated - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
o23 - service: @%systemroot%\system32\alg.exe,-112 (alg) - unknown owner - c:\windows\system32\alg.exe (file missing)
o23 - service: mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
o23 - service: application updater - spigot, inc. - c:\program files (x86)\application updater\applicationupdater.exe
o23 - service: bonjour-service (bonjour service) - apple inc. - c:\program files (x86)\bonjour\mdnsresponder.exe
o23 - service: bluetooth service (btwdins) - broadcom corporation. - c:\program files\widcomm\bluetooth software\btwdins.exe
o23 - service: dritek wmi service (dsiwmiservice) - dritek system inc. - c:\program files (x86)\launch manager\dsiwmis.exe
o23 - service: @%systemroot%\system32\efssvc.dll,-100 (efs) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: acer epower service (epowersvc) - acer incorporated - c:\program files\acer\acer epower management\epowersvc.exe
o23 - service: @%systemroot%\system32\fxsresm.dll,-118 (fax) - unknown owner - c:\windows\system32\fxssvc.exe (file missing)
o23 - service: gregservice (greg_service) - acer incorporated - c:\program files (x86)\acer\registration\greghsrw.exe
o23 - service: google updateservice (gupdate) (gupdate) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: google update-service (gupdatem) (gupdatem) - google inc. - c:\program files (x86)\google\update\googleupdate.exe
o23 - service: hotspot shield service (hshld) - unknown owner - c:\program files (x86)\hotspot shield\bin\openvpnas.exe
o23 - service: hotspot shield routing service (hsssrv) - anchorfree inc. - c:\program files (x86)\hotspot shield\hsswpr\hsssrv.exe
o23 - service: hotspot shield tray service (hsstrayservice) - unknown owner - c:\program files (x86)\hotspot shield\bin\hsstrayservice.exe
o23 - service: hotspot shield monitoring service (hsswd) - unknown owner - c:\program files (x86)\hotspot shield\bin\hsswd.exe
o23 - service: intel(r) rapid storage technology (iastordatamgrsvc) - intel corporation - c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe
o23 - service: icm_updaterservice disp (icm_updaterservice) - unknown owner - c:\program files (x86)\samsung\samsung networking wizard\icm_service.exe (file missing)
o23 - service: ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: iviregmgr - intervideo - c:\program files (x86)\common files\intervideo\regmgr\iviregmgr.exe
o23 - service: @keyiso.dll,-100 (keyiso) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: logitech bluetooth service (lbtserv) - logitech, inc. - c:\program files\common files\logishrd\bluetooth\lbtserv.exe
o23 - service: intel(r) management and security application local management service (lms) - intel corporation - c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
o23 - service: mbamservice - malwarebytes corporation - c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe
o23 - service: @comres.dll,-2797 (msdtc) - unknown owner - c:\windows\system32\msdtc.exe (file missing)
o23 - service: @%systemroot%\system32\netlogon.dll,-102 (netlogon) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: nti ischedulesvc - newtech infosystems, inc. - c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe
o23 - service: nti backup now 5 backup service (ntibackupsvc) - newtech infosystems, inc. - c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe
o23 - service: nti backup now 5 scheduler service (ntischedulersvc) - newtech infosystems, inc. - c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe
o23 - service: @%systemroot%\system32\psbase.dll,-300 (protectedstorage) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: protexis licensing v2 (psi_svc_2) - protexis inc. - c:\program files (x86)\common files\protexis\license service\psiservice_2.exe
o23 - service: @%systemroot%\system32\locator.exe,-2 (rpclocator) - unknown owner - c:\windows\system32\locator.exe (file missing)
o23 - service: remote procedure call (rpc) net (rpcnet) - absolute software corp. - c:\windows\syswow64\rpcnet.exe
o23 - service: raw socket service (rs_service) - acer incorporated - c:\program files (x86)\acer\acer vcm\rs_service.exe
o23 - service: @%systemroot%\system32\samsrv.dll,-1 (samss) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\snmptrap.exe,-3 (snmptrap) - unknown owner - c:\windows\system32\snmptrap.exe (file missing)
o23 - service: @%systemroot%\system32\spoolsv.exe,-1 (spooler) - unknown owner - c:\windows\system32\spoolsv.exe (file missing)
o23 - service: @%systemroot%\system32\sppsvc.exe,-101 (sppsvc) - unknown owner - c:\windows\system32\sppsvc.exe (file missing)
o23 - service: steam client service - valve corporation - c:\program files (x86)\common files\steam\steamservice.exe
o23 - service: @%systemroot%\system32\ui0detect.exe,-101 (ui0detect) - unknown owner - c:\windows\system32\ui0detect.exe (file missing)
o23 - service: intel(r) management & security application user notification service (uns) - intel corporation - c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
o23 - service: updater service - acer - c:\program files\acer\acer updater\updaterservice.exe
o23 - service: @%systemroot%\system32\vaultsvc.dll,-1003 (vaultsvc) - unknown owner - c:\windows\system32\lsass.exe (file missing)
o23 - service: @%systemroot%\system32\vds.exe,-100 (vds) - unknown owner - c:\windows\system32\vds.exe (file missing)
o23 - service: @%systemroot%\system32\vssvc.exe,-102 (vss) - unknown owner - c:\windows\system32\vssvc.exe (file missing)
o23 - service: @%systemroot%\system32\wat\watux.exe,-601 (watadminsvc) - unknown owner - c:\windows\system32\wat\watadminsvc.exe (file missing)
o23 - service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - unknown owner - c:\windows\system32\wbengine.exe (file missing)
o23 - service: @%systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiapsrv) - unknown owner - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
o23 - service: @%programfiles%\windows media player\wmpnetwk.exe,-101 (wmpnetworksvc) - unknown owner - c:\program files (x86)\windows media player\wmpnetwk.exe (file missing)
--
end of file - 17192 bytes

[/hjt]
 
Jouw Windows is behoorlijk besmet.
Gebruik jij deze Windows ook voor internetbankieren en heb je dat ook nog onlangs gedaan.

