• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Bureablad werkt soms niet

Status
Niet open voor verdere reacties.
Hydra0010

Hydra0010

Gevestigd lid
Lid geworden
17 apr 2012
Berichten
228
Waarderingsscore
0
Geachte heer of mevrouw,

nadat ik hier een tijd geleden zo goed geholpen was door Abraham54 op 17 april, waar ik nog steeds zeer dankbaar voor ben, hoop ik dat iemand dit probleem ook weet.
Zo werkt mijn bureablad niet, wanneer ik mijn computer opstart doet deze het prima.
Maar na een tijd werkt deze niet meer.

Namelijk de snelkoppeling naar het bureablad doet niks.
En als je alles minimalizeert kun je ook niet op het bureablad op iconen drukken. Het reageert dan nergens op.
Heel af en toe kan ik bijv Mijn Computer, Mijn Documenten etc ook niet openen.

Ik heb laast een alert van Bullgard gekregen dat deze een activiteit tegenhield van: ''variaton (woord?) 17708 (iets in die vorm)''
Deze zat in Java, erg apart. Nadat ik deze virus heb gezocht op google zou dit settings kunnen aanpassen van het systeem. Waaronder het bureablad.
Ik weet het allemaal ook niet precies of dit allemaal met elkaar te maken heeft.
Ik hoop dat iemand mij zou kunnen helpen, ik gebruik Windows 7.

Hoogachtend,

Bart Lammers.
 
Laatst bewerkt door een moderator:
Hallo Bart, ik ben er nog.

Stap •1•
Welk programma: AdwCleaner
Waarvoor/waarom: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
Moeilijkheidsgraad: Geen.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
Download: AdwCleaner by Xplode.

Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
  • Dat na opstarten van AdwCleaner de snelkoppelingen verdwijnen van bureaublad, is normaal.
AdwCleaner opstarten:
  • Windows 2000 en Windows XP: dubbelklik op adwcleaner.exe.
  • Windows Vista en Windows 7: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".
AdwCleaner is opgestart:
  • Klik vervolgens op Delete
  • Klik bij AdwCleaner – Information op OK
  • Klik bij AdwCleaner – Restart Required op OK
AdwCleaner logbestand:
  • Nadat de PC opnieuw is opgestart, opent een logfile.
  • Post vervolgens aansluitend de inhoud van dit log in je volgende bericht.

Stap •2•
Welk programma: sUbs dds
Waarvoor/waarom: DDS is een diagnosetool en maakt gebruik van scripts.
Moeilijkheidsgraad: Lees eerst goed wat te doen.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
Download DDS van sUBS van n van deze locaties en plaats het op je bureaublad:
DDS - Bleeping Computer download.
DDS - Bleeping Computer download.
DDS - Infospyware.

dds_scr.gif


sUBs dds. gebruiken:
  • Sluit vervolgens eerst alle nog openstaande programmavensters!
  • Deaktiveer vervolgens de actieve beveiligingssoftware
    • Windows 2000 en Windows XP: start sUBs dds. middels dubbelklik op de snelkoppeling.
    • Windows Vista en Windows 7: start sUBs dds. rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
Na de scan
  • Heraktiveer nu de actieve beveiligingssoftware
  • Er worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - let even op het volgende!
  • Ga naar DDRMMR's kleurcodeerder
  • Kopieer en plak de gehele inhoud van de DDS-logfile in het venster en klik op de knop Converteer
  • Kopieer en plak de inhoud van de kleurcodeerder in je aansluitende bericht en de inhoud van Attach.txt post je ook.
 
Geachte Abraham54,

ik heb beide scans uitgevoerd.
Dit zijn de logs:

Adwcleaner:

# AdwCleaner v1.801 - Logfile created 08/16/2012 at 21:44:41
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Felix - FELIX-LAMMERS
# Boot Mode : Normal
# Running from : C:\Users\Felix\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Felix\AppData\Local\APN
Folder Deleted : C:\Users\Felix\AppData\Local\Babylon
Folder Deleted : C:\Users\Felix\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Felix\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Felix\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Felix\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Felix\AppData\Roaming\Babylon
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\DealPly
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\Trymedia
Folder Deleted : C:\Program Files (x86)\YouTube Downloader Toolbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DealPly
Key Deleted : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DealPly
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Deleted : HKLM\SOFTWARE\Search Settings
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

-\\ Google Chrome v21.0.1180.79

File : C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted : "icon_url": "hxxp://www.babylon.com/favicon.ico",
Deleted : "keyword": "babylon.com",
Deleted : "name": "Search the web (Babylon)",
Deleted : "search_url": "hxxp://search.babylon.com/?q={searchTerms}&tt=010412_crm&babsrc=SP_crm",
Deleted : "scriptable_host": [ "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*.childrenschorus.[...]
Deleted : "matches": [ "*://*.google.com/*", "*://*.ask.com/", "*://*.bagsbuy.com/*", "*://*[...]
Deleted : "update_url": "hxxp://apnmedia.ask.com/media/toolbar/supertoolbar/chrome/manifest.php[...]

*************************

AdwCleaner[S1].txt - [7338 octets] - [16/08/2012 21:44:41]

########## EOF - C:\AdwCleaner[S1].txt - [7466 octets] ##########


DDS Kladblok:

[hjt]
.
dds (ver_2011-08-26.01) - ntfsamd64
internet explorer: 9.0.8112.16421
run by felix at 21:52:14 on 2012-08-16
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.8174.5942 [gmt 2:00]
.
av: bullguard antivirus *disabled/outdated* {c3ccac61-52f7-a056-1860-6406566e2578}
sp: bullguard antispyware *disabled/outdated* {78ad4d85-74cd-afd8-22d0-5f742de96fc5}
sp: windows defender *disabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
fw: bullguard firewall *disabled* {fbf72d44-1898-a10e-333f-cd33a8bd6203}
.
============== running processes ===============
.
c:\windows\system32\wininit.exe
c:\windows\system32\lsm.exe
c:\windows\system32\svchost.exe -k dcomlaunch
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k localservicenetworkrestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localservice
c:\windows\system32\svchost.exe -k networkservice
c:\windows\system32\spoolsv.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\windows\system32\svchost.exe -k bullguard_backup
c:\program files\bullguard ltd\bullguard\bullguardbhvscanner.exe
c:\windows\system32\svchost.exe -k bullguard_proxy
c:\windows\system32\svchost.exe -k bullguard_main
c:\program files\bullguard ltd\bullguard\bullguardscanner.exe
c:\program files\bullguard ltd\bullguard\bullguardupdate.exe
c:\program files (x86)\logmein hamachi\hamachi-2.exe
c:\windows\syswow64\pnkbstra.exe
c:\windows\syswow64\pnkbstrb.exe
c:\windows\system32\svchost.exe -k imgsvc
c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
c:\windows\system32\svchost.exe -k bullguard
c:\windows\system32\taskhost.exe
c:\windows\system32\wudfhost.exe
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\taskeng.exe
c:\program files\common files\microsoft shared\windows live\wlidsvcm.exe
c:\windows\system32\rundll32.exe
c:\program files\bullguard ltd\bullguard\bullguard.exe
c:\program files\realtek\audio\hda\ravcpl64.exe
c:\program files (x86)\windows live\messenger\msnmsgr.exe
c:\program files (x86)\manycam\bin\manycam.exe
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
c:\program files (x86)\common files\java\java update\jusched.exe
c:\program files (x86)\real\realplayer\update\realsched.exe
c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation
c:\windows\system32\svchost.exe -k localservicepeernet
c:\program files\windows media player\wmpnetwk.exe
c:\windows\system32\wbem\wmiprvse.exe
c:\program files\bullguard ltd\bullguard\files32\spamfilter\littlehook.exe
c:\windows\system32\dllhost.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\program files (x86)\internet explorer\iexplore.exe
c:\windows\syswow64\macromed\flash\flashutil32_11_3_300_271_activex.exe
c:\windows\system32\taskeng.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\wbem\wmiprvse.exe
c:\windows\servicing\trustedinstaller.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\syswow64\cmd.exe
c:\windows\system32\conhost.exe
c:\windows\syswow64\cscript.exe
.
============== pseudo hjt report ===============
.
ustart page = hxxp://www.google.nl/
udefault_page_url = hxxp://www.google.com/ig/redirectdomain?brand=mdnd&bmod=mdnd
uinternet settings,proxyoverride = *.local
bho: adobe pdf link helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
bho: realplayer download and record plugin for internet explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
bho: java(tm) plug-in ssv helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
bho: aanmeldhulp voor windows live id: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
bho: google toolbar helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
bho: skype browser helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
bho: office document cache handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~3\office14\urlredir.dll
bho: java(tm) plug-in 2 ssv helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
tb: google toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
urun: [msnmsgr] c:\program files (x86)\windows live\messenger\msnmsgr.exe /background
urun: [clownfish]
urun: [google update] c:\users\felix\appdata\local\google\update\googleupdate.exe /c
urun: [manycam] c:\program files (x86)\manycam\bin\manycam.exe /silent
urun: [facebook update] c:\users\felix\appdata\local\facebook\update\facebookupdate.exe /c /nocrashserver
mrun: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
mrun: [sunjavaupdatesched] c:\program files (x86)\common files\java\java update\jusched.exe
mrun: [tkbellexe] c:\program files (x86)\real\realplayer\update\realsched.exe -osboot
mrun: [logmein hamachi ui] c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe --auto-start
mrun: [<no name>]
mpolicies-system: consentpromptbehavioradmin = 5 (0x5)
mpolicies-system: consentpromptbehavioruser = 3 (0x3)
mpolicies-system: enableuiadesktoptoggle = 0 (0x0)
ie: {0b65dcc9-1740-43dc-b19c-4f309fb6a6ca} - [noparse]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/noparse]
ie: {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - {5f7b1267-94a9-47f5-98db-e99415f33aec} - c:\program files (x86)\windows live\writer\writerbrowserextension.dll
ie: {2670000a-7350-4f3c-8081-5663ee0c6c49} - {48e73304-e1d6-4330-914c-f5f514e3486c} - c:\program files (x86)\microsoft office\office14\onbttnie.dll
ie: {27fd17fb-cf63-486b-b2be-8d8781cbea01} - {27fd17fb-cf63-486b-b2be-8d8781cbea01} - c:\program files\bullguard ltd\bullguard\files32\antiphishing\ie\bgantiphishingie.dll
ie: {789fe86f-6fc4-46a1-9849-ede0db0c95ca} - {fffdc614-b694-4ae6-ab38-5d6374584b52} - c:\program files (x86)\microsoft office\office14\onbttnielinkednotes.dll
ie: {898ea8c8-e7ff-479b-8935-aec46303b9e5} - {898ea8c8-e7ff-479b-8935-aec46303b9e5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
lsp: c:\windows\system32\bglsp.dll
dpf: {17492023-c23a-453e-a040-c7c580bbf700} - hxxp://download.microsoft.com/download/e/5/6/e5611b10-0d6d-4117-8430-a67417aa88cd/legitcheckcontrol.cab
dpf: {1e54d648-b804-468d-bc78-4affed8e262f} - hxxp://www.nvidia.com/content/driverdownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
dpf: {20a60f0d-9afa-4515-a0fd-83bd84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
dpf: {5d6f45b3-9043-443d-a792-115447494d24} - hxxp://messenger.zone.msn.com/messengergamescontent/gamecontent/nl/uno1/game_uno1.cab
dpf: {8ad9c840-044e-11d1-b3e9-00805f499d93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} - hxxp://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab
dpf: {cafeefac-0016-0000-0032-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
dpf: {cafeefac-ffff-ffff-ffff-abcdeffedcba} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
dpf: {d27cdb6e-ae6d-11cf-96b8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
dpf: {e6f480fc-bd44-4cba-b74a-89af7842937d} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab
dpf: {f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} - hxxp://messenger.zone.msn.com/binary/minesweeper.cab56986.cab
tcp: dhcpnameserver = 192.168.0.1
tcp: interfaces\{77fc1c4c-ffbd-4cd5-a278-8e060c677a59} : dhcpnameserver = 192.168.244.1
tcp: interfaces\{b2a0ec69-8ac3-43f2-a3c7-71d30759053b} : nameserver = 62.133.126.28
tcp: interfaces\{f3abb2f1-dd85-49c6-b67f-c95000da54f2} : dhcpnameserver = 192.168.0.1
tcp: interfaces\{f3abb2f1-dd85-49c6-b67f-c95000da54f2}\6656c69687 : dhcpnameserver = 62.179.104.196 213.46.228.196
filter: text/xml - {807573e5-5146-11d5-a672-00b0d022e945} - c:\program files (x86)\common files\microsoft shared\office14\msoxmlmf.dll
handler: skype-ie-addon-data - {91774881-d725-4e58-b298-07617b9b86a8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
handler: skype4com - {ffc8b962-9b40-4dff-9458-1830c7dd7f5d} - c:\progra~2\common~1\skype\skype4~1.dll
appinit_dlls: bggamingmonitor.dll
masetup: {2d46b6dc-2207-486b-b523-a557e6d54b47} - c:\windows\system32\cmd.exe /d /c start c:\windows\system32\ie4uinit.exe -cleariconcache
{18df081c-e8ad-4283-a596-fa578c2ebdc3}
{3049c3e9-b461-4bc5-8870-4c09146192ca}
{761497bb-d6f0-462c-b6eb-d4daf1d92d43}
{9030d464-4c02-4abf-8ecc-5164760863c6}
{aa58ed58-01dd-4d91-8333-cf10577473f7}
{ae805869-2e5c-4ed4-8f7b-f1f7851a4497}
{b4f3a835-0e21-4959-ba22-42b3008e02ff}
{dbc80044-a445-435b-bc74-9c25c1c588a9}
{2318c2b1-4965-11d4-9b18-009027a5cd4f}
mrun-x64: [adobe arm] c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
mrun-x64: [sunjavaupdatesched] c:\program files (x86)\common files\java\java update\jusched.exe
mrun-x64: [tkbellexe] c:\program files (x86)\real\realplayer\update\realsched.exe -osboot
mrun-x64: [logmein hamachi ui] c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe --auto-start
mrun-x64: [(standaard)]
ie-x64: {0b65dcc9-1740-43dc-b19c-4f309fb6a6ca} - [noparse]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/noparse]
ie-x64: {0b65dcc9-1740-43dc-b19c-4f309fb6a6ca} - [noparse]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/noparse]
appinit_dlls-x64: bggamingmonitor.dll
.
============= services / drivers ===============
.
r0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys --> c:\windows\system32\drivers\nvpciflt.sys [?]
r1 afw;agnitum firewall driver;c:\windows\system32\drivers\afw.sys --> c:\windows\system32\drivers\afw.sys [?]
r1 bdspy;bdspy;c:\windows\system32\drivers\bdspy.sys --> c:\windows\system32\drivers\bdspy.sys [?]
r1 novashieldfilterdriver;novashieldfilterdriver;c:\windows\system32\drivers\nskernel.sys --> c:\windows\system32\drivers\nskernel.sys [?]
r1 novashieldtdidriver;novashieldtdidriver;c:\windows\system32\drivers\nsnetmon.sys --> c:\windows\system32\drivers\nsnetmon.sys [?]
r1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys --> c:\windows\system32\drivers\vwififlt.sys [?]
r2 adobearmservice;adobe acrobat update service;c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
r2 bsbackup;bullguard backup service;c:\windows\system32\svchost.exe -k bullguard_backup [2009-7-14 20992]
r2 bsbhvscan;bullguard behavioural detection;c:\program files\bullguard ltd\bullguard\bullguardbhvscanner.exe [2012-6-16 368480]
r2 bsfilescan;bullguard on-access service;c:\windows\system32\svchost.exe -k bullguard [2009-7-14 20992]
r2 bsfire;bullguard firewall service;c:\windows\system32\svchost.exe -k bullguard [2009-7-14 20992]
r2 bsmailproxy;bullguard e-mail monitoring service;c:\windows\system32\svchost.exe -k bullguard_proxy [2009-7-14 20992]
r2 bsmain;bullguard main service;c:\windows\system32\svchost.exe -k bullguard_main [2009-7-14 20992]
r2 bsscanner;bullguard scanning service;c:\program files\bullguard ltd\bullguard\bullguardscanner.exe [2012-6-16 199520]
r2 bsupdate;bullguard update service;c:\program files\bullguard ltd\bullguard\bullguardupdate.exe [2012-6-20 379744]
r2 hamachi2svc;logmein hamachi tunneling engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2012-6-27 2369960]
r3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys --> c:\windows\system32\drivers\afwcore.sys [?]
r3 asmthub3;asmedia usb3 hub service;c:\windows\system32\drivers\asmthub3.sys --> c:\windows\system32\drivers\asmthub3.sys [?]
r3 asmtxhci;asmedia xhci service;c:\windows\system32\drivers\asmtxhci.sys --> c:\windows\system32\drivers\asmtxhci.sys [?]
r3 manycam;manycam virtual webcam;c:\windows\system32\drivers\mcvidrv_x64.sys --> c:\windows\system32\drivers\mcvidrv_x64.sys [?]
r3 mcaudrv_simple;manycam virtual microphone;c:\windows\system32\drivers\mcaudrv_x64.sys --> c:\windows\system32\drivers\mcaudrv_x64.sys [?]
r3 meix64;intel(r) management engine interface;c:\windows\system32\drivers\hecix64.sys --> c:\windows\system32\drivers\hecix64.sys [?]
r3 monitorfunction;driver for monitor;c:\windows\system32\drivers\tvmonitor.sys --> c:\windows\system32\drivers\tvmonitor.sys [?]
r3 netr28ux;sweex wireless usb adapter driver;c:\windows\system32\drivers\netr28ux.sys --> c:\windows\system32\drivers\netr28ux.sys [?]
r3 nvhda;service for nvidia high definition audio driver;c:\windows\system32\drivers\nvhda64v.sys --> c:\windows\system32\drivers\nvhda64v.sys [?]
r3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys --> c:\windows\system32\drivers\rt64win7.sys [?]
r3 screambaudiosvc;screambee audio;c:\windows\system32\drivers\screamingbaudio64.sys --> c:\windows\system32\drivers\screamingbaudio64.sys [?]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
s2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
s2 gupdate;google updateservice (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2011-8-25 136176]
s2 skypeupdate;skype updater;c:\program files (x86)\skype\updater\updater.exe [2012-4-5 158856]
s3 adobeflashplayerupdatesvc;adobe flash player update service;c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2012-4-20 250056]
s3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2011-8-25 136176]
s3 lvpepf64;volume adapter;c:\windows\system32\drivers\lv302a64.sys --> c:\windows\system32\drivers\lv302a64.sys [?]
s3 lvrs64;logitech rightsound filter driver;c:\windows\system32\drivers\lvrs64.sys --> c:\windows\system32\drivers\lvrs64.sys [?]
s3 lvusbs64;logitech usb monitor filter;c:\windows\system32\drivers\lvusbs64.sys --> c:\windows\system32\drivers\lvusbs64.sys [?]
s3 osppsvc;office software protection platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe [2010-1-9 4925184]
s3 rtl8192su;%rtl8192su.devicedesc.dispname%;c:\windows\system32\drivers\rtl8192su.sys --> c:\windows\system32\drivers\rtl8192su.sys [?]
s3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys --> c:\windows\system32\drivers\tsusbflt.sys [?]
s3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys --> c:\windows\system32\drivers\tsusbgd.sys [?]
s3 usbaapl64;apple mobile usb driver;c:\windows\system32\drivers\usbaapl64.sys --> c:\windows\system32\drivers\usbaapl64.sys [?]
s3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe --> c:\windows\system32\wat\watadminsvc.exe [?]
s3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys --> c:\windows\system32\drivers\wsvd.sys [?]
s4 iastordatamgrsvc;intel(r) rapid storage technology;c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe [2011-6-14 13592]
s4 nvupdatusservice;nvidia update service daemon;c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe [2011-6-15 2255464]
s4 stereo service;nvidia stereoscopic 3d driver service;c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe [2011-8-3 379496]
s4 teamviewer7;teamviewer 7;c:\program files (x86)\teamviewer\version7\teamviewer_service.exe [2012-1-8 2984832]
s4 uns;intel(r) management and security application user notification service;c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe [2011-6-14 2656280]
s4 wlcrasvc;windows live mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== created last 30 ================
.
2012-08-16 12:00:10 -------- d-----w- c:\users\felix\appdata\local\{dbd15bab-c777-45c2-9b6b-d7e4507d8887}