Want er zit malware in jouw Windows die jouw identiteitsgegevens steelt!


Sluit alle openstaande webvensters - behalve dit venster, dat je sluit voor het moment, dat je op de knop Fix checked klikt!

Start nu HijackThis middels rechtsklik met Administratorrechten (lukt dat niet ga dan naar de installatielokatie van HijackThis en start "hijackthis.exe" vervolgens met administratorrechten.)en klik op de knop Do a Scan only,

r1 - hkcu\software\microsoft\windows\currentversion\int ernet settings,proxyserver = http=127.0.0.1:5577;
r3 - urlsearchhook: phpnukeen toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files (x86)\phpnukeen\tbphpn.dll
o2 - bho: phpnukeen toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files (x86)\phpnukeen\tbphpn.dll
o2 - bho: hotspot shield class - {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files (x86)\hotspot shield\hssie\hssie.dll
o3 - toolbar: (no name) - {0974ba1e-64ec-11de-b2a5-e43756d89593} - (no file)
o3 - toolbar: phpnukeen toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files (x86)\phpnukeen\tbphpn.dll
o4 - hklm\..\run: [s6000mnt] c:\windows\syswow64\rundll32.exe s6000rmv.dll,winmainrmv /startstillmnt
o4 - hklm\..\run: [searchsettings] c:\program files (x86)\common files\spigot\search settings\searchsettings.exe

o4 - hkcu\..\run: [registry mechanic] c:\users\marc\desktop\rminstall_revenuewire207_10.0.1.140.exe -min
o4 - startup: runescape hacker.exe
o20 - winlogon notify: pmhooks - c:\windows\system32\pmhooks.dll (file missing)

  • zet een vinkje voor die regel(s) welke met de bovenstaande regels corresponderen
  • Sluit nu de webbrowser en vervolgens klik je daarna op de knop Fix checked
  • Klik hierna HijackThis op uit.
Start de computer na de fix opnieuw op

N.B.: rood geaccentueerd: malware, gespecialiseerd in diefstal.


Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:
Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier
vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows 2000 en Windows XP: start ComboFix.exe middels dubbelklik op ComboFix.exe.
  • Windows Vista en Windows 7: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Illegal operation attempted on a registery key that has been marked for deletion.
  • Start dan de computer opnieuw op.
 
Had ook net ff die Microsoft Safety Scanner gedaan, maar die zegt dat alles goed is
 
Ga nu maar door met hetgeen in mijn vorige post staat, te beginnen met de verwijderingen via Hijack This.

En daarna ComboFix.

En beantwoordt ook mijn vraag omtrent internetbankieren!
 
Ja, mijn moeder doet internetbankieren op deze laptop
 
Dan kan zij het beste naar haar bank gaan om daar de pincode van de bankpas te veranderen!
 
heb die hijack gedaan en aangekruist, verwijderd, pc opnieuw opgestart
 
ComboFix succesvol gedaan log kleurcodering:

[hjt]
combofix 11-09-27.01 - marc 27-09-2011 15:35:20.1.4 - x64
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.2807.931 [gmt 2:00]
gestart vanuit: c:\users\marc\desktop\combofix.exe
av: microsoft security essentials *enabled/updated* {108dac43-c256-20b7-bb05-914135da5160}
sp: microsoft security essentials *enabled/updated* {abec4da7-e46c-2f39-81b5-aa334e5d1bdd}
sp: windows defender *disabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\cflog
c:\program files (x86)\downloaded installers
c:\program files (x86)\downloaded installers\{67cdd5a0-c572-4d2c-a354-6492b51f4138}\setup.msi
c:\program files (x86)\war_rock_20110307_g1.exe
c:\users\marc\appdata\roaming\chrtmp
c:\users\marc\crossfire_setup_v1071.exe
c:\users\marc\videos\ilividsetupv1.exe
c:\users\marc\videos\sabat.exe
c:\windows\downloaded program files\f3initialsetup1.0.1.1.inf
c:\windows\st6unst.000
c:\windows\syswow64\comct332.ocx
c:\windows\syswow64\f3pssavr.scr
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-08-27 to 2011-09-27 ))))))))))))))))))))))))))))))
.
.
2011-09-27 13:51 . 2011-09-27 13:51 -------- d-----w- c:\users\default\appdata\local\temp
2011-09-27 13:11 . 2011-09-27 13:11 69000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e416a111-49b2-48bb-93b1-4417d3b7fc11}\offreg.dll
2011-09-27 12:29 . 2011-09-27 12:29 388096 ----a-r- c:\users\marc\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\hijackthis.exe
2011-09-27 12:29 . 2011-09-27 12:29 -------- d-----w- c:\program files (x86)\trend micro
2011-09-27 05:33 . 2011-09-27 05:33 -------- d-----w- c:\users\marc\appdata\roaming\malwarebytes
2011-09-27 05:33 . 2011-09-27 05:33 -------- d-----w- c:\programdata\malwarebytes
2011-09-27 05:33 . 2011-09-27 05:33 -------- d-----w- c:\program files (x86)\malwarebytes' anti-malware
2011-09-26 17:54 . 2011-09-26 17:59 -------- d-----w- c:\users\marc\uncalled_attack
2011-09-26 16:48 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{e416a111-49b2-48bb-93b1-4417d3b7fc11}\mpengine.dll
2011-09-25 13:26 . 2011-09-25 13:31 -------- d-----w- c:\users\marc\.freemind
2011-09-25 13:26 . 2011-09-25 13:26 -------- d-----w- c:\program files (x86)\freemind
2011-09-19 05:36 . 2008-04-17 10:12 107368 ----a-w- c:\windows\syswow64\gearaspi.dll
2011-09-19 05:35 . 2011-09-19 05:35 -------- d-----w- c:\program files\ipod
2011-09-19 05:35 . 2011-09-23 12:03 -------- d-----w- c:\program files (x86)\itunes
2011-09-19 05:35 . 2011-09-19 05:36 -------- d-----w- c:\program files\itunes
2011-09-19 05:33 . 2011-09-19 05:33 -------- d-----w- c:\program files\common files\apple
2011-09-19 05:33 . 2011-09-19 05:33 -------- d-----w- c:\program files\bonjour
2011-09-19 05:33 . 2011-09-19 05:33 -------- d-----w- c:\program files (x86)\bonjour
2011-09-18 12:56 . 2011-09-23 12:00 -------- d-----w- c:\users\marc\appdata\roaming\soundspectrum
2011-09-18 12:56 . 2011-09-18 12:56 -------- d-----w- c:\users\marc\appdata\local\soundspectrum
2011-09-18 12:55 . 2011-09-23 12:03 -------- d-----w- c:\program files (x86)\soundspectrum
2011-09-17 12:53 . 2011-09-17 12:53 -------- d-----w- c:\program files (x86)\application updater
2011-09-17 12:53 . 2011-09-17 12:53 -------- d-----w- c:\program files (x86)\common files\spigot
2011-09-17 12:53 . 2011-09-17 12:53 -------- d-----w- c:\program files (x86)\youtube downloader toolbar
2011-09-17 05:34 . 2011-09-17 05:34 -------- d-----w- c:\windows\syswow64\rtcom
2011-09-17 05:33 . 2011-09-17 05:33 -------- d-----w- c:\program files\realtek
2011-09-17 05:33 . 2000-01-01 00:00 74064 ----a-w- c:\windows\syswow64\sfcom.dll
2011-09-16 19:41 . 2011-09-16 19:59 -------- d-----w- c:\programdata\hitman pro
2011-09-16 19:34 . 2011-09-16 19:35 -------- d-----w- c:\program files (x86)\cisco
2011-09-16 19:31 . 2011-09-16 19:33 -------- d-----w- c:\program files\broadcom
2011-09-16 19:28 . 2011-09-16 19:28 -------- d-----w- c:\windows\system
2011-09-16 19:28 . 2011-09-16 19:28 -------- d-----w- c:\windows\webcam
2011-09-16 19:28 . 2011-09-16 19:28 -------- d-----w- c:\windows\s60setup
2011-09-16 19:28 . 2011-09-16 19:28 -------- d-----w- c:\program files (x86)\ali
2011-09-16 19:23 . 2011-09-16 19:23 -------- d-----w- c:\users\marc\appdata\roaming\installshield
2011-09-16 18:49 . 2000-01-01 00:00 23552 ----a-w- c:\windows\syswow64\igfxexps32.dll
2011-09-16 18:49 . 2000-01-01 00:00 228864 ----a-w- c:\windows\syswow64\igfxdv32.dll
2011-09-16 18:49 . 2000-01-01 00:00 11040256 ----a-w- c:\windows\syswow64\ig4icd32.dll
2011-09-16 18:49 . 2000-01-01 00:00 870560 ----a-w- c:\windows\syswow64\igkrng575.bin
2011-09-16 18:49 . 2000-01-01 00:00 127868 ----a-w- c:\windows\syswow64\igcompkrng575.bin
2011-09-16 18:49 . 2000-01-01 00:00 104796 ----a-w- c:\windows\syswow64\igfcg575m.bin
2011-09-16 18:44 . 2011-09-16 18:44 -------- d-----w- c:\users\marc\appdata\local\slimware utilities inc
2011-09-16 18:44 . 2011-09-16 18:44 -------- d-----w- c:\program files (x86)\slimdrivers
2011-09-16 18:40 . 2011-09-16 19:27 -------- d-----w- c:\program files\fighters
2011-09-16 18:27 . 2011-09-16 19:54 -------- d-----w- c:\users\marc\appdata\local\esupport.com
2011-09-16 18:27 . 2011-09-16 18:27 21712 ----a-w- c:\windows\syswow64\drivers\drvagent64.sys
2011-09-16 18:25 . 2011-09-16 18:25 -------- d-----w- c:\users\marc\appdata\roaming\registry mechanic
2011-09-16 18:19 . 2011-09-16 18:19 -------- d-----w- c:\programdata\pc tools
2011-09-14 05:00 . 2011-06-22 22:05 755016 ----a-w- c:\program files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor50.dll
2011-09-14 05:00 . 2011-06-22 22:05 756552 ----a-w- c:\program files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll
2011-09-13 17:33 . 2011-09-13 17:42 -------- d-----w- c:\users\marc\dcv1
2011-09-09 18:02 . 2011-09-09 18:07 -------- d-----w- c:\users\marc\appdata\roaming\dpker3
2011-09-09 17:29 . 2011-09-15 05:10 -------- d--h--w- c:\users\marc\appdata\roaming\.jagex_cache_22
2011-09-09 17:07 . 2011-09-09 17:07 -------- d-----w- c:\users\marc\appdata\roaming\dll-files.com
2011-09-09 17:06 . 2011-09-16 19:59 -------- d-----w- c:\program files (x86)\dll-files.com fixer
2011-09-09 15:29 . 2011-09-09 15:29 -------- d-----w- c:\users\marc\appdata\roaming\thinstall
2011-09-09 15:29 . 2011-09-09 15:29 -------- d-----w- c:\users\marc\appdata\local\thinstall
2011-09-09 15:16 . 2011-03-25 03:35 626688 ----a-w- c:\windows\syswow64\msvcr80.dll
2011-09-09 15:14 . 2007-04-05 10:16 626688 ----a-w- c:\program files (x86)\common files\microsoft shared\office12\office setup controller\office.nl-nl\msvcr80.dll
2011-09-09 14:45 . 2011-08-19 15:07 601424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
2011-09-09 14:45 . 2011-08-19 15:07 601424 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b6c36585-6a1c-4955-8d91-d8fb94b456c5}\gapaengine.dll
2011-09-06 16:56 . 2011-09-06 18:06 -------- d-----w- c:\program files (x86)\teamviewer
2011-09-06 14:30 . 2011-09-06 14:30 -------- d-----w- c:\program files (x86)\common files\java
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\mozilla firefox\plugins\nppdf32.dll
2011-09-05 17:04 . 2011-09-05 17:04 183696 ----a-w- c:\program files (x86)\internet explorer\plugins\nppdf32.dll
2011-09-05 05:37 . 2010-09-17 08:16 72536 ----a-w- c:\windows\syswow64\perf-mssql$sqlexpress-sqlctr10.2.4000.0.dll
2011-09-05 05:34 . 2011-09-05 05:34 -------- d-----w- c:\program files\microsoft.net
2011-09-04 17:03 . 2011-09-04 17:03 -------- d-----w- c:\program files\samsung
2011-09-04 17:03 . 2011-09-04 17:03 -------- d-----w- c:\programdata\samsung
2011-09-04 14:36 . 2011-09-04 14:36 -------- d-----r- c:\sandbox
2011-09-04 14:34 . 2011-09-06 14:36 -------- d-----w- c:\program files\sandboxie
2011-09-03 19:52 . 2009-07-22 08:17 50200 ----a-w- c:\windows\syswow64\perf-sqlagent$sqlexpress-sqlagtctr10.1.2531.0.dll
2011-09-03 19:49 . 2011-09-03 19:49 -------- d-----w- c:\program files (x86)\microsoft visual studio 9.0
2011-09-03 19:49 . 2011-09-03 19:49 -------- d-----w- c:\program files\microsoft visual studio 9.0
2011-09-03 19:49 . 2011-09-03 19:49 -------- d-----w- c:\windows\syswow64\1033
2011-09-03 19:43 . 2011-09-03 19:43 -------- d-----w- c:\program files\microsoft synchronization services
2011-09-03 19:43 . 2011-09-03 19:43 -------- d-----w- c:\program files\microsoft sql server compact edition
2011-09-03 19:42 . 2011-09-03 19:42 -------- d-----w- c:\program files (x86)\microsoft synchronization services
2011-09-03 19:42 . 2011-09-04 17:34 205984 ----a-w- c:\programdata\microsoft\vbexpress\10.0\1033\resourcecache.dll
2011-09-03 19:40 . 2011-09-03 19:55 -------- d-----w- c:\program files (x86)\microsoft visual studio 10.0
2011-09-03 19:38 . 2011-09-03 19:38 -------- d-----w- c:\windows\symbols
2011-09-03 19:38 . 2011-09-03 19:38 -------- d-----w- c:\program files\microsoft visual studio 10.0
2011-09-03 19:38 . 2011-09-03 19:38 -------- d-----w- c:\program files\microsoft help viewer
2011-09-03 19:38 . 2011-09-03 19:38 -------- d-----w- c:\program files (x86)\microsoft sdks
2011-09-03 19:10 . 2011-09-05 14:30 -------- d-----w- c:\users\marc\microsoft
2011-09-03 18:53 . 2011-09-03 18:54 -------- d-----w- c:\97e1c2e55004733fd5a54f22426c02b4
2011-09-03 18:16 . 2011-09-03 18:16 -------- d-----w- c:\users\marc\appdata\local\crashrpt
2011-09-02 05:23 . 2011-09-05 14:24 -------- d-----w- c:\program files (x86)\microsoft
2011-08-30 15:51 . 2011-08-30 15:51 -------- d-----w- c:\program files (x86)\msecache
2011-08-30 14:48 . 2011-09-08 13:48 -------- d-----w- c:\addyscape
2011-08-28 18:30 . 2011-08-28 18:30 -------- d-----w- c:\program files (x86)\convert vob to avi
2011-08-28 16:59 . 2011-08-29 08:58 -------- d-----w- c:\users\marc\appdata\roaming\divx
2011-08-28 16:59 . 2011-08-28 16:59 -------- d-----w- c:\program files (x86)\common files\px storage engine
2011-08-28 16:59 . 2011-08-28 16:59 -------- d-----w- c:\program files\divx
2011-08-28 16:58 . 2011-08-28 16:59 -------- d-----w- c:\program files (x86)\common files\divx shared
2011-08-28 16:54 . 2011-08-28 17:00 -------- d-----w- c:\program files (x86)\divx
2011-08-28 16:53 . 2011-08-28 17:00 -------- d-----w- c:\programdata\divx
2011-08-28 16:46 . 2011-09-19 05:35 -------- d-----w- c:\program files (x86)\common files\apple
2011-08-28 16:45 . 2011-08-28 16:45 -------- d-----w- c:\program files (x86)\apple software update
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-27 13:12 . 2010-12-11 07:36 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2011-09-27 13:12 . 2010-06-04 19:13 58288 ----a-w- c:\windows\syswow64\rpcnet.dll