2012-08-16 11:59:45 -------- d-----w- c:\users\felix\appdata\local\{4615efe2-ed9a-4afa-81b1-3752bfde0731}
2012-08-15 14:07:40 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 14:07:40 43008 ----a-w- c:\windows\syswow64\srclient.dll
2012-08-15 14:07:39 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 14:07:39 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 14:07:39 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 14:07:39 492032 ----a-w- c:\windows\syswow64\win32spl.dll
2012-08-15 14:07:38 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:07:38 41984 ----a-w- c:\windows\syswow64\browcli.dll
2012-08-15 14:07:38 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:07:37 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-15 14:07:37 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 13:57:55 -------- d-----w- c:\users\felix\appdata\local\{70efa564-58ce-498b-981b-bb56b5eec1a9}
2012-08-15 13:57:44 -------- d-----w- c:\users\felix\appdata\local\{f62cd438-5770-484f-9243-d3fc330f0ff0}
2012-08-14 14:06:50 -------- d-----w- c:\users\felix\appdata\local\{70702555-f07f-4cf7-985f-c200fce4eb3e}
2012-08-14 14:06:39 -------- d-----w- c:\users\felix\appdata\local\{f2ee1340-ff10-401d-ac84-c78001a6bd09}
2012-08-14 00:43:18 -------- d-----w- c:\users\felix\appdata\local\{adadf614-56f6-4c09-8b8d-40cf03d95dea}
2012-08-14 00:42:57 -------- d-----w- c:\users\felix\appdata\local\{1c2cb8f1-1ec2-4000-be74-c2530491d51c}
2012-08-13 12:42:08 -------- d-----w- c:\users\felix\appdata\local\{f8ef00fe-d89f-471a-b349-4559d7c66b06}
2012-08-13 12:41:57 -------- d-----w- c:\users\felix\appdata\local\{ae02f03d-4512-45dc-84e5-ceea65621f6d}
2012-08-12 13:27:57 -------- d-----w- c:\users\felix\appdata\local\{1e017910-b154-4a07-9b8f-cc575c40bff6}
2012-08-12 13:27:46 -------- d-----w- c:\users\felix\appdata\local\{9b5fd3e7-c7fe-4370-9f43-dcb6e6b06031}
2012-08-11 22:38:17 -------- d-----w- c:\users\felix\appdata\local\{041958eb-0d17-4245-bd0b-db8506fd6bb6}
2012-08-11 22:37:56 -------- d-----w- c:\users\felix\appdata\local\{6a6162be-79b2-46c6-a1be-585780f6c9f1}
2012-08-11 11:25:11 -------- d-----w- c:\tmp
2012-08-11 10:40:38 -------- d-----w- c:\program files (x86)\blender foundation
2012-08-11 10:36:52 -------- d-----w- c:\users\felix\appdata\local\{c085df4e-79bb-446d-8594-f6f5fc540861}
2012-08-11 10:36:41 -------- d-----w- c:\users\felix\appdata\local\{ce1b3281-8704-49bd-9885-077fb557bb8f}
2012-08-10 22:31:05 -------- d-----w- c:\users\felix\appdata\local\{820ce172-ecde-4618-9bec-65a3bfb45930}
2012-08-10 22:30:44 -------- d-----w- c:\users\felix\appdata\local\{59c413e1-c358-4ead-afaf-8d5cff5d76d2}
2012-08-10 10:30:02 -------- d-----w- c:\users\felix\appdata\local\{4a902cfa-de57-4663-8120-06061ba15ac5}
2012-08-10 10:29:52 -------- d-----w- c:\users\felix\appdata\local\{4fd7d41c-cf2e-4166-ad8d-870208b700b9}
2012-08-10 00:09:23 -------- d-----w- c:\users\felix\appdata\local\{98fb3297-4fdf-4b7f-9674-89bcd502cdb3}
2012-08-09 12:08:37 -------- d-----w- c:\users\felix\appdata\local\{4ccc8b5f-5b40-4293-a45b-7ad83d732410}
2012-08-09 12:08:16 -------- d-----w- c:\users\felix\appdata\local\{dddc7f5a-d461-4b3e-b6b5-7a793d324494}
2012-08-08 23:21:45 -------- d-----w- c:\program files (x86)\rtw - multicampaign
2012-08-08 20:06:29 63840 ----a-w- c:\windows\system32\bglsp.dll
2012-08-08 20:06:29 54624 ----a-w- c:\windows\syswow64\bglsp.dll
2012-08-08 19:54:38 -------- d-----w- c:\program files\activision
2012-08-08 19:44:49 692224 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\ikernel.dll
2012-08-08 19:44:49 57344 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-08-08 19:44:49 5632 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\dotnetinstaller.exe
2012-08-08 19:44:49 282756 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-08-08 19:44:49 237568 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-08-08 19:44:49 163972 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\igdi.dll
2012-08-08 19:44:49 155648 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-08-08 18:49:33 -------- d-----w- c:\program files (x86)\gamespy arcade
2012-08-08 18:42:27 -------- d-----w- c:\program files (x86)\the creative assembly
2012-08-08 18:41:48 753664 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\ikernel.dll
2012-08-08 18:41:48 69714 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-08-08 18:41:48 63488 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\isbew64.exe
2012-08-08 18:41:48 5632 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\dotnetinstaller.exe
2012-08-08 18:41:48 274432 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-08-08 18:41:48 184320 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-08-08 18:41:45 200836 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\igdi.dll
2012-08-08 18:41:44 331908 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-08-08 15:20:59 -------- d-----w- c:\users\felix\appdata\local\{4053170f-a8ab-42d2-acd9-42e35e6ce169}
2012-08-08 15:20:47 -------- d-----w- c:\users\felix\appdata\local\{663e2503-b58a-4c65-a452-90122ae5df19}
2012-08-08 01:06:06 -------- d-----w- c:\users\felix\appdata\local\{1a09656a-4491-405f-8b50-323302a52789}
2012-08-08 01:05:45 -------- d-----w- c:\users\felix\appdata\local\{f70aed81-4e19-43c2-88a9-35c2a0d319a9}
2012-08-07 13:05:17 -------- d-----w- c:\users\felix\appdata\local\{90062312-b2c8-4677-8822-6e84d3613460}
2012-08-07 13:04:56 -------- d-----w- c:\users\felix\appdata\local\{2ffe1fe3-fa96-4d47-89af-3b6044675fec}
2012-08-07 01:04:22 -------- d-----w- c:\users\felix\appdata\local\{01af1cf2-7a5d-4dc6-b3a9-333c2c2f1f52}
2012-08-06 13:03:32 -------- d-----w- c:\users\felix\appdata\local\{33886453-5657-4226-8fee-fb31224b330c}
2012-08-06 13:03:21 -------- d-----w- c:\users\felix\appdata\local\{c715c6f9-63f3-43e0-8078-d2dd7c417b17}
2012-08-05 14:33:59 -------- d-----w- c:\users\felix\appdata\local\{9979f038-715c-4437-88e2-9ab220e6ffa6}
2012-08-05 14:33:38 -------- d-----w- c:\users\felix\appdata\local\{be5893d6-ccf4-4456-b74f-2ff38962f52e}
2012-08-05 02:32:59 -------- d-----w- c:\users\felix\appdata\local\{f07acc58-9f13-422f-89c6-8441c49bae77}
2012-08-05 02:32:38 -------- d-----w- c:\users\felix\appdata\local\{50873d62-ad7e-47bc-bb15-f4fb9ddb4a48}
2012-08-05 02:25:20 -------- d-----w- c:\users\felix\appdata\local\facebook
2012-08-04 14:31:56 -------- d-----w- c:\users\felix\appdata\local\{2ca9253e-29ef-44db-a289-f46bc657fb90}
2012-08-04 14:31:44 -------- d-----w- c:\users\felix\appdata\local\{c0cf24b5-4337-4ae1-95c9-f1228956ed91}
2012-08-04 01:06:50 -------- d-----w- c:\users\felix\appdata\local\{e868fe15-7afe-4093-98e0-a660ccc24df8}
2012-08-04 01:06:29 -------- d-----w- c:\users\felix\appdata\local\{a019bca7-0acf-450d-b014-1c363c5af545}
2012-08-03 13:05:45 -------- d-----w- c:\users\felix\appdata\local\{2f177c1c-8c80-4a22-9513-4ea87385692c}
2012-08-03 13:05:35 -------- d-----w- c:\users\felix\appdata\local\{eb9659ac-7a4c-4d6b-8949-41ac5c7b7520}
2012-08-03 01:04:22 -------- d-----w- c:\users\felix\appdata\local\{e2080417-700e-4dcf-8bf9-59c678d60d09}
2012-08-03 01:04:01 -------- d-----w- c:\users\felix\appdata\local\{338f1e90-5c0f-4f52-b7bc-09df194837f8}
2012-08-02 19:34:11 -------- d-----w- c:\users\felix\appdata\local\albelli fotoboeken
2012-08-02 13:03:26 -------- d-----w- c:\users\felix\appdata\local\{09ebb5df-12cc-49ea-9c8c-82f192af1810}
2012-08-02 13:03:03 -------- d-----w- c:\users\felix\appdata\local\{80589690-cc6e-4796-9a81-7c632731ceb3}
2012-08-02 00:46:45 -------- d-----w- c:\users\felix\appdata\local\{3f47a4bc-7455-437e-86fc-671222654d71}
2012-08-02 00:46:27 -------- d-----w- c:\users\felix\appdata\local\{757ad9c6-d6c5-434f-81b6-4c0624efe1af}
2012-08-01 10:08:19 -------- d-----w- c:\users\felix\appdata\local\{8d6a88c2-f694-4fb7-9088-6651be30edba}
2012-08-01 10:08:09 -------- d-----w- c:\users\felix\appdata\local\{d67739a2-0190-4328-9f3f-a303c2a8db7f}
2012-07-31 21:03:50 -------- d-----w- c:\programdata\manycam
2012-07-31 12:53:57 -------- d-----w- c:\users\felix\appdata\local\{df742592-1b82-441f-95f6-1e681bb12e86}
2012-07-31 12:53:36 -------- d-----w- c:\users\felix\appdata\local\{1fb8b011-ee80-4f74-b96e-28fe7029765e}
2012-07-30 13:19:12 -------- d-----w- c:\users\felix\appdata\local\{9e55e840-2bb9-4e18-ae83-d359acc3ca62}
2012-07-30 13:19:01 -------- d-----w- c:\users\felix\appdata\local\{41bc6554-0662-42c9-a0f8-afadeb5a2562}
2012-07-29 14:48:37 -------- d-----w- c:\users\felix\appdata\local\{47bc8a7f-671b-47cf-b9dd-fe29c0cfcff8}
2012-07-29 14:48:23 -------- d-----w- c:\users\felix\appdata\local\{e498342e-8432-48cc-bda0-7676a90e09ef}
2012-07-29 14:46:26 -------- d-----w- c:\users\felix\appdata\local\{be512144-f974-4434-92ae-f87f0c1eec33}
2012-07-28 12:32:46 -------- d-----w- c:\users\felix\appdata\local\{4fbd3f9d-9def-49b9-8163-b8e616a7226c}
2012-07-28 12:32:36 -------- d-----w- c:\users\felix\appdata\local\{04dca0a3-01ad-4cb0-b660-dd8ef83bddd9}
2012-07-27 23:43:10 -------- d-----w- c:\users\felix\appdata\local\{57d8a642-4810-406f-952b-f9d4ff3fd7e0}
2012-07-27 23:42:49 -------- d-----w- c:\users\felix\appdata\local\{9cb76065-8635-48ea-a20a-a033a25897df}
2012-07-27 11:42:21 -------- d-----w- c:\users\felix\appdata\local\{795bdfdb-c19c-4821-9149-b2fbd834847c}
2012-07-27 11:42:00 -------- d-----w- c:\users\felix\appdata\local\{5c16a827-ade1-4cd4-9cb4-069e2aa7ff9f}
2012-07-26 23:41:27 -------- d-----w- c:\users\felix\appdata\local\{501af5e4-0ea0-412c-a970-f3f5ee003918}
2012-07-26 23:41:06 -------- d-----w- c:\users\felix\appdata\local\{912548a4-d6fd-4f9e-b6c7-43d94fbac801}
2012-07-26 11:40:37 -------- d-----w- c:\users\felix\appdata\local\{5c18348b-2c7e-4941-84e2-542f19d03bc3}
2012-07-26 11:40:13 -------- d-----w- c:\users\felix\appdata\local\{7d9bace6-8907-4609-82a1-7919fab0d1a5}
2012-07-25 23:39:39 -------- d-----w- c:\users\felix\appdata\local\{5f3a4328-38de-4fa2-b260-c23b00831168}
2012-07-25 23:39:18 -------- d-----w- c:\users\felix\appdata\local\{c81ab10f-2e46-42b6-bfb1-2617ff072f05}
2012-07-25 16:34:59 -------- d-----w- c:\users\felix\appdata\local\hema fotoalbum
2012-07-25 11:38:44 -------- d-----w- c:\users\felix\appdata\local\{57c95f70-4503-439b-b13c-815bbc9ee5ea}
2012-07-25 11:38:23 -------- d-----w- c:\users\felix\appdata\local\{02924b27-deee-43d9-921e-257ef78e6c39}
2012-07-24 22:44:10 -------- d-----w- c:\users\felix\appdata\local\{fb16a0a1-0e87-4c6c-82d2-960e36db7790}
2012-07-24 22:43:49 -------- d-----w- c:\users\felix\appdata\local\{ca60f9db-35ee-4b9a-8184-f4077e7a7c54}
2012-07-24 10:42:43 -------- d-----w- c:\users\felix\appdata\local\{ce9524d1-09d5-45df-995d-99313bc59516}
2012-07-24 10:42:21 -------- d-----w- c:\users\felix\appdata\local\{eb5a553c-a6db-4081-b4b9-740eb9109de1}
2012-07-24 01:03:28 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-23 21:29:47 2048 ----a-w- c:\windows\syswow64\msxml3r.dll
2012-07-23 21:29:47 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-23 21:29:47 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-23 21:29:47 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-23 21:29:47 1390080 ----a-w- c:\windows\syswow64\msxml6.dll
2012-07-23 21:29:47 1236992 ----a-w- c:\windows\syswow64\msxml3.dll
2012-07-23 21:23:08 -------- d-----w- c:\users\felix\appdata\local\{d9ded3ed-7c2b-415f-8619-d107f8fd052e}
2012-07-23 10:24:23 -------- d-----w- c:\users\felix\appdata\local\{4869df95-9699-40b1-ba4d-b531803c3ebb}
2012-07-23 10:24:01 -------- d-----w- c:\users\felix\appdata\local\{a81f7af8-21da-4fd5-923c-c9b4e37e24ce}
2012-07-22 12:04:18 -------- d-----w- c:\users\felix\appdata\local\{044a2a6b-4fba-46f2-a027-30c1071b357c}
2012-07-22 12:04:07 -------- d-----w- c:\users\felix\appdata\local\{18934e09-7dd5-4981-b448-60459ba19c3a}
2012-07-22 00:40:13 -------- d-----w- c:\users\felix\appdata\roaming\utherverse
2012-07-22 00:16:54 -------- d-----w- c:\program files (x86)\utherverse digital inc
2012-07-21 22:35:28 -------- d-----w- c:\users\felix\appdata\local\{8f041010-37f5-4f28-8701-87928b2afea8}
2012-07-21 22:35:07 -------- d-----w- c:\users\felix\appdata\local\{4f203b81-e8ec-4825-a920-a70c48bcf918}
2012-07-21 13:49:52 -------- d-----w- c:\users\felix\appdata\local\macromedia
2012-07-21 10:34:19 -------- d-----w- c:\users\felix\appdata\local\{d3fc659e-2f89-4eff-b4e7-b09c3b5bf6ac}
2012-07-21 10:34:09 -------- d-----w- c:\users\felix\appdata\local\{69805de8-a468-4957-b7b6-1865f2b41df5}
2012-07-20 21:54:47 -------- d-----w- c:\users\felix\appdata\local\{17c64933-8081-487f-89c6-1b51f85a376e}
2012-07-20 21:54:25 -------- d-----w- c:\users\felix\appdata\local\{1d782cdf-39cc-4827-b63d-a6656e7630b1}
2012-07-20 09:53:51 -------- d-----w- c:\users\felix\appdata\local\{cd2dc9b3-17be-4bc8-8628-95ade6fe019a}
2012-07-20 09:53:42 -------- d-----w- c:\users\felix\appdata\local\{93b06aa1-f0d3-461f-b3c3-05fb08be105d}
2012-07-19 10:02:12 -------- d-----w- c:\users\felix\appdata\local\{f56e0ee5-2982-4e69-b67a-c85f14c32eb7}
2012-07-19 10:01:51 -------- d-----w- c:\users\felix\appdata\local\{862629d6-95d0-4c1d-a1c8-c916cc9504a7}
2012-07-18 22:01:06 -------- d-----w- c:\users\felix\appdata\local\{7830db7b-298f-4489-a2f1-24c5b4c5473b}
2012-07-18 22:00:45 -------- d-----w- c:\users\felix\appdata\local\{e1ec2852-73c8-496c-a77a-6acdd180ec12}
2012-07-18 10:00:10 -------- d-----w- c:\users\felix\appdata\local\{34610719-ccab-40cc-9851-c6a318848b6e}
2012-07-18 10:00:00 -------- d-----w- c:\users\felix\appdata\local\{88feaf7b-1dd4-43a1-b4e1-fa58098cbdc7}
.
==================== find3m ====================
.
2012-08-15 15:19:48 70344 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2012-08-15 15:19:48 426184 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2012-07-03 11:46:44 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- c:\windows\system32\ieunatt.exe
2012-06-29 03:39:48 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\syswow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\syswow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\syswow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\syswow64\ieunatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\syswow64\mshtml.tlb
2012-06-20 08:34:19 38528 ----a-r- c:\windows\system32\drivers\afw.sys
2012-06-20 08:34:18 445568 ----a-r- c:\windows\system32\drivers\afwcore.sys
2012-06-06 06:49:52 1070152 ----a-w- c:\windows\syswow64\mscomctl.ocx
2012-06-06 06:02:54 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\syswow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15:12 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- c:\windows\syswow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- c:\windows\syswow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\syswow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2012-05-31 10:25:12 279656 ------w- c:\windows\system32\mpsigstub.exe
.
============= finish: 21:52:49,11 ===============