2011-09-27 05:52 . 2011-05-20 18:09 404640 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2011-09-13 00:26 . 2011-08-21 05:45 9049936 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-09-06 14:29 . 2010-06-04 13:33 472808 ----a-w- c:\windows\syswow64\deployjava1.dll
2011-08-19 06:52 . 2011-08-18 15:39 286720 ------w- c:\windows\setup1.exe
2011-08-19 06:52 . 2011-08-18 15:39 73216 ----a-w- c:\windows\st6unst.exe
2011-08-19 06:41 . 2011-08-17 18:33 235 ----a-w- c:\windows\syswow64\nxeuuninstall.bat
2011-08-19 06:41 . 2011-08-17 18:33 446464 ----a-w- c:\windows\nexon_eu_downloaderupdater.exe
2011-08-18 10:05 . 2010-04-07 07:28 17920 ----a-w- c:\windows\syswow64\rpcnetp.dll
2011-08-18 10:05 . 2010-04-07 07:27 17920 ----a-w- c:\windows\syswow64\rpcnetp.exe
2011-08-18 08:07 . 2011-08-18 08:07 1339819435 ----a-w- c:\program files (x86)\combatarms_eu.exe
2011-08-16 06:48 . 2011-08-20 10:38 8862544 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{38ab8e96-27e5-4769-aa8c-ee5cae0ead89}\mpengine.dll
2011-08-15 18:04 . 2011-08-15 18:04 499712 ----a-w- c:\windows\syswow64\msvcp71.dll
2011-08-15 18:04 . 2011-08-15 18:04 348160 ----a-w- c:\windows\syswow64\msvcr71.dll
2011-08-12 14:06 . 2011-08-12 14:06 74752 ----a-w- c:\windows\syswow64\registeriepkeys.exe
2011-08-12 14:06 . 2011-08-12 14:06 161792 ----a-w- c:\windows\syswow64\msls31.dll
2011-08-12 14:06 . 2011-08-12 14:06 1126912 ----a-w- c:\windows\syswow64\wininet.dll
2011-08-12 14:06 . 2011-08-12 14:06 86528 ----a-w- c:\windows\syswow64\iesysprep.dll
2011-08-12 14:06 . 2011-08-12 14:06 76800 ----a-w- c:\windows\syswow64\setieinstalleddate.exe
2011-08-12 14:06 . 2011-08-12 14:06 63488 ----a-w- c:\windows\syswow64\tdc.ocx
2011-08-12 14:06 . 2011-08-12 14:06 48640 ----a-w- c:\windows\syswow64\mshtmler.dll
2011-08-12 14:06 . 2011-08-12 14:06 367104 ----a-w- c:\windows\syswow64\html.iec
2011-08-12 14:06 . 2011-08-12 14:06 1797632 ----a-w- c:\windows\syswow64\jscript9.dll
2011-08-12 14:06 . 2011-08-12 14:06 110592 ----a-w- c:\windows\syswow64\ieadvpack.dll
2011-08-12 14:06 . 2011-08-12 14:06 74752 ----a-w- c:\windows\syswow64\iesetup.dll
2011-08-12 14:06 . 2011-08-12 14:06 420864 ----a-w- c:\windows\syswow64\vbscript.dll
2011-08-12 14:06 . 2011-08-12 14:06 35840 ----a-w- c:\windows\syswow64\imgutil.dll
2011-08-12 14:06 . 2011-08-12 14:06 2382848 ----a-w- c:\windows\syswow64\mshtml.tlb
2011-08-12 14:06 . 2011-08-12 14:06 23552 ----a-w- c:\windows\syswow64\licmgr10.dll
2011-08-12 14:06 . 2011-08-12 14:06 152064 ----a-w- c:\windows\syswow64\wextract.exe
2011-08-12 14:06 . 2011-08-12 14:06 150528 ----a-w- c:\windows\syswow64\iexpress.exe
2011-08-12 14:06 . 2011-08-12 14:06 142848 ----a-w- c:\windows\syswow64\ieunatt.exe
2011-08-12 14:06 . 2011-08-12 14:06 1427456 ----a-w- c:\windows\syswow64\inetcpl.cpl
2011-08-12 14:06 . 2011-08-12 14:06 11776 ----a-w- c:\windows\syswow64\mshta.exe
2011-08-12 14:06 . 2011-08-12 14:06 101888 ----a-w- c:\windows\syswow64\admparse.dll
2011-08-12 14:06 . 2011-08-12 14:06 89088 ----a-w- c:\windows\system32\registeriepkeys.exe
2011-08-12 14:06 . 2011-08-12 14:06 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-12 14:06 . 2011-08-12 14:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-08-12 14:06 . 2011-08-12 14:06 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-08-12 14:06 . 2011-08-12 14:06 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-12 14:06 . 2011-08-12 14:06 173056 ----a-w- c:\windows\system32\ieunatt.exe
2011-08-12 14:06 . 2011-08-12 14:06 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-08-12 14:06 . 2011-08-12 14:06 135168 ----a-w- c:\windows\system32\ieadvpack.dll
2011-08-12 14:06 . 2011-08-12 14:06 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-12 14:06 . 2011-08-12 14:06 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-12 14:06 . 2011-08-12 14:06 91648 ----a-w- c:\windows\system32\setieinstalleddate.exe
2011-08-12 14:06 . 2011-08-12 14:06 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-12 14:06 . 2011-08-12 14:06 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-12 14:06 . 2011-08-12 14:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-12 14:06 . 2011-08-12 14:06 448512 ----a-w- c:\windows\system32\html.iec
2011-08-12 14:06 . 2011-08-12 14:06 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-12 14:06 . 2011-08-12 14:06 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-12 14:06 . 2011-08-12 14:06 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-12 14:06 . 2011-08-12 14:06 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-12 14:06 . 2011-08-12 14:06 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-12 14:06 . 2011-08-12 14:06 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-06 10:59 . 2010-06-04 19:13 13160 ----a-w- c:\windows\syswow64\upgrd.exe
2011-08-06 10:59 . 2010-06-04 19:13 58288 ------w- c:\windows\syswow64\rpcnet.exe
2011-08-05 17:53 . 2011-08-05 17:53 18328 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\syswow64\dpl100.dll
2011-07-17 07:21 . 2011-07-17 07:21 1293825 ----a-r- c:\users\marc\appdata\roaming\microsoft\installer\{e679fe6b-0f4e-4688-90f3-606c23cacd5d}\alicegreenfingers.exe
2011-07-16 05:41 . 2011-08-12 08:09 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-12 08:09 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-12 08:09 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-12 08:09 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-12 08:09 421888 ----a-w- c:\windows\system32\kernelbase.dll
2011-07-16 05:21 . 2011-08-12 08:09 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-16 05:21 . 2011-08-12 08:09 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-16 04:29 . 2011-08-12 08:09 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
2011-07-16 04:26 . 2011-08-12 08:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-16 04:25 . 2011-08-12 08:09 25600 ----a-w- c:\windows\syswow64\setup16.exe
2011-07-16 04:24 . 2011-08-12 08:09 5120 ----a-w- c:\windows\syswow64\wow32.dll
2011-07-16 04:24 . 2011-08-12 08:09 272384 ----a-w- c:\windows\syswow64\kernelbase.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"sidebar"=c:\program files\windows sidebar\sidebar.exe [2010-11-20 1475584]
"utorrent"=c:\program files (x86)\utorrent\utorrent.exe [2011-04-26 399736]
"steam"=c:\program files (x86)\steam\steam.exe [2011-08-12 1242448]
"kpeernexoneu"=c:\nexon\nexon_eu_downloader\nxeulauncher.exe [2011-09-05 438272]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"iastoricon"=c:\program files (x86)\intel\intel(r) rapid storage technology\iastoricon.exe [2011-02-18 283160]
"backupmanagertray"=c:\program files (x86)\newtech infosystems\acer backup manager\backupmanagertray.exe [2010-03-08 260608]
"lmanager"=c:\program files (x86)\launch manager\lmanager.exe [2010-03-03 1300560]
"virtualclonedrive"=c:\program files (x86)\elaborate bytes\virtualclonedrive\vcddaemon.exe [2011-03-07 89456]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2011-06-06 937920]
"tkbellexe"=c:\program files (x86)\common files\real\update_ob\realsched.exe [2011-08-15 202256]
"quicktime task"=c:\program files (x86)\quicktime\qttask.exe [2011-09-02 421888]
"divxupdate"=c:\program files (x86)\divx\divx update\divxupdate.exe [2011-07-28 1259376]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2011-06-09 254696]
"ituneshelper"=c:\program files (x86)\itunes\ituneshelper.exe [2011-08-18 421736]
"malwarebytes' anti-malware"=c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe [2011-08-31 449608]
.
c:\users\marc\appdata\roaming\microsoft\windows\start menu\programs\startup\
onenote 2007 schermopname en snel starten.lnk - c:\program files (x86)\microsoft office\office12\onenotem.exe [2009-2-26 97680]
.
c:\programdata\microsoft\windows\start menu\programs\startup\
acer vcm.lnk - c:\program files (x86)\acer\acer vcm\acervcm.exe [2010-3-29 704032]
gamersfirst live!.lnk - c:\program files (x86)\gamersfirst\live!\live.exe [2011-8-16 2589808]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
"promptonsecuredesktop"= 0 (0x0)
.
[hkey_local_machine\system\currentcontrolset\control\lsa]
security packages reg_multi_sz kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\mcods]
@=""
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\msmpsvc]
@="service"
.
r1 arauhnfp;arauhnfp;c:\windows\system32\drivers\arauhnfp.sys [x]
r1 bqqorblu;bqqorblu;c:\windows\system32\drivers\bqqorblu.sys [x]
r1 btsdbnmp;btsdbnmp;c:\windows\system32\drivers\btsdbnmp.sys [x]
r1 cehqtsna;cehqtsna;c:\windows\system32\drivers\cehqtsna.sys [x]
r1 cuvuarlg;cuvuarlg;c:\windows\system32\drivers\cuvuarlg.sys [x]
r1 eogdlall;eogdlall;c:\windows\system32\drivers\eogdlall.sys [x]
r1 esowraoj;esowraoj;c:\windows\system32\drivers\esowraoj.sys [x]
r1 gapkakfp;gapkakfp;c:\windows\system32\drivers\gapkakfp.sys [x]
r1 hccctmxl;hccctmxl;c:\windows\system32\drivers\hccctmxl.sys [x]
r1 ijimvjjg;ijimvjjg;c:\windows\system32\drivers\ijimvjjg.sys [x]
r1 kkznrvrq;kkznrvrq;c:\windows\system32\drivers\kkznrvrq.sys [x]
r1 kmevjdxy;kmevjdxy;c:\windows\system32\drivers\kmevjdxy.sys [x]
r1 koopvmss;koopvmss;c:\windows\system32\drivers\koopvmss.sys [x]
r1 lgppkhcq;lgppkhcq;c:\windows\system32\drivers\lgppkhcq.sys [x]
r1 ltkgshzd;ltkgshzd;c:\windows\system32\drivers\ltkgshzd.sys [x]
r1 mrerjsem;mrerjsem;c:\windows\system32\drivers\mrerjsem.sys [x]
r1 mzkhbyol;mzkhbyol;c:\windows\system32\drivers\mzkhbyol.sys [x]
r1 ntzemciw;ntzemciw;c:\windows\system32\drivers\ntzemciw.sys [x]
r1 nyjmcorv;nyjmcorv;c:\windows\system32\drivers\nyjmcorv.sys [x]
r1 oabewljz;oabewljz;c:\windows\system32\drivers\oabewljz.sys [x]
r1 oxpkezld;oxpkezld;c:\windows\system32\drivers\oxpkezld.sys [x]
r1 rmqnvphp;rmqnvphp;c:\windows\system32\drivers\rmqnvphp.sys [x]
r1 sbfajzpz;sbfajzpz;c:\windows\system32\drivers\sbfajzpz.sys [x]
r1 syiyvwlf;syiyvwlf;c:\windows\system32\drivers\syiyvwlf.sys [x]
r1 tgivznft;tgivznft;c:\windows\system32\drivers\tgivznft.sys [x]
r1 tsmcnwot;tsmcnwot;c:\windows\system32\drivers\tsmcnwot.sys [x]
r1 tthwnzdv;tthwnzdv;c:\windows\system32\drivers\tthwnzdv.sys [x]
r1 tuhljgla;tuhljgla;c:\windows\system32\drivers\tuhljgla.sys [x]
r1 uorktcpr;uorktcpr;c:\windows\system32\drivers\uorktcpr.sys [x]
r1 uvgxdzts;uvgxdzts;c:\windows\system32\drivers\uvgxdzts.sys [x]
r1 wbjedgpj;wbjedgpj;c:\windows\system32\drivers\wbjedgpj.sys [x]
r1 wfucgktd;wfucgktd;c:\windows\system32\drivers\wfucgktd.sys [x]
r1 xjuntfll;xjuntfll;c:\windows\system32\drivers\xjuntfll.sys [x]