[/hjt]

Attach kladblok:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 25-8-2011 16:16:58
System Uptime: 16-8-2012 21:45:33 (0 hours ago)
.
Motherboard: MEDIONPC | | MS-7728
Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1356 GiB total, 1211,858 GiB free.
D: is FIXED (NTFS) - 40 GiB total, 21,431 GiB free.
E: is CDROM (UDF)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP181: 8-8-2012 21:44:54 - Installed Rome Total War - patch 1.3
RP182: 8-8-2012 21:48:18 - Installed Rome - Total War - patch 1.5
RP183: 9-8-2012 0:21:55 - Removed Rome - Total War
RP184: 9-8-2012 0:24:58 - Installed Rome - Total War
RP185: 11-8-2012 12:03:21 - Windows Update
RP186: 14-8-2012 16:09:48 - Windows Update
RP187: 15-8-2012 18:21:40 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3) MUI
Adobe Shockwave Player 11.6
Albelli Fotoboeken
Apple Application Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Audacity 1.3.13 (Unicode)
AVS Audio Converter 7
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Battlefield 3 Open Beta
Battlelog Web Plugins
BlackBerry Desktop Software 6.1
Camtasia Studio 7
Cheat Engine 6.1
City Life
Clownfish for Skype
Contrle ActiveX Windows Live Mesh pour connexions distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controlo ActiveX do Windows Live Mesh para Ligaes Remotas
Cruise Ship Tycoon
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDVD Copy
CyberLink PowerRecover
CyberLink WaveEditor
D3DX10
De Sims 3
De Sims 3 Ambities
De Sims 3 Beestenbende
De Sims 3 Beestenbende Creer een huisdier Demo
De Sims 3 Buurtleven Accessoires
De Sims 3 Luxe Accessoires
De Sims 3 Na Middernacht
De Sims 3 Showtime
De Sims 3 Supersnelle Accessoires
De Sims 3 Wereldavonturen
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Electronic Piano 2.5
ESN Sonar
Facebook Video Calling 1.2.0.159
Fences
FL Studio 10
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Galeria de Fotografias do Windows Live
GameSpy Arcade
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GTA San Andreas
Hema Fotoalbum
IL Download Manager
iLivid
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 32
Junk Mail filter update
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Lernout & Hauspie TruVoice American English TTS Engine
LogMeIn Hamachi
Malwarebytes Anti-Malware versie 1.62.0.1300
ManyCam 3.0.80 (remove only)
Medion Home Cinema
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MorphVOX Junior
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB973688)
NaturalReaderFree
No-IP DUC
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
PFPortChecker 1.0.39
Plus500
Poczta uslugi Windows Live
Podstawowe programy Windows Live
PokerStars
Portforward Static IP Address 1.0.47
Pota Windows Live
PunkBuster Services
Quick Memory Editor 5.7
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rome - Total War
Rome Total War - patch 1.3
Rome TW - MultiCampaign 1.3.0.3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Sid Meier's Civilization 4 Complete
SimCity 4 Deluxe
Skype Click to Call
Skype 5.9
Speakonia
Spelling Dictionaries Support For Adobe Reader X
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?a???s??e? s??d?se??
Sweex Connected Home Universal Wireless Driver
swMSM
System Requirements Lab
System Requirements Lab CYRI
TeamViewer 7
Tube Increaser
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Uzak Baglantilar Iin Windows Live Mesh ActiveX Denetimi
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezrlo tvoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Paralar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Movie Maker 2.6
WinX Free MP4 to WMV Converter 4.1.3
YouTube Downloader Toolbar v5.3
YTD YouTube Downloader & Converter 3.7
.
==== End Of File ===========================
 
Laatst bewerkt door een moderator:
We gaan een stap verder:

Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:
Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
  • Indien ComboFix een melding geeft over Zero-acces, meld dat vervolgens erbij in je nieuwe bericht.
ComboFix opstarten:
  • Windows 2000 en Windows XP: dubbelklik op ComboFix.exe.
  • Windows Vista en Windows 7: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Start dan de computer opnieuw op.


N.B. Controleer of de Windows firewall is uitgeschakeld!
Daarvoor ga je naar Start\Uitvoeren en de opdracht luidt: services.msc.
Klik op de knop OK.
N.B.: Uitvoeren kan ook gestart worden door gelijktijdig de "Windowstoets + R-toets" in te drukken.

In het venster Services scroll je naar Windows Firewall.
Dubbelklikk op die vermelding, bij "Opstarttype" zet je de instelling op "Uitgeschakeld".

Klik nu eerst op de knop Toepassen; vervolgens klik je op de knop Stoppen, wacht even en klik uiteindelijk op OK.
 
Beste Abraham54,

Ik heb iets doms gedaan.
Nadat Combofix klaar was, deed internet explorer het niet meer. Zoals ik de vorige keer nog goed kon herrineren moest ik de computer toen opnieuw opstarten.
Dit deed ik nu weer, zonder erbij natedeken dat de log niet opgeslagen had.
Daardoor heb ik nu geen log van Combofix, maar hij is wel uitgevoerd.
 
ik weet dat ik hier niet mag reageren abraham.

zo als in de uitleg van abraham staat er in waar je het logje terug kunt vinden.

•Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
 
Bedankt, Michiel2. :)

Hier is de combofix log:

[hjt]
combofix 12-08-17.01 - felix 17-08-2012 15:02:57.3.8 - x64
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.8174.6176 [gmt 2:00]
gestart vanuit: c:\users\felix\desktop\combofix.exe
av: bullguard antivirus *disabled/outdated* {c3ccac61-52f7-a056-1860-6406566e2578}
fw: bullguard firewall *disabled* {fbf72d44-1898-a10e-333f-cd33a8bd6203}
sp: bullguard antispyware *disabled/outdated* {78ad4d85-74cd-afd8-22d0-5f742de96fc5}
sp: windows defender *disabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
* nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\felix\appdata\local\temp\{9ba7505c-d18e-47e5-ab94-c17673e762b3}\fpb.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2220.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2231.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2243.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2274.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2295.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2314.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2354.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2385.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem23a6.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem23b8.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem23e8.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem23fa.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem24d6.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem24f8.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem26ce.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem270e.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2720.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2770.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2791.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem27b2.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem27c4.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem27f4.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2854.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2886.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2972.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2a3f.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2a9e.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2b0d.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2b9c.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2bcd.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2bfd.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2c1f.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2c4f.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2c80.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2ca1.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2d01.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2d32.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2d72.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2da3.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2de3.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2e24.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2e64.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2ed4.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2f15.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2f36.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem2f57.tmp
c:\users\felix\appdata\local\temp\ytmp7mc8aa\taa3443.tmp
.
.
(((((((((((((((((((( bestanden gemaakt van 2012-07-17 to 2012-08-17 ))))))))))))))))))))))))))))))
.
.
2012-08-17 13:07 . 2012-08-17 13:07 -------- d-----w- c:\users\updatususer\appdata\local\temp
2012-08-17 13:07 . 2012-08-17 13:07 -------- d-----w- c:\users\public\appdata\local\temp
2012-08-17 13:07 . 2012-08-17 13:07 -------- d-----w- c:\users\default\appdata\local\temp
2012-08-15 14:07 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 14:07 . 2012-05-05 07:46 43008 ----a-w- c:\windows\syswow64\srclient.dll
2012-08-15 14:07 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 14:07 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 14:07 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 14:07 . 2012-02-11 05:43 492032 ----a-w- c:\windows\syswow64\win32spl.dll
2012-08-15 14:07 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 14:07 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:07 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:07 . 2012-07-04 21:14 41984 ----a-w- c:\windows\syswow64\browcli.dll
2012-08-15 14:07 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 14:07 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-11 11:25 . 2012-08-15 22:00 -------- d-----w- c:\tmp
2012-08-11 10:40 . 2012-08-11 10:40 -------- d-----w- c:\program files (x86)\blender foundation
2012-08-08 23:21 . 2012-08-08 23:21 -------- d-----w- c:\program files (x86)\rtw - multicampaign
2012-08-08 20:06 . 2012-08-08 20:06 63840 ----a-w- c:\windows\system32\bglsp.dll
2012-08-08 20:06 . 2012-08-08 20:06 54624 ----a-w- c:\windows\syswow64\bglsp.dll
2012-08-08 19:54 . 2012-08-08 19:54 -------- d-----w- c:\program files\activision
2012-08-08 19:44 . 2012-08-08 19:44 282756 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-08-08 19:44 . 2012-08-08 19:44 163972 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\igdi.dll
2012-08-08 19:44 . 2005-03-24 03:18 692224 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\ikernel.dll
2012-08-08 19:44 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-08-08 19:44 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\dotnetinstaller.exe
2012-08-08 19:44 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-08-08 19:44 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-08-08 18:49 . 2012-08-08 18:50 -------- d-----w- c:\program files (x86)\gamespy arcade
2012-08-08 18:42 . 2012-08-08 22:08 -------- d-----w- c:\program files (x86)\the creative assembly
2012-08-08 18:41 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\ikernel.dll
2012-08-08 18:41 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-08-08 18:41 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-08-08 18:41 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-08-08 18:41 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\isbew64.exe
2012-08-08 18:41 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\dotnetinstaller.exe
2012-08-08 18:41 . 2012-08-08 18:41 200836 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\igdi.dll
2012-08-08 18:41 . 2012-08-08 18:41 331908 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-08-05 02:25 . 2012-08-05 02:25 -------- d-----w- c:\users\felix\appdata\local\facebook
2012-08-02 19:34 . 2012-08-09 18:33 -------- d-----w- c:\users\felix\appdata\local\albelli fotoboeken
2012-07-31 21:03 . 2012-07-31 21:03 -------- d-----w- c:\programdata\manycam
2012-07-25 16:34 . 2012-07-25 16:54 -------- d-----w- c:\users\felix\appdata\local\hema fotoalbum
2012-07-24 01:03 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-23 21:29 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-23 21:29 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-23 21:29 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\syswow64\msxml6.dll
2012-07-23 21:29 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\syswow64\msxml3.dll
2012-07-23 21:29 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-23 21:29 . 2010-06-26 03:24 2048 ----a-w- c:\windows\syswow64\msxml3r.dll
2012-07-23 21:29 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-22 00:40 . 2012-07-22 00:40 -------- d-----w- c:\users\felix\appdata\roaming\utherverse
2012-07-22 00:16 . 2012-07-22 00:16 -------- d-----w- c:\program files (x86)\utherverse digital inc
2012-07-21 13:49 . 2012-07-21 13:49 -------- d-----w- c:\users\felix\appdata\local\macromedia
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:22 . 2011-02-10 20:56 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-15 15:19 . 2012-04-20 15:35 70344 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2012-08-15 15:19 . 2012-04-20 15:35 426184 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2012-07-03 11:46 . 2012-04-18 15:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 08:34 . 2012-03-08 08:41 38528 ----a-r- c:\windows\system32\drivers\afw.sys
2012-06-20 08:34 . 2012-03-08 08:41 445568 ----a-r- c:\windows\system32\drivers\afwcore.sys
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\syswow64\mscomctl.ocx
2012-06-02 22:19 . 2012-06-21 09:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 09:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:22 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 09:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 09:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 09:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 09:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\mpsigstub.exe
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"manycam"=c:\program files (x86)\manycam\bin\manycam.exe [2012-06-28 2160024]
"facebook update"=c:\users\felix\appdata\local\facebook\update\facebookupdate.exe [2012-08-05 138096]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2012-01-03 843712]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2012-01-18 254696]
"tkbellexe"=c:\program files (x86)\real\realplayer\update\realsched.exe [2012-02-16 296056]
"logmein hamachi ui"=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe [2012-06-27 1996200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\bggamingmonitor.dll
.
[hkey_local_machine\system\currentcontrolset\control\lsa]
security packages reg_multi_sz kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\bsmain]
@="service"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\bsscanner]
@="service"
.
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r2 gupdate;google updateservice (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2011-08-25 136176]
r2 skypeupdate;skype updater;c:\program files (x86)\skype\updater\updater.exe [2012-04-05 158856]
r3 adobeflashplayerupdatesvc;adobe flash player update service;c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2012-08-15 250056]
r3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2011-08-25 136176]
r3 lvpepf64;volume adapter;c:\windows\system32\drivers\lv302a64.sys [2008-07-26 15768]
r3 lvrs64;logitech rightsound filter driver;c:\windows\system32\drivers\lvrs64.sys [2008-07-26 790424]
r3 lvusbs64;logitech usb monitor filter;c:\windows\system32\drivers\lvusbs64.sys [2008-07-26 50072]
r3 osppsvc;office software protection platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe [2010-01-09 4925184]
r3 rtl8192su;%rtl8192su.devicedesc.dispname%;c:\windows\system32\drivers\rtl8192su.sys [2010-02-06 690208]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys [2010-11-21 31232]
r3 usbaapl64;apple mobile usb driver;c:\windows\system32\drivers\usbaapl64.sys [2011-08-02 51712]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [2011-08-26 1255736]
r3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2010-09-23 129008]
r4 iastordatamgrsvc;intel(r) rapid storage technology;c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe [2011-04-30 13592]
r4 nvupdatusservice;nvidia update service daemon;c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe [2011-08-03 2255464]
r4 stereo service;nvidia stereoscopic 3d driver service;c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe [2011-08-03 379496]
r4 teamviewer7;teamviewer 7;c:\program files (x86)\teamviewer\version7\teamviewer_service.exe [2011-12-14 2984832]
r4 uns;intel(r) management and security application user notification service;c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe [2011-03-11 2656280]
r4 wlcrasvc;windows live mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-09-23 57184]
s0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2011-06-01 27240]
s1 afw;agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2012-06-20 38528]
s1 bdspy;bdspy;c:\windows\system32\drivers\bdspy.sys [2012-03-08 66272]
s1 novashieldfilterdriver;novashieldfilterdriver;c:\windows\system32\drivers\nskernel.sys [2012-03-08 256072]
s1 novashieldtdidriver;novashieldtdidriver;c:\windows\system32\drivers\nsnetmon.sys [2012-03-08 25160]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [2009-07-14 59904]
s2 adobearmservice;adobe acrobat update service;c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe [2012-04-03 63928]
s2 bsbackup;bullguard backup service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsbhvscan;bullguard behavioural detection;c:\program files\bullguard ltd\bullguard\bullguardbhvscanner.exe [2012-06-16 368480]
s2 bsfilescan;bullguard on-access service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsfire;bullguard firewall service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsmailproxy;bullguard e-mail monitoring service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsmain;bullguard main service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsscanner;bullguard scanning service;c:\program files\bullguard ltd\bullguard\bullguardscanner.exe [2012-06-16 199520]
s2 bsupdate;bullguard update service;c:\program files\bullguard ltd\bullguard\bullguardupdate.exe [2012-06-20 379744]
s2 hamachi2svc;logmein hamachi tunneling engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2012-06-27 2369960]
s3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2012-06-20 445568]
s3 asmthub3;asmedia usb3 hub service;c:\windows\system32\drivers\asmthub3.sys [2011-03-04 126952]
s3 asmtxhci;asmedia xhci service;c:\windows\system32\drivers\asmtxhci.sys [2011-03-04 390632]
s3 manycam;manycam virtual webcam;c:\windows\system32\drivers\mcvidrv_x64.sys [2012-01-11 34304]
s3 mcaudrv_simple;manycam virtual microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
s3 meix64;intel(r) management engine interface;c:\windows\system32\drivers\hecix64.sys [2011-03-11 56344]
s3 monitorfunction;driver for monitor;c:\windows\system32\drivers\tvmonitor.sys [2011-11-11 16376]
s3 netr28ux;sweex wireless usb adapter driver;c:\windows\system32\drivers\netr28ux.sys [2010-07-27 1241952]
s3 nvhda;service for nvidia high definition audio driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
s3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys [2011-02-16 428136]
s3 screambaudiosvc;screambee audio;c:\windows\system32\drivers\screamingbaudio64.sys [2009-12-01 38992]
.
.
inhoud van de 'gedeelde taken' map
.
2012-08-16 c:\windows\tasks\adobe flash player updater.job
- c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2012-04-20 15:19]
.
2012-08-14 c:\windows\tasks\facebookupdatetaskusers-1-5-21-3784602626-3873933597-2567512194-1001core.job
- c:\users\felix\appdata\local\facebook\update\facebookupdate.exe [2012-08-05 02:25]
.
2012-08-16 c:\windows\tasks\facebookupdatetaskusers-1-5-21-3784602626-3873933597-2567512194-1001ua.job
- c:\users\felix\appdata\local\facebook\update\facebookupdate.exe [2012-08-05 02:25]
.
2012-08-17 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2011-08-25 14:15]
.
2012-08-17 c:\windows\tasks\googleupdatetaskmachineua1cd6f1b9c22a58c.job
- c:\program files (x86)\google\update\googleupdate.exe [2011-08-25 14:15]
.
2012-08-15 c:\windows\tasks\googleupdatetaskusers-1-5-21-3784602626-3873933597-2567512194-1001core1cd63ace5abf508.job
- c:\users\felix\appdata\local\google\update\googleupdate.exe [2012-04-14 17:43]
.
2012-08-16 c:\windows\tasks\googleupdatetaskusers-1-5-21-3784602626-3873933597-2567512194-1001ua.job
- c:\users\felix\appdata\local\google\update\googleupdate.exe [2012-04-14 17:43]
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"bullguard"=c:\program files\bullguard ltd\bullguard\bullguard.exe [2012-08-08 1863008]
"rthdvcpl"=c:\program files\realtek\audio\hda\ravcpl64.exe [2011-01-13 11774568]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{1984dd45-52cf-49cd-ab77-18f378fea264}"= c:\program files (x86)\stardock\fences\fencesmenu64.dll [2010-06-22 253288]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\windows]
"loadappinit_dlls"=0x1
"appinit_dlls"=c:\windows\system32\bggamingmonitor.dll
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
ustart page = hxxp://www.google.nl/
mlocal page = c:\windows\syswow64\blank.htm
uinternet settings,proxyoverride = *.local
ie: {{0b65dcc9-1740-43dc-b19c-4f309fb6a6ca} - [noparse]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/noparse]
lsp: c:\windows\system32\bglsp.dll
tcp: dhcpnameserver = 192.168.0.1
tcp: interfaces\{b2a0ec69-8ac3-43f2-a3c7-71d30759053b}: nameserver = 62.133.126.28
.
- - - - orphans verwijderd - - - -
.
wow6432node-hkcu-run-clownfish - (no file)
hklm_wow6432node-activesetup-{2d46b6dc-2207-486b-b523-a557e6d54b47} - start
addremove-adobe shockwave player - c:\windows\system32\adobe\shockwave 11\uninstaller.exe
addremove-cruise ship tycoon - c:\progra~2\activi~1\cruise~1\unwise.exe
addremove-ilivid - c:\program files (x86)\ilivid\uninstall.exe
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.htm\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.html\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.shtml\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.xht\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.xhtml\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil32_11_3_300_271_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil32_11_3_300_271_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_3_300_271.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.11"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_3_300_271.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_3_300_271.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_3_300_271.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}]
@denied: (a 2) (everyone)
@="iflashbroker4"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\wow6432node\microsoft\office\common\smart tag\actions\{b7eff951-e52f-45cc-9ef7-57124f2177cc}]
@denied: (a) (everyone)
"solution"="{15727de6-f92d-4e46-acb4-0e2c58b31a18}"
.
[hkey_local_machine\software\wow6432node\microsoft\schema library\actionspane3]
@denied: (a) (everyone)
.
[hkey_local_machine\software\wow6432node\microsoft\schema library\actionspane3\0]
"key"="actionspane3"
"location"="c:\\program files (x86)\\common files\\microsoft shared\\vsto\\actionspane3.xsd"
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\windows\syswow64\pnkbstra.exe
c:\windows\syswow64\pnkbstrb.exe
.
**************************************************************************
.
voltooingstijd: 2012-08-17 15:13:43 - machine werd herstart
combofix-quarantined-files.txt 2012-08-17 13:13
.
pre-run: 1.302.869.463.040 bytes beschikbaar
post-run: 1.303.512.281.088 bytes beschikbaar
.
- - end of file - - 603582c3e21fe23579d58a49c9627449