r1 xprczgoo;xprczgoo;c:\windows\system32\drivers\xprczgoo.sys [x]
r1 yesqfbgn;yesqfbgn;c:\windows\system32\drivers\yesqfbgn.sys [x]
r1 yowdlrjg;yowdlrjg;c:\windows\system32\drivers\yowdlrjg.sys [x]
r1 ztysfyaj;ztysfyaj;c:\windows\system32\drivers\ztysfyaj.sys [x]
r2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r2 gupdate;google updateservice (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2010-06-04 136176]
r2 icm_updaterservice;icm_updaterservice disp;c:\program files (x86)\samsung\samsung networking wizard\icm_service.exe [x]
r3 btusbflt;bluetooth usb filter;c:\windows\system32\drivers\btusbflt.sys [x]
r3 btwl2cap;bluetooth l2cap service;c:\windows\system32\drivers\btwl2cap.sys [x]
r3 eaglex64;eaglex64;c:\windows\system32\drivers\eaglex64.sys [x]
r3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2010-06-04 136176]
r3 hitmanpro35;hitman pro 3.5 support driver;c:\windows\system32\drivers\hitmanpro35.sys [x]
r3 netw5s64;intel(r) wireless wifi link 5000 series adapter driver for windows 7 - 64 bit;c:\windows\system32\drivers\netw5s64.sys [x]
r3 ntibackupsvc;nti backup now 5 backup service;c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe [2009-11-06 50432]
r3 rsusbstor;rtsustor.sys realtek usb card reader;c:\windows\system32\drivers\rtsustor.sys [x]
r3 swdumon;swdumon;c:\windows\system32\drivers\swdumon.sys [x]
r3 teamviewervpn;teamviewer vpn adapter;c:\windows\system32\drivers\teamviewervpn.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys [x]
r3 usbaapl64;apple mobile usb driver;c:\windows\system32\drivers\usbaapl64.sys [x]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [x]
r3 wolf;wolf;c:\game\softnyxgame\wolfteamis\wolf64.sys [2011-08-14 40056]
r3 x6va005;x6va005;c:\users\marc\appdata\local\temp\005ae8b.tmp [x]
r4 mssqlserveradhelper100;sql active directory helper service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-07-22 61976]
r4 rsfx0103;rsfx0103 driver;c:\windows\system32\drivers\rsfx0103.sys [x]
r4 sqlagent$sqlexpress;sql server agent (sqlexpress);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\sqlagent.exe [2010-09-17 430424]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [x]
s2 adobearmservice;adobe acrobat update service;c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe [2011-06-06 64952]
s2 application updater;application updater;c:\program files (x86)\application updater\applicationupdater.exe [2011-08-17 402328]
s2 dsiwmiservice;dritek wmi service;c:\program files (x86)\launch manager\dsiwmis.exe [2010-03-03 325200]
s2 epowersvc;acer epower service;c:\program files\acer\acer epower management\epowersvc.exe [2010-02-06 865824]
s2 greg_service;gregservice;c:\program files (x86)\acer\registration\greghsrw.exe [2009-08-28 1150496]
s2 hshld;hotspot shield service;c:\program files (x86)\hotspot shield\bin\openvpnas.exe [2011-07-01 298824]
s2 hsswd;hotspot shield monitoring service;c:\program files (x86)\hotspot shield\bin\hsswd.exe [2011-05-25 329544]
s2 iastordatamgrsvc;intel(r) rapid storage technology;c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe [2011-02-18 13336]
s2 mbamservice;mbamservice;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2011-08-31 366152]
s2 nti ischedulesvc;nti ischedulesvc;c:\program files (x86)\newtech infosystems\acer backup manager\ischedulesvc.exe [2010-03-08 250368]
s2 ntischedulersvc;nti backup now 5 scheduler service;c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe [2009-11-06 144640]
s2 rs_service;raw socket service;c:\program files (x86)\acer\acer vcm\rs_service.exe [2010-01-29 260640]
s2 uns;intel(r) management & security application user notification service;c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe [2009-09-30 2320920]
s2 updater service;updater service;c:\program files\acer\acer updater\updaterservice.exe [2009-07-04 240160]
s3 hecix64;intel(r) management engine interface;c:\windows\system32\drivers\hecix64.sys [x]
s3 impcd;impcd;c:\windows\system32\drivers\impcd.sys [x]
s3 intcdaud;intel(r) display audio;c:\windows\system32\drivers\intcdaud.sys [x]
s3 k57nd60a;broadcom netlink (tm) gigabit ethernet - ndis 6.0;c:\windows\system32\drivers\k57nd60a.sys [x]
s3 leqdusb;logitech setpoint unifying kmdf usb filter;c:\windows\system32\drivers\leqdusb.sys [x]
s3 lhideqd;logitech setpoint unifying kmdf hid filter;c:\windows\system32\drivers\lhideqd.sys [x]
s3 mbamprotector;mbamprotector;c:\windows\system32\drivers\mbam.sys [x]
s3 mpnwmon;microsoft malware protection network driver;c:\windows\system32\drivers\mpnwmon.sys [x]
s3 nisdrv;microsoft network inspection system;c:\windows\system32\drivers\nisdrvwfp.sys [x]
s3 nissrv;microsoft network inspection;c:\program files\microsoft security client\antimalware\nissrv.exe [2011-04-27 288272]
s3 s6000knt;s6000knt_webcam driver;c:\windows\system32\drivers\s6000knt.sys [x]
s3 sjtwinio;sjt i/o driver;c:\windows\system32\drivers\sjtwinio.sys [x]
s3 vwifimp;microsoft virtual wifi miniport service;c:\windows\system32\drivers\vwifimp.sys [x]
.
.
[hkey_local_machine\software\wow6432node\microsoft\active setup\installed components\{2d46b6dc-2207-486b-b523-a557e6d54b47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\system32\cmd.exe
.
inhoud van de 'gedeelde taken' map