[/hjt]
 
Goed gedaan, we gaan verder:

Welk programma: Emsisoft Emergency Kit 2.0
Waarvoor/waarom: Detecteert en verwijdert malware
Moeilijkheidsgraad: geen.
Download: Emsisoft Emergency Kit

Opmerkingen:
  • de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.

Opstarten:
Start door de map "EmsisoftEmergencyKit" te openen
    • Windows 2000 en Windows XP: dubbelklik op "Start.exe".
    • Windows Vista en Windows 7: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".

Scannen:
  • Klik nu in het keuzescherm op "Emergency Kit Scanner" en aansluitend komt dan de melding,
    dat het is aanbevolen om eerst te updaten.

    4f8d1a3bd3fbd-EmsisoftEK11.jpg


  • Doe dit dan ook door te klikken op "Ja"
  • Wanneer het updaten gereed is volgt de melding "Update proces is succesvol afgerond"
  • Klik nu op"Menu" en dan op "Scan PC"
  • Selecteer de optie "Diep" als deze niet standaard al zo is ingesteld.
  • Klik aansluitend op de knop "Scan"
    • Wees geduldig en doe verder niets met de computer gedurende de scan,
      daar de scan geruime tijd kan duren.
  • Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.

  • Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "Verwijder geselecteerde" - dan zal de volgende melding komen:

    4f8d1a4d61ffa-EmsisoftEK2.jpg


  • Klik aansluitend dus op "Ja"
  • Wanneer het verwijderen klaar is, klik dan op de knop "View report" en selecteer het tekstbestand van deze scan met de naam zoals: a2scan_110730-111615.txt
  • Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.
Notabene: Herstart nu de computer.
 
Hallo.

Ik heb de scan uitgevoerd, bij het verwijderen van de geselecteerde reageerde het programma niet meer nadat hij vrijwel alles verwijderd had behalve 1 bestand. Maargoed deze risico was niet hoog. Hier is de log:

Emsisoft Emergency Kit - Versie 2.0
Laatste Update: 18-8-2012 1:35:22

Scaninstellingen:

Scantype: Diepe scan
Objecten: Rootkits, Geheugen, Sporen, C:\, D:\
Scan archieven: Aan
ADS Scan: Aan

Scan gestart: 18-8-2012 1:37:08

c:\program files (x86)\gamespy arcade Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\cstrike Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\addins Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\cstrike\frontline Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\action Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\cstrike Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\firearms Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\frontline Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\gearbox Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\halflife\tfc Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2 Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\aq2 Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\battle Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\chaosdm Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\duel Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\freeze Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\gloom Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\gxmod Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\holywars Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\jail Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\kots Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\lfiredm Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\lithium2 Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\lmctf Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\pball Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\q2comp Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\qpong Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\ra2 Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\requiem Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\sconfig Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\tourney Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\wf Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake2\wod Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3 Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\alliance Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\beryllium Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\excessive Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\instagib Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\jailbreak Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\matchmod Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\osp Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\q3comp Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\q3f Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\q3ut2 Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\requiem Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\rocketarena3 Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\quake3\wfa Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\arena Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\ch Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\ctf Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\ctfb Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\ctfplus Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\dd Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\dm Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\duel Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\fr Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\mt Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\open cal Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\rpg Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\tribes\tac Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\ut Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\ut\excessive Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\ut\rocketarena Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\custom\ut\swat Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\images Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\images\icons Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\images\portraits Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\profiles Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\profiles\(default) Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_common Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_demospy Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_fplanet Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_gnews Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_gspyder Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_news Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_support Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\skins Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\skins\(default3) Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\sounds Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\sounds\(default) Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\sounds\classic Ontdekt: Trace.File.gamespy arcade!E1
c:\users\felix\appdata\roaming\microsoft\windows\start menu\programs\gamespy arcade Ontdekt: Trace.File.gamespy arcade!E1
c:\users\felix\appdata\roaming\microsoft\windows\start menu\programs\activision value Ontdekt: Trace.File.seaworld adventure parks tycoon!E1
c:\program files (x86)\gamespy arcade\dat.bmp Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\4dca9208.dat Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_banner.gif Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_banner.html Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_bannerbg.jpg Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\arcres.dll Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_logo.jpg Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_loading.gif Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy arcade - debug.lnk Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\def_news.html Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy arcade help.url Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy arcade.lnk Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy arcade website.url Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gamespy.com gaming's homepage.url Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gslan.dll Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gsapak.exe Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\fpupdate.exe Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\install.log Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\gsws.dll Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\pw32.dll Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\register gamespy arcade.url Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_news\rsrc.dir Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\rptcrash.exe Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\readme.html Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_support\rsrc.dir Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_news\service_tab+.tga Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_news\service_tab.psd Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\services\_support\service_tab.psd Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\ws_default.html Ontdekt: Trace.File.gamespy arcade!E1
c:\program files (x86)\gamespy arcade\aphex.exe Ontdekt: Trace.File.gamespy arcade!E1
c:\users\felix\appdata\roaming\windrvconfig.txt Ontdekt: Trace.File.agent!E1
Value: hkey_current_user\software\gamespy\gamespy arcade --> instdir Ontdekt: Trace.Registry.gamespy arcade!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\gamespy arcade --> displayname Ontdekt: Trace.Registry.gamespy arcade!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\gamespy arcade --> uninstallstring Ontdekt: Trace.Registry.gamespy arcade!E1
Key: hkey_local_machine\software\trymedia systems Ontdekt: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software Ontdekt: Trace.Registry.trymedia!E1
C:\Users\Felix\Desktop\Bart\Darkcomet\DarkComet.exe Ontdekt: AdvHeur!E2
C:\Users\Felix\Desktop\Bart\Darkcomet\DarkCometRAT52-2F.zip -> Celesty Binder\Celesty.exe Ontdekt: HackTool.Win32.Binder!E2
C:\Users\Felix\Desktop\Bart\Darkcomet\DarkCometRAT52-2F.zip -> DarkComet.exe Ontdekt: AdvHeur!E2
C:\Program Files (x86)\Cheat Engine 6.1\cheatengine-i386.exe Ontdekt: Riskware.Win32.HackTool.CheatEngine.AB!E1

Gescand 694344
Gevonden 127

Scan geindigd: 18-8-2012 2:33:57
Scantijd: 0:56:49

Opmerking: Tijdens de scan kwam mijn eigen Anti-virus met een alert van 3 bestanden, deze heeft hij in quarantine geplaats.

bull.png
 
Laatst bewerkt door een moderator:
Zo te zien is alles wat gevonden is gelieerd aan games!

Doe de ComboFix scan nogmaals.
Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

- of ComboFix wil geupdated worden;
- of ComboFix wil opnieuw gedownload worden.

Krijg je dus zo'n melding, dan dit ook uitvoeren.
Post de inhoud van het log wederom via de kleurcodeerder.
 
Beste Abraham54, ik heb gedaan zoals je zei.

Hier is de log:

[hjt]
combofix 12-08-17.03 - felix 18-08-2012 13:02:48.4.8 - x64
microsoft windows 7 home premium 6.1.7601.1.1252.31.1043.18.8174.6267 [gmt 2:00]
gestart vanuit: c:\users\felix\desktop\combofix.exe
av: bullguard antivirus *disabled/outdated* {c3ccac61-52f7-a056-1860-6406566e2578}
fw: bullguard firewall *disabled* {fbf72d44-1898-a10e-333f-cd33a8bd6203}
sp: bullguard antispyware *disabled/outdated* {78ad4d85-74cd-afd8-22d0-5f742de96fc5}
sp: windows defender *enabled/updated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\felix\appdata\local\temp\{eb5172af-7bef-43c8-abe9-876a068d760b}\fpb.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3754.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3766.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem37e5.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3806.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3818.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3858.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem38c7.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem38d9.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem390a.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem391b.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem393c.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem395e.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem398e.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3a8a.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3abb.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3adc.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3b2c.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3bab.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3bfb.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem3dc1.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4072.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4093.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem40e3.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4172.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4193.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4241.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem43d9.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4429.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4488.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4574.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4b6f.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4b90.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4bff.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4c30.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4cde.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4d3d.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4d8d.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4dce.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4e2d.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4e6e.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4edd.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4f6b.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4fad.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4fbe.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem4fe0.tmp
c:\users\felix\appdata\local\temp\xtmp1mc3ve\dem5030.tmp
c:\users\felix\appdata\local\temp\ytmp7mc8aa\taa5644.tmp
.
.
(((((((((((((((((((( bestanden gemaakt van 2012-07-18 to 2012-08-18 ))))))))))))))))))))))))))))))
.
.
2012-08-18 11:07 . 2012-08-18 11:07 -------- d-----w- c:\users\updatususer\appdata\local\temp
2012-08-18 11:07 . 2012-08-18 11:07 -------- d-----w- c:\users\public\appdata\local\temp
2012-08-18 11:07 . 2012-08-18 11:07 -------- d-----w- c:\users\default\appdata\local\temp
2012-08-17 14:41 . 2012-08-18 10:57 -------- d-----w- c:\programdata\boost_interprocess
2012-08-17 13:17 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5afa5060-0ee2-46ad-8e1e-0604c4738f71}\mpengine.dll
2012-08-15 14:07 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 14:07 . 2012-05-05 07:46 43008 ----a-w- c:\windows\syswow64\srclient.dll
2012-08-15 14:07 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 14:07 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 14:07 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 14:07 . 2012-02-11 05:43 492032 ----a-w- c:\windows\syswow64\win32spl.dll
2012-08-15 14:07 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 14:07 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 14:07 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 14:07 . 2012-07-04 21:14 41984 ----a-w- c:\windows\syswow64\browcli.dll
2012-08-15 14:07 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 14:07 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-11 11:25 . 2012-08-15 22:00 -------- d-----w- c:\tmp
2012-08-11 10:40 . 2012-08-11 10:40 -------- d-----w- c:\program files (x86)\blender foundation
2012-08-08 23:21 . 2012-08-08 23:21 -------- d-----w- c:\program files (x86)\rtw - multicampaign
2012-08-08 20:06 . 2012-08-08 20:06 63840 ----a-w- c:\windows\system32\bglsp.dll
2012-08-08 20:06 . 2012-08-08 20:06 54624 ----a-w- c:\windows\syswow64\bglsp.dll
2012-08-08 19:54 . 2012-08-08 19:54 -------- d-----w- c:\program files\activision
2012-08-08 19:44 . 2012-08-08 19:44 282756 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-08-08 19:44 . 2012-08-08 19:44 163972 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\igdi.dll
2012-08-08 19:44 . 2005-03-24 03:18 692224 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\ikernel.dll
2012-08-08 19:44 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-08-08 19:44 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\dotnetinstaller.exe
2012-08-08 19:44 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-08-08 19:44 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-08-08 18:42 . 2012-08-08 22:08 -------- d-----w- c:\program files (x86)\the creative assembly
2012-08-08 18:41 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\ikernel.dll
2012-08-08 18:41 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2012-08-08 18:41 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2012-08-08 18:41 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2012-08-08 18:41 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\isbew64.exe
2012-08-08 18:41 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\dotnetinstaller.exe
2012-08-08 18:41 . 2012-08-08 18:41 200836 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\igdi.dll
2012-08-08 18:41 . 2012-08-08 18:41 331908 ----a-w- c:\program files (x86)\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2012-08-05 02:25 . 2012-08-05 02:25 -------- d-----w- c:\users\felix\appdata\local\facebook
2012-08-02 19:34 . 2012-08-09 18:33 -------- d-----w- c:\users\felix\appdata\local\albelli fotoboeken
2012-07-31 21:03 . 2012-07-31 21:03 -------- d-----w- c:\programdata\manycam
2012-07-25 16:34 . 2012-07-25 16:54 -------- d-----w- c:\users\felix\appdata\local\hema fotoalbum
2012-07-24 01:03 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-07-23 21:29 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-23 21:29 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-23 21:29 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\syswow64\msxml6.dll
2012-07-23 21:29 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\syswow64\msxml3.dll
2012-07-23 21:29 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-23 21:29 . 2010-06-26 03:24 2048 ----a-w- c:\windows\syswow64\msxml3r.dll
2012-07-23 21:29 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-22 00:40 . 2012-07-22 00:40 -------- d-----w- c:\users\felix\appdata\roaming\utherverse
2012-07-22 00:16 . 2012-07-22 00:16 -------- d-----w- c:\program files (x86)\utherverse digital inc
2012-07-21 13:49 . 2012-07-21 13:49 -------- d-----w- c:\users\felix\appdata\local\macromedia
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 16:22 . 2011-02-10 20:56 62134624 ----a-w- c:\windows\system32\mrt.exe
2012-08-15 15:19 . 2012-04-20 15:35 70344 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2012-08-15 15:19 . 2012-04-20 15:35 426184 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2012-07-03 11:46 . 2012-04-18 15:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 08:34 . 2012-03-08 08:41 38528 ----a-r- c:\windows\system32\drivers\afw.sys
2012-06-20 08:34 . 2012-03-08 08:41 445568 ----a-r- c:\windows\system32\drivers\afwcore.sys
2012-06-06 06:49 . 2012-06-06 06:49 1070152 ----a-w- c:\windows\syswow64\mscomctl.ocx
2012-06-02 22:19 . 2012-06-21 09:22 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 09:22 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 09:22 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 09:22 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 09:22 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 09:22 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 09:22 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 09:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 09:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\mpsigstub.exe
.
.
((((((((((((((((((((((((((((( snapshot@2012-08-17_13.09.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-11-21 03:09 . 2012-08-17 12:54 66818 c:\windows\system32\wdi\shutdownperformancediagnostics_systemdata.bin
+ 2010-11-21 03:09 . 2012-08-18 10:41 66818 c:\windows\system32\wdi\shutdownperformancediagnostics_systemdata.bin
+ 2009-07-14 05:10 . 2012-08-18 10:41 49600 c:\windows\system32\wdi\bootperformancediagnostics_systemdata.bin
+ 2011-08-25 14:18 . 2012-08-18 10:41 13592 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\s-1-5-21-3784602626-3873933597-2567512194-1001_userdata.bin
+ 2012-08-18 10:39 . 2012-08-18 11:08 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
- 2012-08-17 12:49 . 2012-08-17 13:08 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive1.dat
- 2012-08-17 12:49 . 2012-08-17 13:08 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
+ 2012-08-18 10:39 . 2012-08-18 11:08 2048 c:\windows\serviceprofiles\localservice\appdata\local\lastalive0.dat
- 2009-07-14 05:01 . 2012-08-16 21:56 400664 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-system.dat
+ 2009-07-14 05:01 . 2012-08-18 01:12 400664 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-system.dat
+ 2011-08-25 14:33 . 2012-08-18 01:12 37344404 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-s-1-5-21-3784602626-3873933597-2567512194-1001-8192.dat
+ 2011-08-25 21:31 . 2012-08-18 01:12 30155048 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-s-1-5-21-3784602626-3873933597-2567512194-1001-4096.dat
+ 2011-08-29 21:32 . 2012-08-18 01:12 11318016 c:\windows\serviceprofiles\localservice\appdata\local\fontcache-s-1-5-21-3784602626-3873933597-2567512194-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"manycam"=c:\program files (x86)\manycam\bin\manycam.exe [2012-06-28 2160024]
"facebook update"=c:\users\felix\appdata\local\facebook\update\facebookupdate.exe [2012-08-05 138096]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2012-01-03 843712]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2012-01-18 254696]
"tkbellexe"=c:\program files (x86)\real\realplayer\update\realsched.exe [2012-02-16 296056]
"logmein hamachi ui"=c:\program files (x86)\logmein hamachi\hamachi-2-ui.exe [2012-06-27 1996200]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 5 (0x5)
"consentpromptbehavioruser"= 3 (0x3)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_local_machine\software\wow6432node\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\bggamingmonitor.dll
.
[hkey_local_machine\system\currentcontrolset\control\lsa]
security packages reg_multi_sz kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\bsmain]
@="service"
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\bsscanner]
@="service"
.
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
r2 gupdate;google updateservice (gupdate);c:\program files (x86)\google\update\googleupdate.exe [2011-08-25 136176]
r2 skypeupdate;skype updater;c:\program files (x86)\skype\updater\updater.exe [2012-04-05 158856]
r3 adobeflashplayerupdatesvc;adobe flash player update service;c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2012-08-15 250056]
r3 gupdatem;google update-service (gupdatem);c:\program files (x86)\google\update\googleupdate.exe [2011-08-25 136176]
r3 lvpepf64;volume adapter;c:\windows\system32\drivers\lv302a64.sys [2008-07-26 15768]
r3 lvrs64;logitech rightsound filter driver;c:\windows\system32\drivers\lvrs64.sys [2008-07-26 790424]
r3 lvusbs64;logitech usb monitor filter;c:\windows\system32\drivers\lvusbs64.sys [2008-07-26 50072]
r3 osppsvc;office software protection platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe [2010-01-09 4925184]
r3 rtl8192su;%rtl8192su.devicedesc.dispname%;c:\windows\system32\drivers\rtl8192su.sys [2010-02-06 690208]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys [2010-11-21 31232]
r3 usbaapl64;apple mobile usb driver;c:\windows\system32\drivers\usbaapl64.sys [2011-08-02 51712]
r3 watadminsvc;windows activation technologies-service;c:\windows\system32\wat\watadminsvc.exe [2011-08-26 1255736]
r3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2010-09-23 129008]
r4 iastordatamgrsvc;intel(r) rapid storage technology;c:\program files (x86)\intel\intel(r) rapid storage technology\iastordatamgrsvc.exe [2011-04-30 13592]
r4 nvupdatusservice;nvidia update service daemon;c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe [2011-08-03 2255464]
r4 stereo service;nvidia stereoscopic 3d driver service;c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe [2011-08-03 379496]
r4 teamviewer7;teamviewer 7;c:\program files (x86)\teamviewer\version7\teamviewer_service.exe [2011-12-14 2984832]
r4 uns;intel(r) management and security application user notification service;c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe [2011-03-11 2656280]
r4 wlcrasvc;windows live mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-09-23 57184]
s0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2011-06-01 27240]
s1 a2dda;a2 direct disk access support driver;c:\users\felix\desktop\emsisoftemergencykit\run\a2ddax64.sys [2012-08-17 23208]
s1 afw;agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2012-06-20 38528]
s1 bdspy;bdspy;c:\windows\system32\drivers\bdspy.sys [2012-03-08 66272]
s1 novashieldfilterdriver;novashieldfilterdriver;c:\windows\system32\drivers\nskernel.sys [2012-03-08 256072]
s1 novashieldtdidriver;novashieldtdidriver;c:\windows\system32\drivers\nsnetmon.sys [2012-03-08 25160]
s1 vwififlt;virtual wifi filter driver;c:\windows\system32\drivers\vwififlt.sys [2009-07-14 59904]
s2 adobearmservice;adobe acrobat update service;c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe [2012-04-03 63928]
s2 bsbackup;bullguard backup service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsbhvscan;bullguard behavioural detection;c:\program files\bullguard ltd\bullguard\bullguardbhvscanner.exe [2012-06-16 368480]
s2 bsfilescan;bullguard on-access service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsfire;bullguard firewall service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsmailproxy;bullguard e-mail monitoring service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsmain;bullguard main service;c:\windows\system32\svchost.exe [2009-07-14 27136]
s2 bsscanner;bullguard scanning service;c:\program files\bullguard ltd\bullguard\bullguardscanner.exe [2012-06-16 199520]
s2 bsupdate;bullguard update service;c:\program files\bullguard ltd\bullguard\bullguardupdate.exe [2012-06-20 379744]
s2 hamachi2svc;logmein hamachi tunneling engine;c:\program files (x86)\logmein hamachi\hamachi-2.exe [2012-06-27 2369960]
s3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2012-06-20 445568]
s3 asmthub3;asmedia usb3 hub service;c:\windows\system32\drivers\asmthub3.sys [2011-03-04 126952]
s3 asmtxhci;asmedia xhci service;c:\windows\system32\drivers\asmtxhci.sys [2011-03-04 390632]
s3 manycam;manycam virtual webcam;c:\windows\system32\drivers\mcvidrv_x64.sys [2012-01-11 34304]
s3 mcaudrv_simple;manycam virtual microphone;c:\windows\system32\drivers\mcaudrv_x64.sys [2012-02-22 28160]
s3 meix64;intel(r) management engine interface;c:\windows\system32\drivers\hecix64.sys [2011-03-11 56344]
s3 monitorfunction;driver for monitor;c:\windows\system32\drivers\tvmonitor.sys [2011-11-11 16376]
s3 netr28ux;sweex wireless usb adapter driver;c:\windows\system32\drivers\netr28ux.sys [2010-07-27 1241952]
s3 nvhda;service for nvidia high definition audio driver;c:\windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
s3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys [2011-02-16 428136]
s3 screambaudiosvc;screambee audio;c:\windows\system32\drivers\screamingbaudio64.sys [2009-12-01 38992]
.
.
inhoud van de 'gedeelde taken' map
.
2012-08-18 c:\windows\tasks\adobe flash player updater.job
- c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2012-04-20 15:19]
.
2012-08-14 c:\windows\tasks\facebookupdatetaskusers-1-5-21-3784602626-3873933597-2567512194-1001core.job
- c:\users\felix\appdata\local\facebook\update\facebookupdate.exe [2012-08-05 02:25]
.
2012-08-17 c:\windows\tasks\facebookupdatetaskusers-1-5-21-3784602626-3873933597-2567512194-1001ua.job
- c:\users\felix\appdata\local\facebook\update\facebookupdate.exe [2012-08-05 02:25]
.
2012-08-18 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2011-08-25 14:15]
.
2012-08-18 c:\windows\tasks\googleupdatetaskmachineua1cd6f1b9c22a58c.job
- c:\program files (x86)\google\update\googleupdate.exe [2011-08-25 14:15]
.
2012-08-17 c:\windows\tasks\googleupdatetaskusers-1-5-21-3784602626-3873933597-2567512194-1001core1cd63ace5abf508.job
- c:\users\felix\appdata\local\google\update\googleupdate.exe [2012-04-14 17:43]
.
2012-08-18 c:\windows\tasks\googleupdatetaskusers-1-5-21-3784602626-3873933597-2567512194-1001ua.job
- c:\users\felix\appdata\local\google\update\googleupdate.exe [2012-04-14 17:43]
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"bullguard"=c:\program files\bullguard ltd\bullguard\bullguard.exe [2012-08-08 1863008]
"rthdvcpl"=c:\program files\realtek\audio\hda\ravcpl64.exe [2011-01-13 11774568]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{1984dd45-52cf-49cd-ab77-18f378fea264}"= c:\program files (x86)\stardock\fences\fencesmenu64.dll [2010-06-22 253288]
.
[hkey_local_machine\software\microsoft\windows nt\currentversion\windows]
"loadappinit_dlls"=0x1
"appinit_dlls"=c:\windows\system32\bggamingmonitor.dll
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
ustart page = hxxp://www.google.nl/
mlocal page = c:\windows\syswow64\blank.htm
uinternet settings,proxyoverride = *.local
ie: {{0b65dcc9-1740-43dc-b19c-4f309fb6a6ca} - [noparse]http://rover.ebay.com/rover/1/1346-72745-17534-1/4[/noparse]
lsp: c:\windows\system32\bglsp.dll
tcp: dhcpnameserver = 192.168.0.1
tcp: interfaces\{b2a0ec69-8ac3-43f2-a3c7-71d30759053b}: nameserver = 62.133.126.28
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.htm\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.html\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.shtml\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.xht\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_users\.default\software\microsoft\windows\currentversion\explorer\fileexts\.xhtml\userchoice]
@denied: (2) (localsystem)
"progid"="chromehtml"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil32_11_3_300_271_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil32_11_3_300_271_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{a483c63a-cdbc-426e-bf93-872502e8144e}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_3_300_271.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.11"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_3_300_271.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_3_300_271.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_11_3_300_271.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}]
@denied: (a 2) (everyone)
@="iflashbroker4"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{e3f2c3cb-5eb8-4a04-b22c-7e3b4b6af30f}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\wow6432node\microsoft\office\common\smart tag\actions\{b7eff951-e52f-45cc-9ef7-57124f2177cc}]
@denied: (a) (everyone)
"solution"="{15727de6-f92d-4e46-acb4-0e2c58b31a18}"
.
[hkey_local_machine\software\wow6432node\microsoft\schema library\actionspane3]
@denied: (a) (everyone)
.
[hkey_local_machine\software\wow6432node\microsoft\schema library\actionspane3\0]
"key"="actionspane3"
"location"="c:\\program files (x86)\\common files\\microsoft shared\\vsto\\actionspane3.xsd"
.
[hkey_local_machine\system\controlset001\control\class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\allusersettings]
@denied: (a) (users)
@denied: (a) (everyone)
@allowed: (b 1 2 3 4 5) (s-1-5-20)
"blinddial"=dword:00000000
.
[hkey_local_machine\system\controlset001\control\pcw\security]
@denied: (full) (everyone)
.
------------------------ andere aktieve processen ------------------------
.
c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\windows\syswow64\pnkbstra.exe
c:\windows\syswow64\pnkbstrb.exe
.
**************************************************************************
.
voltooingstijd: 2012-08-18 13:16:27 - machine werd herstart
combofix-quarantined-files.txt 2012-08-18 11:16
combofix2.txt 2012-08-17 13:13
.
pre-run: 1.302.848.299.008 bytes beschikbaar
post-run: 1.302.539.456.512 bytes beschikbaar
.
- - end of file - - 9c0f6df2c651307fce6f65d7e1ebc570

[/hjt]
 
Ik vermoed dat jij last hebt van Zero.Acces

Welk programma: Microsoft Safety Scanner
Waarvoor/waarom: specialistische scanner van Microsoft om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
Moeilijkheidsgraad: geen.
Download: Hier

Opmerking:
  • Microsoft Safety Scanner verloopt 10 dagen nadat het is gedownload.
  • Indien u opnieuw een scan wilt uitvoeren met de nieuwste definities ter voorkoming van schadelijke software,
    downloadt u Microsoft Safety Scanner opnieuw en voert u het opnieuw uit.
Dowload de Microsoft Safety Scanner hier.

Microsoft Safety Scanner opstarten:
  • Windows 2000 en Windows XP: start Microsoft's Safety Scanner middels dubbelklikken.
  • Windows Vista en Windows 7: start Microsoft's Safety Scanner middels rechtsklikken en dan kiezen voor Als Administrator uitvoeren.
Zet vervolgens een vinkje bij "Ik accepteer de voorwaarden van de bovenstaande gebruiksovereenkomst".

Scannen:
  • Bij het starten van 'Microsoft's Safety Scanner', klik op de knop "Volgende", vervolgens kies je voor 'Snelle Scan'.
  • Het scannen duurt wel even, dus wees geduldig.
 
De scan gaf aan dat er geen virussen of andere spyware is gevonden etc, maargoed. Ik kan mijn bureablad nog steeds niet op.
 
Dan gaan we wat anders proberen:

Download Windows Repair by Tweaking.com.
Pak het downloadbestand uit en verplaats vervolgens de map met uitgepakte bestanden naar het bureaublad.

Repair_Windows.exe opstarten:
  • Sluit nu eerst alle nog openstaande programmavensters!
    • Windows 2000 en Windows XP: start "Repair_Windows.exe" middels dubbelklik op de snelkoppeling.
    • Windows Vista en Windows 7: start "Repair_Windows.exe" middels rechtsklik en kies voor "Als Administrator uitvoeren."
  • Klik op de "Start Repairs tab".
  • Kies "Custom Mode" en klik dan op "Start".
  • maak ook een systeemherstelpunt, indien dat gevraagd wordt.
  • In het venster van "Custom Mode" selekter je de volgende reparatie-opties:
    • Repair WMI
    • Repair MDAC/MS Jet
    • Remove Policies Set By Infections
    • Repair Proxy Settings
    • Repair Windows Updates
  • Klik dan op de Startknop.
  • Wees geduldig terwijl het tool de geselecteerde opties uitvoert.
  • Indien het tool aangeeft dat er opnieuw opgestart dient te worden, om de veranderingen door te voeren, doe je dat.
 
Beste Abraham54,

Ik heb de scan laten uitvoeren.
Jammer genoeg heeft dit geen gevolgen gehad voor mijn probleem.
Zo is de situatie van mijn probleem nog steeds hetzelfde.
 
Wat gebeurt er indien je naar C:\Gebruikers\Hydra0010\Koppelingen gaat en daar op de snelkoppeling "Bureaublad" klikt.
 
Wanneer ik dit doe, kan ik gewoon mijn bureablad gebruiken doormiddel van de map.
Maar wat opmerkelijk is dat wanneer ik enkele uren geleden mijn computer checkte het bureablad het niet deed.
En nu ik enkele uren later weer kijk doet de snelkoppeling en bureablad het weer.

Maar hoogstwaarschijnlijk zou die het binnekort weer niet doen.
 
Nee, deze bestanden vind ik niet.

Wat trouwens ook wel opmerkelijk is dat wanneer de snelkoppeling naar het bureablad het wel doet, doet bijvoorbeeld mijn openstaande internet explorer het niet meer, en kan deze niet openen. Plots lukt de snelkoppeling naar internet explorer wel weer maar bureablad blijft het niet doen.
Erg raar allemaal.
 
Download SystemLook.exe voor 32-bit- dan wel 64-bit Windows
  • Download of verplaats het bestand naar het Bureaublad.

SystemLook.exe opstarten:
  • Windows 2000 en Windows XP: start SystemLook.exe middels dubbelklik op de snelkoppeling.
  • Windows Vista en Windows 7: start SystemLook.exe middels rechtsklik op de snelkoppeling en dan kiezen voor "Als Administrator uitvoeren".
In het venster dat opent kopieer je onderstaande code:
Code: 
[color=#0000FF][b][SIZE="4"]:filefind
explorer.exe
iexplorer.exe[/SIZE][/b][/color]
  • Klik op de knop "Look" om de scan te activeren.
  • Als de scan klaar is opent een tekstbestand (SystemLook.txt).
  • Post de inhoud van dit logbestand.
 
Status
Niet open voor verdere reacties.
                    Steun ons                    

Nieuwste berichten

Terug
Bovenaan