.
2011-09-27 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2010-06-04 13:11]
.
2011-09-27 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2010-06-04 13:11]
.
2011-09-27 c:\windows\tasks\slimdrivers startup.job
- c:\program files (x86)\slimdrivers\slimdrivers.exe [2011-09-07 09:32]
.
.
--------- x86-64 -----------
.
.
[hkey_local_machine\~\browser helper objects\{f9e4a054-e9b1-4bc3-83a3-76a1ae736170}]
2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\hotspot shield\hssie\hssie_64.dll
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"acer epower management"=c:\program files\acer\acer epower management\epowertray.exe [2010-02-06 860192]
"logitech download assistant"=c:\windows\system32\rundll32.exe [2009-07-14 45568]
"adobeaamupdater-1.0"=c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe [2010-03-06 500208]
"evtmgr6"=c:\program files\logitech\setpointp\setpoint.exe [2010-10-28 1680976]
"msc"=c:\program files\microsoft security client\msseces.exe [2011-06-15 1436736]
"igfxtray"=c:\windows\system32\igfxtray.exe [2000-01-01 161304]
"hotkeyscmds"=c:\windows\system32\hkcmd.exe [2000-01-01 386584]
"persistence"=c:\windows\system32\igfxpers.exe [2000-01-01 415256]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\windows]
"loadappinit_dlls"=0x1
.
------- bijkomende scan -------
.
ustart page = hxxp://www.google.nl/
ulocal page = c:\windows\system32\blank.htm
mstart page = hxxp://nl.woofi.info
mlocal page = c:\windows\syswow64\blank.htm
uinternet settings,proxyoverride = <local>;*.local
usearchurl,(default) = hxxp://www.google.com/search/?q=%s
ie: &verzenden naar onenote - c:\progra~2\micros~1\office14\onbttnie.dll/105
ie: e&xporteren naar microsoft excel - c:\progra~2\micros~1\office14\excel.exe/3000
ie: free youtube download - c:\users\marc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
ie: free youtube to mp3 converter - c:\users\marc\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
ie: google sidewiki... - c:\program files (x86)\google\google toolbar\component\googletoolbardynamic_mui_en_2ec7709873947e87.dll/cmsidewiki.html
tcp: dhcpnameserver = 192.168.2.1
tcp: interfaces\{685c3a43-6893-46ab-9280-072bd32f64cb}: nameserver = 10.7.8.1
ff - profilepath - c:\users\marc\appdata\roaming\mozilla\firefox\profiles\dlstyb0k.default\
ff - prefs.js: browser.search.selectedengine - yahoo
ff - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
ff - prefs.js: keyword.url - hxxp://nl.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
ff - prefs.js: network.proxy.http - 127.0.0.1
ff - prefs.js: network.proxy.http_port - 5577
ff - prefs.js: network.proxy.type - 0
.
- - - - orphans verwijderd - - - -
.
urlsearchhooks-{e38fa08e-f56a-4169-abf5-5c71e3c153a1} - (no file)
bho-{0974ba1e-64ec-11de-b2a5-e43756d89593} - (no file)
toolbar-locked - (no file)
wow6432node-hkcu-run-rdreminder - (no file)
toolbar-locked - (no file)
webbrowser-{d4027c7f-154a-4066-a1ad-4243d8127440} - (no file)
webbrowser-{f230d1cd-647f-4856-8538-8c0d39e5ecf2} - (no file)
webbrowser-{30f9b915-b755-4826-820b-08fba6bd249d} - (no file)
webbrowser-{eee6c35b-6118-11dc-9c72-001320c79847} - (no file)
webbrowser-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
hklm-run-syntpenh - c:\program files (x86)\synaptics\syntp\syntpenh.exe
addremove-adobe shockwave player - c:\windows\system32\adobe\shockwave 11\uninstaller.exe
addremove-free audio cd burner_is1 - c:\program files (x86)\dvdvideosoft\free audio cd burner\unins000.exe
addremove-free disc burner_is1 - c:\program files (x86)\dvdvideosoft\free disc burner\unins000.exe
addremove-free youtube download_is1 - c:\program files (x86)\dvdvideosoft\free youtube download\unins000.exe
.
.
.
[hkey_local_machine\system\controlset001\services\x6va005]
"imagepath"="\??\c:\users\marc\appdata\local\temp\005ae8b.tmp
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_users\s-1-5-21-3102585354-3876358351-3532356784-1000\software\securom\license information*]
"datasecu"=hex:95,1a,0b,6a,78,14,17,b4,f7,09,9e,3e,4e,f0,9f,eb,1b,da,91,17,92,
61,cc,06,82,de,79,d4,4d,29,5c,94,a4,d6,7a,88,0b,bd,8c,67,8e,62,cb,9f,2d,ca,\
"rkeysecu"=hex:d3,f7,a1,57,48,aa,96,88,bb,7a,ea,80,38,14,26,f2
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
voltooingstijd: 2011-09-27 15:56:03
combofix-quarantined-files.txt 2011-09-27 13:56
.
pre-run: 224.776.105.984 bytes beschikbaar
post-run: 226.812.657.664 bytes beschikbaar
.
- - end of file - - ce0b9043b174136f1447228b538009ff

[/hjt]
 
Doe het volgende: open een nieuw kladblok bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok".

Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster

File::
c:\windows\setup1.exe
c:\windows\nexon_eu_downloaderupdater.exe

Folder::
c:\nexon
c:\program files (x86)\hotspot shield
c:\program files (x86)\phpnukeen
c:\program files (x86)\common files\spigot



Sla dit kladblokbestand op je bureaublad op als CFScript.txt.

Nu eerst de antivirus deaktiveren!


Sleep CFScript.txt in ComboFix.exe


CFScriptB-4.gif


Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!


Waarom twee twee driverupdateprogramma's en die registeroptimeerder gewoon de"installeren voordat het Windows register corrupt raakt!
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan