• Deze website gebruikt cookies. Door deze website verder te gebruiken, gaat u akkoord met ons gebruik van cookies. Leer Meer.

Flippend toetsenbord?

Status
Niet open voor verdere reacties.

Python99

Gevestigd lid
#1
hallo allemaal

ik heb laats mijn computer een 'clean sweep' gegeven. Deels omdat dat beter is voor de harde schijf (toch?), deels omdat er een virus op zat:mellow:
Nu doet ie het weer prima, op een ding na: Af en toe, op de meest random momenten, begint het toetsenbord raar te doen. Als ik probeer te typen, typt hij sommige toetsen helemaal niet, en andere toetsen typen iets hl anders dan dat ze moeten doen. Een R wordt bijvoorbeeld een , een A wordt een @, en zo voort. Er gebeuren ook andere dingen, zodra het toetsenbord raar begint te doen:
-Als ik door mijn bestanden probeer te komen, moet ik alles handmatig openen (rechtermuisknop, openen). Als ik dit doe, opent hij een venster. Een normale dubbelklik wordt beschouwd als een (rechtermuisknop, eigenschappen)
-In een webbrowser, als ik op een link klik, opent hij de link altijd in een nieuw tabblad. Als ik vervolgens van tabbladen switch,dan 'vervaalt' het oude tabblad (het wordt helemaal onscherp. Ik moet dan 1 keer klikken op het tabblad, en dan doet hij het weer.
Ik heb al meerdere virusscans gedaan, maar hij vond niks. Het begint ondertussen irritant te worden, en weet niet meer waar ik aan moet denken. Daarom vraag ik: Weet iemand hier wat het kan zijn? Ik heb al verhalen gehoord van andere mensen die hetzelfde hebben gehad, maar wisten niet meer wat ze nou precies deden om het weer te fixen.

Groetjes

Python99


edit: Ik heb twee toetsenborden aan mijn computer hangen, 1 via usb, en 1 via dat 'ouderwetse' gedoe:wink:. Ik weet niet of dat nog wat uitmaakt
 
Laatst bewerkt door een moderator:

OB1

Ps3: cL_OliverB (Bo1+Bo2)
#2
Welke scans heb je gedaan?
Heb je het bij beide toetsenborden?

Verstuurd van mijn GT-S5839i met Tapatalk
 

OB1

Ps3: cL_OliverB (Bo1+Bo2)
#4
Download de setup van MalwareBytes Anti-Malware naar het bureaublad.

  • Dubbelklik op mbam-setup-2.0.exe om de installatie van Malwarebytes Anti-Malware te starten.
  • Volg de verdere aanwijzingen, de volledige installatieprocedure kunt u nalezen op de volgende link - Malwarebytes Anti-Malware installeren.

  • Klik vervolgens op de knop Scan nu om een bedreigingsscan uit te voeren.
  • Er zal nu gecontroleerd worden op beschikbare updates, klik hier op "Nu bijwerken als er beschikbare updates zijn.
  • De scan wordt nu automatisch gestart,wanneer de scan gereed is en er bedreigingen zijn gedetecteerd krijgt u hier een overzicht van.
  • Wanneer er geen bedreigingen zijn gedetecteerd klikt u na de scan op Bekijk gedetailleerd logboek.
    • Klik vervolgens op de knop Acties toepassen, bij de melding dat uw computer opnieuw opgestart moet worden klikt u op Nee.
    • Klik vervolgens op de knop Bekijk gedetailleerd logboek en klik op de knop exporteer en kies de optie tekstbestand (*.txt).
    • Geef vervolgens een bestandsnaam op voor het opslaan van het logbestand, bijvoorbeeld MBAM Scanlog en klik vervolgens op de knop Opslaan.
    • Dit bestand zal standaard op uw bureaublad worden opgeslagen.

Post de inhoud van het logbestand in een volgend bericht, gewoon via kopiren > plakken
 

Python99

Gevestigd lid
#5
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11-4-2014
Scan Time: 13:27:43
Logfile: .log
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.11.06
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Gebruiker

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 252982
Time Elapsed: 9 min, 28 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [4bc74fdabcbff046c102f7a0e71cb64a],
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\qone8Software, , [ba58d752d2a90a2c0c624056d42fe020],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [44ce6fbaa1da80b63c874354b54e3cc4],
PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginService, , [cf43c168a9d2082ea6c87101c2407a86],

Registry Values: 0
(No malicious items detected)

Registry Data: 10
PUP.Optional.Qone8.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://start.qone8.com/?type=sc&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://start.qone8.com/?type=sc&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A),,[5db567c2eb90ea4c8fecff1f679d9b65]
PUP.Optional.Qone8, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A),,[b0625dccc6b54cea517ca97408fc659b]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A),,[1002a28790ebda5c49e9b36144c08f71]
Hijack.StartPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A),,[a66c6cbd78039b9b17190c08768e44bc]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[a0722dfc4c2fad897d5139e4c3414fb1]
PUP.Optional.Qone8.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://start.qone8.com/?type=sc&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A, Good: (Chrome.exe), Bad: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://start.qone8.com/?type=sc&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A),,[8c86a08985f61422b0cbd04e887c817f]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe http://start.qone8.com/?type=sc&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A),,[42d050d9d8a39b9bf0ddea333cc838c8]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A),,[49c9fe2b3447c0760c26b16349bbf808]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A, Good: (http://www.google.com), Bad: (http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A),,[5db5cd5c6e0de94d57d9e82ce024cc34]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[060cb178c5b6d462e5e9f4296b9907f9]

Folders: 26
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\img, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\img\weather, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\en-US, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\es-419, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\es-ES, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\fr-BE, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\fr-CA, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\fr-CH, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\fr-FR, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\fr-LU, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\it-CH, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\it-IT, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\pl, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\pt-BR, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\ru, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\ru-MO, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\tr-TR, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\vi-VI, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\zh-CN, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\PROGRAM FILES (X86)\SupTab\web\_locales\zh-TW, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.IePluginService.A, C:\PROGRAMDATA\IePluginService, , [ca48ae7bec8faa8c70b84517e31ff50b],
PUP.Optional.IePluginService.A, C:\PROGRAMDATA\IePluginService\update, , [ca48ae7bec8faa8c70b84517e31ff50b],

Files: 57
PUP.Optional.OpenCandy, C:\$Recycle.Bin\S-1-5-21-1914704134-3901138233-515259785-1000\$RZFUH38.exe, , [c84aae7b611ac3738894c081b84c827e],
PUP.Optional.OneClickDownloader.A, C:\Users\Gebruiker\Downloads\Garrys_Mod_13_v153_rar.exe, , [d63c41e85526b08608c1c14a2ed308f8],
PUP.Optional.SkyTech.A, C:\Users\Gebruiker\AppData\Local\Temp\nssF5A6.tmp\ild_qone8.exe, , [71a1ca5f730867cffd0a3e1253aed030],
PUP.Optional.SkyTech.A, C:\Users\Gebruiker\AppData\Local\Temp\fullpackage_temp1397215376\alilog.dll, , [5bb7d356dc9fbc7a24ee83af8080d030],
PUP.Optional.SkyTech.A, C:\Users\Gebruiker\AppData\Local\Temp\fullpackage_temp1397215376\package1.zip, , [38da36f33a4165d118fab979ee126f91],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\search.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\sliders.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, , [858dc06962195adc82ef1959b34ffb05],
PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, , [cf43c168a9d2082ea6c87101c2407a86],
PUP.Optional.Qone8.A, C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "chrome://apps/", "http://www.google.com/", "http://start.qone8.com/?type=hp&ts=1397215390&from=ild&uid=ST31000524AS_9VPGJP5AXXXX9VPGJP5A" ],), ,[f91934f56b102016ff54b6939d67ac54]

Physical Sectors: 0
(No malicious items detected)


(end)
 

Abraham54

Administrator
Medewerker
#7
Download
ComboFix via n van deze locaties
:
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Start dan de computer opnieuw op.
 

Python99

Gevestigd lid
#8
[hjt]
combofix 14-04-09.02 - gebruiker 11-04-2014 19:23:34.1.4 - x64
microsoft windows 7 ultimate 6.1.7601.1.1252.31.1043.18.7671.5755 [gmt 2:00]
gestart vanuit: c:\users\gebruiker\desktop\combofix.exe
av: avg internet security 2014 *disabled/updated* {0e9420c4-06b3-7fa0-3ab1-6e49cb52ecd9}
fw: avg internet security 2014 *enabled* {36afa1e1-4cdc-7ef8-11ee-c77c3581aba2}
sp: avg internet security 2014 *disabled/updated* {b5f5c120-2089-702e-0001-553bb0d5a664}
sp: windows defender *disabled/outdated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
* nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( bestanden gemaakt van 2014-03-11 to 2014-04-11 ))))))))))))))))))))))))))))))
.
.
2014-04-11 17:30 . 2014-04-11 17:30 -------- d-----w- c:\users\default\appdata\local\temp
2014-04-11 17:02 . 2014-04-11 17:02 -------- d--h--w- c:\program files (x86)\common files\eainstaller
2014-04-11 17:00 . 2014-04-11 17:05 -------- d-----w- c:\program files (x86)\tank inspector
2014-04-11 12:45 . 2014-04-11 12:47 -------- d-----w- c:\program files (x86)\origin games
2014-04-11 11:23 . 2014-04-11 11:24 -------- d-----w- c:\programdata\wpm
2014-04-11 11:17 . 2014-04-11 11:32 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-11 11:17 . 2014-04-11 11:17 -------- d-----w- c:\programdata\malwarebytes
2014-04-10 11:35 . 2014-04-10 11:35 -------- d-----w- c:\programdata\mcafee
2014-04-09 17:27 . 2014-04-09 17:27 -------- d-----w- c:\program files\autodesk
2014-04-09 17:14 . 2014-04-10 11:54 -------- d-----w- c:\programdata\boost_interprocess
2014-04-09 17:12 . 2014-04-09 17:12 -------- d-----w- c:\programdata\flexnet
2014-04-09 17:10 . 2014-04-09 17:10 -------- d-----w- c:\program files (x86)\common files\macrovision shared
2014-04-09 17:07 . 2014-04-09 17:10 -------- d-----w- c:\program files (x86)\common files\autodesk shared
2014-04-09 16:22 . 2014-04-09 16:22 -------- d-----w- c:\autodesk
2014-04-09 14:23 . 2014-04-09 14:23 -------- d-----w- c:\program files (x86)\gemm
2014-04-03 14:28 . 2014-04-03 14:28 -------- d-----w- c:\program files (x86)\craft animations
2014-04-03 14:26 . 2014-04-03 14:26 -------- d-----w- c:\program files (x86)\allegorithmic
2014-04-03 14:25 . 2014-04-09 17:11 -------- d-----w- c:\program files (x86)\autodesk
2014-04-03 14:25 . 2014-04-09 17:13 -------- d-----w- c:\programdata\autodesk
2014-04-01 15:06 . 2014-04-01 17:37 -------- d-----w- c:\apps
2014-04-01 14:19 . 2014-04-01 14:42 -------- d-----w- c:\program files\blender foundation
2014-04-01 14:17 . 2014-04-09 16:55 -------- d-----w- c:\program files (x86)\niftools
2014-03-28 19:42 . 2014-03-29 13:23 2106216 ----a-w- c:\windows\syswow64\d3dcompiler_43.dll
2014-03-28 19:42 . 2014-03-29 13:24 -------- d-----w- c:\programdata\razer
2014-03-28 19:42 . 2014-03-29 13:24 -------- d-----w- c:\program files (x86)\razer
2014-03-28 19:04 . 2014-04-03 14:29 -------- d-----w- c:\windows\system32\appmgmt
2014-03-28 17:35 . 2014-03-28 17:35 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-03-28 17:35 . 2014-03-28 17:35 -------- d-----w- c:\program files (x86)\daemon tools lite
2014-03-28 17:34 . 2014-03-28 18:47 -------- d-----w- c:\programdata\daemon tools lite
2014-03-27 11:45 . 2014-03-27 11:45 -------- d-----w- c:\program files (x86)\common files\skype
2014-03-27 11:45 . 2014-03-27 11:45 -------- d-----r- c:\program files (x86)\skype
2014-03-27 11:45 . 2014-03-27 11:45 -------- d-----w- c:\programdata\skype
2014-03-18 14:03 . 2014-04-10 11:35 70832 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2014-03-18 14:03 . 2014-04-10 11:35 692400 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2014-03-18 14:03 . 2014-03-18 14:03 -------- d-----w- c:\windows\syswow64\macromed
2014-03-18 14:03 . 2014-03-18 14:03 -------- d-----w- c:\windows\system32\macromed
2014-03-16 13:22 . 2014-03-16 13:22 -------- d-----w- c:\program files\microsoft silverlight
2014-03-16 13:22 . 2014-03-16 13:22 -------- d-----w- c:\program files (x86)\microsoft silverlight
2014-03-16 09:29 . 2014-03-27 16:19 -------- d--h--w- c:\windows\msdownld.tmp
2014-03-16 09:29 . 2014-04-11 16:51 -------- d-----w- c:\spellen
2014-03-15 18:24 . 2014-03-28 19:43 -------- d-----w- c:\programdata\avg2014
2014-03-15 18:24 . 2014-03-15 18:24 -------- d-----w- c:\$avg
2014-03-15 18:24 . 2014-03-15 18:24 -------- d-----w- c:\program files (x86)\avg
2014-03-15 18:22 . 2014-04-11 16:18 -------- d-----w- c:\programdata\mfadata
2014-03-15 18:22 . 2014-03-15 18:22 -------- d--h--w- c:\programdata\common files
2014-03-15 14:00 . 2014-03-15 14:01 -------- d-----w- c:\boss
2014-03-15 14:00 . 2014-03-15 14:00 -------- d-----w- c:\windows\syswow64\files
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\windows\syswow64\skyprocdebug
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\programdata\oracle
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\program files (x86)\common files\java
2014-03-15 13:59 . 2014-03-15 13:59 96168 ----a-w- c:\windows\syswow64\windowsaccessbridge-32.dll
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\program files (x86)\java
2014-03-15 13:44 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-nl\wdf01000.sys.mui
2014-03-15 13:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-03-15 13:15 . 2014-03-15 13:16 -------- d-----w- c:\windows\system32\mrt
2014-03-15 13:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\wudfpf.sys
2014-03-15 13:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\wudfrd.sys
2014-03-15 13:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\wudfhost.exe
2014-03-15 13:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\wudfsvc.dll
2014-03-15 13:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\wudfx.dll
2014-03-15 13:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\wudfcoinstaller.dll
2014-03-15 13:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\wudfplatform.dll
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\syswow64\en
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\syswow64\drivers\umdf\en-us
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\syswow64\0409
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\syswow64\wbem\en-us
2014-03-15 13:08 . 2014-03-15 14:10 -------- d-----w- c:\windows\system32\drivers\en-us
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\system32\en
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\system32\drivers\umdf\en-us
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\system32\0409
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\system32\wbem\en-us
2014-03-15 13:03 . 2009-07-13 17:30 3584 ----a-w- c:\windows\system32\spool\prtprocs\x64\en-us\lxkptprc.dll.mui
2014-03-15 12:59 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\syswow64\d3d11.dll
2014-03-15 12:58 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
2014-03-15 12:48 . 2013-10-12 02:25 832000 ----a-w- c:\windows\system32\nshwfp.dll
2014-03-15 12:48 . 2013-10-12 02:24 861184 ----a-w- c:\windows\system32\ikeext.dll
2014-03-15 12:48 . 2013-10-12 02:24 324096 ----a-w- c:\windows\system32\fwpuclnt.dll
2014-03-15 12:48 . 2013-10-12 02:23 706560 ----a-w- c:\windows\system32\bfe.dll
2014-03-15 12:48 . 2013-10-12 01:57 657920 ----a-w- c:\windows\syswow64\nshwfp.dll
2014-03-15 12:48 . 2013-10-12 01:56 216576 ----a-w- c:\windows\syswow64\fwpuclnt.dll
2014-03-14 19:44 . 2014-04-09 14:34 -------- d-----w- c:\games
2014-03-14 19:43 . 2014-03-14 19:43 -------- d-----w- c:\program files\nexus mod manager
2014-03-14 17:44 . 2014-04-11 17:15 -------- d-----w- c:\programdata\origin
2014-03-14 17:44 . 2014-03-14 17:44 -------- d-----w- c:\programdata\electronic arts
2014-03-14 17:44 . 2014-04-11 12:45 -------- d-----w- c:\program files (x86)\origin
2014-03-14 17:43 . 2014-04-11 17:15 -------- d-----w- c:\program files (x86)\steam
2014-03-14 17:43 . 2014-04-10 19:11 -------- d-----w- c:\program files (x86)\common files\steam
2014-03-14 17:38 . 2009-04-10 19:58 14720 ----a-w- c:\windows\system32\drivers\valofltr.sys
2014-03-14 17:38 . 2014-03-14 17:38 -------- d-----w- c:\program files (x86)\roccat
2014-03-14 17:37 . 2014-03-14 17:37 -------- d-----w- c:\program files (x86)\mad catz
2014-03-14 17:34 . 2014-03-14 17:34 -------- d-----w- c:\program files (x86)\amd avt
2014-03-14 17:34 . 2014-03-14 17:34 -------- d-----w- c:\program files (x86)\amd
2014-03-14 17:34 . 2014-03-14 17:34 -------- d-----w- c:\program files (x86)\common files\ati technologies
2014-03-14 17:34 . 2014-03-14 17:34 -------- d-----w- c:\program files\ati technologies
2014-03-14 17:33 . 2014-03-14 17:33 -------- d-----w- c:\programdata\ati
2014-03-14 17:33 . 2014-03-14 17:34 -------- d-----w- c:\program files\amd
2014-03-14 17:33 . 2014-03-14 17:33 -------- d-----w- c:\program files\common files\ati technologies
2014-03-14 17:30 . 2014-03-14 17:30 -------- d-----w- c:\program files (x86)\microsoft.net
2014-03-14 17:30 . 2014-03-15 14:00 -------- d-----w- c:\programdata\package cache
2014-03-14 17:29 . 2014-03-14 17:29 -------- d-----w- c:\amd
2014-03-14 16:24 . 2014-03-14 16:24 -------- d-----w- c:\programdata\smarttechnology
2014-03-14 16:24 . 2014-03-14 16:24 -------- d-----w- c:\program files\smarttechnology
2014-03-14 16:23 . 2014-03-14 16:23 -------- d-----w- c:\program files\winrar
2014-03-14 16:00 . 2014-04-11 13:41 -------- d-----w- c:\program files (x86)\google
2014-03-14 15:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-03-14 15:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-03-14 15:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-03-14 15:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-03-14 15:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-03-14 15:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-03-14 15:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-03-14 15:59 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-03-14 15:59 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-03-14 15:57 . 2014-03-14 15:57 -------- d-----w- c:\windows\options
2014-03-14 15:57 . 2011-08-31 12:55 2736640 ----a-w- c:\windows\system32\drivers\athrx.sys
2014-03-14 15:57 . 2011-08-31 12:55 2736640 ----a-w- c:\windows\system32\athrx.sys
2014-03-14 15:57 . 2014-03-14 15:57 -------- d-----w- c:\programdata\tp-link
2014-03-14 15:56 . 2014-03-14 15:56 0 ----a-w- c:\windows\ativpsrm.bin
2014-03-14 15:53 . 2014-03-14 15:53 -------- d-----w- c:\windows\syswow64\rtcom
2014-03-14 15:53 . 2014-03-14 15:53 -------- d-----w- c:\program files\realtek
2014-03-14 15:51 . 2014-03-14 17:34 -------- d-----w- c:\programdata\amd
2014-03-14 15:51 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2014-03-14 15:51 . 2014-03-14 15:51 -------- dc----w- c:\windows\system32\drvstore
2014-03-14 15:51 . 2010-12-15 15:06 47232 ----a-r- c:\windows\system32\drivers\usbfilter.sys
2014-03-14 15:51 . 2011-07-28 09:01 58880 ----a-w- c:\windows\system32\coinst.dll
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-02 13:05 . 2012-03-04 16:19 90015360 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"sidebar"=c:\program files\windows sidebar\sidebar.exe [2010-11-21 1475584]
"daemon tools lite"=c:\program files (x86)\daemon tools lite\dtlite.exe [2014-03-04 3696912]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2013-11-21 959904]
"startccc"=c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe [2013-12-06 766208]
"roccatvalo"=c:\program files (x86)\roccat\valo keyboard\valomonitor.exe [2009-12-16 196608]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2013-07-02 254336]
"avg_ui"=c:\program files (x86)\avg\avg2014\avgui.exe [2014-03-19 4971024]
.
c:\programdata\microsoft\windows\start menu\programs\startup\
rat 9 charge indicator.lnk - c:\windows\installer\{e351a4ac-5d5d-4748-a2fe-310ec70f3e05}\_cd6d2b41032fc8a5bf211a.exe [2014-3-14 75993]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"consentpromptbehavioruser"= 0 (0x0)
"enablelua"= 0 (0x0)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"noresolvetrack"= 1 (0x1)
.
r2 avgidsagent;avgidsagent;c:\program files (x86)\avg\avg2014\avgidsagent.exe;c:\program files (x86)\avg\avg2014\avgidsagent.exe [x]
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [x]
r2 mi-raysat_3dsmax2012_32;mental ray 3.9 satellite for autodesk 3ds max 2012 32-bit - english 32-bit;c:\program files (x86)\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe;c:\program files (x86)\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [x]
r2 skypeupdate;skype updater;c:\program files (x86)\skype\updater\updater.exe;c:\program files (x86)\skype\updater\updater.exe [x]
r3 amdiox64;amd io driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\sysnative\drivers\amdiox64.sys [x]
r3 b06diag;broadcom netxtreme ii diag driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\sysnative\drivers\bxdiaga.sys [x]
r3 bfn7x64;bigfoot networks killer gaming service;c:\windows\system32\drivers\xeno7x64.sys;c:\windows\sysnative\drivers\xeno7x64.sys [x]
r3 bfnvis64;bigfoot networks killer gaming service;c:\windows\system32\drivers\xenova64.sys;c:\windows\sysnative\drivers\xenova64.sys [x]
r3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\sysnative\drivers\bxois.sys [x]
r3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\sysnative\drivers\dmvsc.sys [x]
r3 iamtve;stuurprogramma voor intel(r) active management technology - kcs;c:\windows\system32\drivers\iamtve.sys;c:\windows\sysnative\drivers\iamtve.sys [x]
r3 iamtxpe;stuurprogramma voor intel(r) active management technology - kcs;c:\windows\system32\drivers\iamtxpe.sys;c:\windows\sysnative\drivers\iamtxpe.sys [x]
r3 ifcoemp;ifcoemp;c:\windows\system32\drivers\ifm60x64.sys;c:\windows\sysnative\drivers\ifm60x64.sys [x]
r3 ifcoevb;ifcoevb;c:\windows\system32\drivers\ifp60x64.sys;c:\windows\sysnative\drivers\ifp60x64.sys [x]
r3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd162x64.sys;c:\windows\sysnative\drivers\qd162x64.sys [x]
r3 ioatdma2;intel(r) quickdata technology device ver.2;c:\windows\system32\drivers\qd262x64.sys;c:\windows\sysnative\drivers\qd262x64.sys [x]
r3 msicdsetup;msicdsetup;e:\cdriver64.sys;e:\cdriver64.sys [x]
r3 ntiolib_1_0_c;ntiolib_1_0_c;e:\ntiolib_x64.sys;e:\ntiolib_x64.sys [x]
r3 rdpvideominiport;remote desktop video miniport driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\sysnative\drivers\rdpvideominiport.sys [x]
r3 rtl8192su;realtek rtl8192su wireless lan 802.11n usb 2.0 network adapter;c:\windows\system32\drivers\rtl8192su.sys;c:\windows\sysnative\drivers\rtl8192su.sys [x]
r3 synth3dvsc;microsoft virtual 3d video transport driver;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\sysnative\drivers\synth3dvsc.sys [x]
r3 terminpt;microsoft remote desktop input driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\sysnative\drivers\terminpt.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\sysnative\drivers\tsusbflt.sys [x]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys;c:\windows\sysnative\drivers\tsusbgd.sys [x]
r3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\sysnative\drivers\tsusbhub.sys [x]
r3 vgpu;vgpu;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\sysnative\drivers\rdvgkmd.sys [x]
s0 avgidsha;avgidsha;c:\windows\system32\drivers\avgidsha.sys;c:\windows\sysnative\drivers\avgidsha.sys [x]
s0 avgloga;avg logging driver;c:\windows\system32\drivers\avgloga.sys;c:\windows\sysnative\drivers\avgloga.sys [x]
s0 avgmfx64;avg mini-filter resident anti-virus shield;c:\windows\system32\drivers\avgmfx64.sys;c:\windows\sysnative\drivers\avgmfx64.sys [x]
s0 avgrkx64;avg anti-rootkit driver;c:\windows\system32\drivers\avgrkx64.sys;c:\windows\sysnative\drivers\avgrkx64.sys [x]
s1 avgdiska;avg disk driver;c:\windows\system32\drivers\avgdiska.sys;c:\windows\sysnative\drivers\avgdiska.sys [x]
s1 avgfwfd;avg network filter service;c:\windows\system32\drivers\avgfwd6a.sys;c:\windows\sysnative\drivers\avgfwd6a.sys [x]
s1 avgidsdriver;avgidsdriver;c:\windows\system32\drivers\avgidsdrivera.sys;c:\windows\sysnative\drivers\avgidsdrivera.sys [x]
s1 avgldx64;avg avi loader driver;c:\windows\system32\drivers\avgldx64.sys;c:\windows\sysnative\drivers\avgldx64.sys [x]
s1 avgtdia;avg tdi driver;c:\windows\system32\drivers\avgtdia.sys;c:\windows\sysnative\drivers\avgtdia.sys [x]
s1 dtsoftbus01;daemon tools virtual bus driver;c:\windows\system32\drivers\dtsoftbus01.sys;c:\windows\sysnative\drivers\dtsoftbus01.sys [x]
s2 amd external events utility;amd external events utility;c:\windows\system32\atiesrxx.exe;c:\windows\sysnative\atiesrxx.exe [x]
s2 amd fuel service;amd fuel service;c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe;c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe [x]
s2 aoddriver4.2.0;aoddriver4.2.0;c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys;c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys [x]
s2 avgfws;avg firewall;c:\program files (x86)\avg\avg2014\avgfws.exe;c:\program files (x86)\avg\avg2014\avgfws.exe [x]
s2 avgwd;avg watchdog;c:\program files (x86)\avg\avg2014\avgwdsvc.exe;c:\program files (x86)\avg\avg2014\avgwdsvc.exe [x]
s3 atihdaudioservice;amd function driver for hd audio service;c:\windows\system32\drivers\atihdw76.sys;c:\windows\sysnative\drivers\atihdw76.sys [x]
s3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys;c:\windows\sysnative\drivers\rt64win7.sys [x]
s3 saik0cfa;saik0cfa;c:\windows\system32\drivers\saik0cfa.sys;c:\windows\sysnative\drivers\saik0cfa.sys [x]
s3 saiu0cfa;saiu0cfa;c:\windows\system32\drivers\saiu0cfa.sys;c:\windows\sysnative\drivers\saiu0cfa.sys [x]
s3 usbfilter;amd usb filter driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\sysnative\drivers\usbfilter.sys [x]
s3 valfltr;roccat valo keyboard;c:\windows\system32\drivers\valofltr.sys;c:\windows\sysnative\drivers\valofltr.sys [x]
.
.
[hkey_local_machine\software\wow6432node\microsoft\active setup\installed components\{8a69d345-d564-463c-aff1-a69d9e530f96}]
2014-04-11 13:42 1077576 ----a-w- c:\program files (x86)\google\chrome\application\34.0.1847.116\installer\chrmstp.exe
.
inhoud van de 'gedeelde taken' map
.
2014-04-11 c:\windows\tasks\adobe flash player updater.job
- c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2014-03-18 11:35]
.
2014-04-11 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2014-04-11 13:41]
.
2014-04-11 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2014-04-11 13:41]
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"rthdvcpl"=c:\program files\realtek\audio\hda\rtkngui64.exe [2012-05-08 6470760]
"profileru"=c:\program files\smarttechnology\software\profileru.exe [2013-04-16 454144]
"saimfd"=c:\program files\smarttechnology\software\saimfd.exe [2013-04-16 158208]
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
ustart page = hxxp://www.google.com
udefault_search_url = hxxp://www.qone8.com/web/?type=ds&ts=1397215390&from=ild&uid=st31000524as_9vpgjp5axxxx9vpgjp5a&q={searchterms}
mdefault_search_url = hxxp://www.qone8.com/web/?type=ds&ts=1397215390&from=ild&uid=st31000524as_9vpgjp5axxxx9vpgjp5a&q={searchterms}
mdefault_page_url = hxxp://www.google.com
mstart page = hxxp://www.google.com
mlocal page = c:\windows\syswow64\blank.htm
msearch page = hxxp://www.qone8.com/web/?type=ds&ts=1397215390&from=ild&uid=st31000524as_9vpgjp5axxxx9vpgjp5a&q={searchterms}
tcp: dhcpnameserver = 212.54.40.25 212.54.35.25
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
toolbar-locked - (no file)
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\system32\\macromed\\flash\\flashutil64_13_0_0_182_activex.exe,-101"
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\localserver32]
@=c:\\windows\\system32\\macromed\\flash\\flashutil64_13_0_0_182_activex.exe
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="iflashbroker5"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil32_13_0_0_182_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil32_13_0_0_182_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_13_0_0_182.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.13"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_13_0_0_182.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_13_0_0_182.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_13_0_0_182.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="iflashbroker5"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\system\controlset002\control\pcw\security]
@denied: (full) (everyone)
.
voltooingstijd: 2014-04-11 19:32:15
combofix-quarantined-files.txt 2014-04-11 17:32
.
pre-run: 875.058.933.760 bytes beschikbaar
post-run: 875.898.626.048 bytes beschikbaar
.
- - end of file - - 3684182729dfb8e61f568e7db3a3b1e5
a36c5e4f47e84449ff07ed3517b43a31
[/hjt]
 

Abraham54

Administrator
Medewerker
#9
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programmas\Bureau-accessoires\Kladblok (of Notepad)".

Kopieer en plak de volgende (blauwe tekst in het code-venster) in het lege kladblokvenster.


Code:
[B][color=#0000FF]ClearJavaCache::

Folder::
c:\program files (x86)\common files\eainstaller
c:\programdata\wpm
c:\programdata\mcafee
[/COLOR][/B]
Sla dit kladblokbestand op je bureaublad op als CFScript.txt.

Nu eerst de antivirus en eventuele spywarescanners deaktiveren!
Zorg ook ervoor dat alle andere openstaande vensters gesloten zijn, ook de webbrowser.


Sleep CFScript.txt in ComboFix.exe




Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!
Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in C:\Combofix.txt

Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  • Start dan de computer opnieuw op.
 
Laatst bewerkt door een moderator:

Python99

Gevestigd lid
#10
[hjt]
combofix 14-04-12.01 - gebruiker 12-04-2014 16:54:16.2.4 - x64
microsoft windows 7 ultimate 6.1.7601.1.1252.31.1043.18.7671.5992 [gmt 2:00]
gestart vanuit: c:\users\gebruiker\desktop\combofix.exe
gebruikte opdracht switches :: c:\users\gebruiker\desktop\cfscript.txt
av: avg internet security 2014 *disabled/updated* {0e9420c4-06b3-7fa0-3ab1-6e49cb52ecd9}
fw: avg internet security 2014 *enabled* {36afa1e1-4cdc-7ef8-11ee-c77c3581aba2}
sp: avg internet security 2014 *disabled/updated* {b5f5c120-2089-702e-0001-553bb0d5a664}
sp: windows defender *disabled/outdated* {d68ddc3a-831f-4fae-9e44-da132c1acf46}
* nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\common files\eainstaller
c:\program files (x86)\common files\eainstaller\command and conquer 3 tw and kw\cleanup.dat
c:\program files (x86)\common files\eainstaller\command and conquer 3 tw and kw\cleanup.exe
c:\program files (x86)\common files\eainstaller\command and conquer 3 tw and kw\gdf.dll
c:\programdata\mcafee
c:\programdata\mcafee\mclogs\mcuicnt\mcuicnt\mcuicnt000.log
c:\programdata\mcafee\mclogs\partnercustom\mcchsvc\mcchsvc000.log
c:\programdata\mcafee\mclogs\partnercustom\mcuicnt\mcuicnt000.log
c:\programdata\mcafee\mclogs\partnercustom\securityscan_release\securityscan_release000.log
c:\programdata\mcafee\mclogs\partnercustom\ssscheduler\ssscheduler000.log
c:\programdata\mcafee\mclogs\securityscanner\mcuicnt\mcuicnt000.log
c:\programdata\wpm
c:\programdata\wpm\log\wprotectmanager_2014-04-11[13-23-49-786].log
.
.
(((((((((((((((((((( bestanden gemaakt van 2014-03-12 to 2014-04-12 ))))))))))))))))))))))))))))))
.
.
2014-04-12 14:59 . 2014-04-12 14:59 -------- d-----w- c:\users\default\appdata\local\temp
2014-04-12 11:11 . 2014-04-12 11:11 -------- d-----w- c:\programdata\warthunder
2014-04-11 17:00 . 2014-04-11 17:05 -------- d-----w- c:\program files (x86)\tank inspector
2014-04-11 12:45 . 2014-04-11 12:47 -------- d-----w- c:\program files (x86)\origin games
2014-04-11 11:17 . 2014-04-11 11:32 119512 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-11 11:17 . 2014-04-11 11:17 -------- d-----w- c:\programdata\malwarebytes
2014-04-09 17:27 . 2014-04-09 17:27 -------- d-----w- c:\program files\autodesk
2014-04-09 17:14 . 2014-04-10 11:54 -------- d-----w- c:\programdata\boost_interprocess
2014-04-09 17:12 . 2014-04-09 17:12 -------- d-----w- c:\programdata\flexnet
2014-04-09 17:10 . 2014-04-09 17:10 -------- d-----w- c:\program files (x86)\common files\macrovision shared
2014-04-09 17:07 . 2014-04-09 17:10 -------- d-----w- c:\program files (x86)\common files\autodesk shared
2014-04-09 16:22 . 2014-04-09 16:22 -------- d-----w- c:\autodesk
2014-04-09 14:23 . 2014-04-09 14:23 -------- d-----w- c:\program files (x86)\gemm
2014-04-03 14:28 . 2014-04-03 14:28 -------- d-----w- c:\program files (x86)\craft animations
2014-04-03 14:26 . 2014-04-03 14:26 -------- d-----w- c:\program files (x86)\allegorithmic
2014-04-03 14:25 . 2014-04-09 17:11 -------- d-----w- c:\program files (x86)\autodesk
2014-04-03 14:25 . 2014-04-09 17:13 -------- d-----w- c:\programdata\autodesk
2014-04-01 15:06 . 2014-04-01 17:37 -------- d-----w- c:\apps
2014-04-01 14:19 . 2014-04-01 14:42 -------- d-----w- c:\program files\blender foundation
2014-04-01 14:17 . 2014-04-09 16:55 -------- d-----w- c:\program files (x86)\niftools
2014-03-28 19:42 . 2014-03-29 13:23 2106216 ----a-w- c:\windows\syswow64\d3dcompiler_43.dll
2014-03-28 19:42 . 2014-03-29 13:24 -------- d-----w- c:\programdata\razer
2014-03-28 19:42 . 2014-03-29 13:24 -------- d-----w- c:\program files (x86)\razer
2014-03-28 19:04 . 2014-04-03 14:29 -------- d-----w- c:\windows\system32\appmgmt
2014-03-28 17:35 . 2014-03-28 17:35 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2014-03-28 17:35 . 2014-03-28 17:35 -------- d-----w- c:\program files (x86)\daemon tools lite
2014-03-28 17:34 . 2014-03-28 18:47 -------- d-----w- c:\programdata\daemon tools lite
2014-03-27 11:45 . 2014-03-27 11:45 -------- d-----w- c:\program files (x86)\common files\skype
2014-03-27 11:45 . 2014-03-27 11:45 -------- d-----r- c:\program files (x86)\skype
2014-03-27 11:45 . 2014-03-27 11:45 -------- d-----w- c:\programdata\skype
2014-03-18 14:03 . 2014-04-10 11:35 70832 ----a-w- c:\windows\syswow64\flashplayercplapp.cpl
2014-03-18 14:03 . 2014-04-10 11:35 692400 ----a-w- c:\windows\syswow64\flashplayerapp.exe
2014-03-18 14:03 . 2014-03-18 14:03 -------- d-----w- c:\windows\syswow64\macromed
2014-03-18 14:03 . 2014-03-18 14:03 -------- d-----w- c:\windows\system32\macromed
2014-03-16 13:22 . 2014-03-16 13:22 -------- d-----w- c:\program files\microsoft silverlight
2014-03-16 13:22 . 2014-03-16 13:22 -------- d-----w- c:\program files (x86)\microsoft silverlight
2014-03-16 09:29 . 2014-04-12 14:02 -------- d--h--w- c:\windows\msdownld.tmp
2014-03-16 09:29 . 2014-04-12 11:11 -------- d-----w- c:\spellen
2014-03-15 18:24 . 2014-03-28 19:43 -------- d-----w- c:\programdata\avg2014
2014-03-15 18:24 . 2014-03-15 18:24 -------- d-----w- c:\$avg
2014-03-15 18:24 . 2014-03-15 18:24 -------- d-----w- c:\program files (x86)\avg
2014-03-15 18:22 . 2014-04-12 14:37 -------- d-----w- c:\programdata\mfadata
2014-03-15 18:22 . 2014-03-15 18:22 -------- d--h--w- c:\programdata\common files
2014-03-15 14:00 . 2014-03-15 14:01 -------- d-----w- c:\boss
2014-03-15 14:00 . 2014-03-15 14:00 -------- d-----w- c:\windows\syswow64\files
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\windows\syswow64\skyprocdebug
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\programdata\oracle
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\program files (x86)\common files\java
2014-03-15 13:59 . 2014-03-15 13:59 96168 ----a-w- c:\windows\syswow64\windowsaccessbridge-32.dll
2014-03-15 13:59 . 2014-03-15 13:59 -------- d-----w- c:\program files (x86)\java
2014-03-15 13:44 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-nl\wdf01000.sys.mui
2014-03-15 13:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2014-03-15 13:15 . 2014-03-15 13:16 -------- d-----w- c:\windows\system32\mrt
2014-03-15 13:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\wudfpf.sys
2014-03-15 13:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\wudfrd.sys
2014-03-15 13:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\wudfhost.exe
2014-03-15 13:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\wudfsvc.dll
2014-03-15 13:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\wudfx.dll
2014-03-15 13:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\wudfcoinstaller.dll
2014-03-15 13:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\wudfplatform.dll
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\syswow64\en
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\syswow64\drivers\umdf\en-us
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\syswow64\0409
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\syswow64\wbem\en-us
2014-03-15 13:08 . 2014-03-15 14:10 -------- d-----w- c:\windows\system32\drivers\en-us
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\system32\en
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\system32\drivers\umdf\en-us
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\system32\0409
2014-03-15 13:08 . 2014-03-15 13:08 -------- d-----w- c:\windows\system32\wbem\en-us
2014-03-15 13:03 . 2009-07-13 17:30 3584 ----a-w- c:\windows\system32\spool\prtprocs\x64\en-us\lxkptprc.dll.mui
2014-03-15 12:59 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\syswow64\d3d11.dll
2014-03-15 12:58 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll
2014-03-15 12:48 . 2013-10-12 02:25 832000 ----a-w- c:\windows\system32\nshwfp.dll
2014-03-15 12:48 . 2013-10-12 02:24 861184 ----a-w- c:\windows\system32\ikeext.dll
2014-03-15 12:48 . 2013-10-12 02:24 324096 ----a-w- c:\windows\system32\fwpuclnt.dll
2014-03-15 12:48 . 2013-10-12 02:23 706560 ----a-w- c:\windows\system32\bfe.dll
2014-03-15 12:48 . 2013-10-12 01:57 657920 ----a-w- c:\windows\syswow64\nshwfp.dll
2014-03-15 12:48 . 2013-10-12 01:56 216576 ----a-w- c:\windows\syswow64\fwpuclnt.dll
2014-03-14 19:44 . 2014-04-09 14:34 -------- d-----w- c:\games
2014-03-14 19:43 . 2014-03-14 19:43 -------- d-----w- c:\program files\nexus mod manager
2014-03-14 17:44 . 2014-04-11 17:15 -------- d-----w- c:\programdata\origin
2014-03-14 17:44 . 2014-03-14 17:44 -------- d-----w- c:\programdata\electronic arts
2014-03-14 17:44 . 2014-04-11 12:45 -------- d-----w- c:\program files (x86)\origin
2014-03-14 17:43 . 2014-04-12 14:03 -------- d-----w- c:\program files (x86)\steam
2014-03-14 17:43 . 2014-04-10 19:11 -------- d-----w- c:\program files (x86)\common files\steam
2014-03-14 17:38 . 2009-04-10 19:58 14720 ----a-w- c:\windows\system32\drivers\valofltr.sys
2014-03-14 17:38 . 2014-03-14 17:38 -------- d-----w- c:\program files (x86)\roccat
2014-03-14 17:37 . 2014-03-14 17:37 -------- d-----w- c:\program files (x86)\mad catz
2014-03-14 17:34 . 2014-03-14 17:34 -------- d-----w- c:\program files (x86)\amd avt
2014-03-14 17:34 . 2014-03-14 17:34 -------- d-----w- c:\program files (x86)\amd
2014-03-14 17:34 . 2014-03-14 17:34 -------- d-----w- c:\program files (x86)\common files\ati technologies
2014-03-14 17:34 . 2014-03-14 17:34 -------- d-----w- c:\program files\ati technologies
2014-03-14 17:33 . 2014-03-14 17:33 -------- d-----w- c:\programdata\ati
2014-03-14 17:33 . 2014-03-14 17:34 -------- d-----w- c:\program files\amd
2014-03-14 17:33 . 2014-03-14 17:33 -------- d-----w- c:\program files\common files\ati technologies
2014-03-14 17:30 . 2014-03-14 17:30 -------- d-----w- c:\program files (x86)\microsoft.net
2014-03-14 17:30 . 2014-03-15 14:00 -------- d-----w- c:\programdata\package cache
2014-03-14 17:29 . 2014-03-14 17:29 -------- d-----w- c:\amd
2014-03-14 16:24 . 2014-03-14 16:24 -------- d-----w- c:\programdata\smarttechnology
2014-03-14 16:24 . 2014-03-14 16:24 -------- d-----w- c:\program files\smarttechnology
2014-03-14 16:23 . 2014-03-14 16:23 -------- d-----w- c:\program files\winrar
2014-03-14 16:00 . 2014-04-11 13:41 -------- d-----w- c:\program files (x86)\google
2014-03-14 15:59 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-03-14 15:59 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-03-14 15:59 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-03-14 15:59 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-03-14 15:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-03-14 15:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-03-14 15:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-03-14 15:59 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-03-14 15:59 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-03-14 15:57 . 2014-03-14 15:57 -------- d-----w- c:\windows\options
2014-03-14 15:57 . 2011-08-31 12:55 2736640 ----a-w- c:\windows\system32\drivers\athrx.sys
2014-03-14 15:57 . 2011-08-31 12:55 2736640 ----a-w- c:\windows\system32\athrx.sys
2014-03-14 15:57 . 2014-03-14 15:57 -------- d-----w- c:\programdata\tp-link
2014-03-14 15:56 . 2014-03-14 15:56 0 ----a-w- c:\windows\ativpsrm.bin
2014-03-14 15:53 . 2014-03-14 15:53 -------- d-----w- c:\windows\syswow64\rtcom
2014-03-14 15:53 . 2014-03-14 15:53 -------- d-----w- c:\program files\realtek
2014-03-14 15:51 . 2014-03-14 17:34 -------- d-----w- c:\programdata\amd
2014-03-14 15:51 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2014-03-14 15:51 . 2014-03-14 15:51 -------- dc----w- c:\windows\system32\drvstore
2014-03-14 15:51 . 2010-12-15 15:06 47232 ----a-r- c:\windows\system32\drivers\usbfilter.sys
2014-03-14 15:51 . 2011-07-28 09:01 58880 ----a-w- c:\windows\system32\coinst.dll
2014-03-14 15:51 . 2011-07-28 09:36 462848 ----a-w- c:\windows\system32\atidemgx.dll
2014-03-14 15:50 . 2014-03-14 15:50 -------- d-----w- c:\program files\ati
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-02 13:05 . 2012-03-04 16:19 90015360 ----a-w- c:\windows\system32\mrt.exe
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"sidebar"=c:\program files\windows sidebar\sidebar.exe [2010-11-21 1475584]
"daemon tools lite"=c:\program files (x86)\daemon tools lite\dtlite.exe [2014-03-04 3696912]
.
[hkey_local_machine\software\wow6432node\microsoft\windows\currentversion\run]
"adobe arm"=c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe [2013-11-21 959904]
"startccc"=c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe [2013-12-06 766208]
"roccatvalo"=c:\program files (x86)\roccat\valo keyboard\valomonitor.exe [2009-12-16 196608]
"sunjavaupdatesched"=c:\program files (x86)\common files\java\java update\jusched.exe [2013-07-02 254336]
"avg_ui"=c:\program files (x86)\avg\avg2014\avgui.exe [2014-03-19 4971024]
.
c:\programdata\microsoft\windows\start menu\programs\startup\
rat 9 charge indicator.lnk - c:\windows\installer\{e351a4ac-5d5d-4748-a2fe-310ec70f3e05}\_cd6d2b41032fc8a5bf211a.exe [2014-3-14 75993]
.
[hkey_local_machine\software\microsoft\windows\currentversion\policies\system]
"consentpromptbehavioradmin"= 0 (0x0)
"consentpromptbehavioruser"= 0 (0x0)
"enablelua"= 0 (0x0)
"enableuiadesktoptoggle"= 0 (0x0)
.
[hkey_current_user\software\microsoft\windows\currentversion\policies\explorer]
"noresolvetrack"= 1 (0x1)
.
r2 avgidsagent;avgidsagent;c:\program files (x86)\avg\avg2014\avgidsagent.exe;c:\program files (x86)\avg\avg2014\avgidsagent.exe [x]
r2 clr_optimization_v4.0.30319_64;microsoft .net framework ngen v4.0.30319_x64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [x]
r2 mi-raysat_3dsmax2012_32;mental ray 3.9 satellite for autodesk 3ds max 2012 32-bit - english 32-bit;c:\program files (x86)\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe;c:\program files (x86)\autodesk\3ds max 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe [x]
r2 skypeupdate;skype updater;c:\program files (x86)\skype\updater\updater.exe;c:\program files (x86)\skype\updater\updater.exe [x]
r3 amdiox64;amd io driver;c:\windows\system32\drivers\amdiox64.sys;c:\windows\sysnative\drivers\amdiox64.sys [x]
r3 b06diag;broadcom netxtreme ii diag driver;c:\windows\system32\drivers\bxdiaga.sys;c:\windows\sysnative\drivers\bxdiaga.sys [x]
r3 bfn7x64;bigfoot networks killer gaming service;c:\windows\system32\drivers\xeno7x64.sys;c:\windows\sysnative\drivers\xeno7x64.sys [x]
r3 bfnvis64;bigfoot networks killer gaming service;c:\windows\system32\drivers\xenova64.sys;c:\windows\sysnative\drivers\xenova64.sys [x]
r3 bxois;bxois;c:\windows\system32\drivers\bxois.sys;c:\windows\sysnative\drivers\bxois.sys [x]
r3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\sysnative\drivers\dmvsc.sys [x]
r3 iamtve;stuurprogramma voor intel(r) active management technology - kcs;c:\windows\system32\drivers\iamtve.sys;c:\windows\sysnative\drivers\iamtve.sys [x]
r3 iamtxpe;stuurprogramma voor intel(r) active management technology - kcs;c:\windows\system32\drivers\iamtxpe.sys;c:\windows\sysnative\drivers\iamtxpe.sys [x]
r3 ifcoemp;ifcoemp;c:\windows\system32\drivers\ifm60x64.sys;c:\windows\sysnative\drivers\ifm60x64.sys [x]
r3 ifcoevb;ifcoevb;c:\windows\system32\drivers\ifp60x64.sys;c:\windows\sysnative\drivers\ifp60x64.sys [x]
r3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd162x64.sys;c:\windows\sysnative\drivers\qd162x64.sys [x]
r3 ioatdma2;intel(r) quickdata technology device ver.2;c:\windows\system32\drivers\qd262x64.sys;c:\windows\sysnative\drivers\qd262x64.sys [x]
r3 msicdsetup;msicdsetup;e:\cdriver64.sys;e:\cdriver64.sys [x]
r3 ntiolib_1_0_c;ntiolib_1_0_c;e:\ntiolib_x64.sys;e:\ntiolib_x64.sys [x]
r3 rdpvideominiport;remote desktop video miniport driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\sysnative\drivers\rdpvideominiport.sys [x]
r3 rtl8192su;realtek rtl8192su wireless lan 802.11n usb 2.0 network adapter;c:\windows\system32\drivers\rtl8192su.sys;c:\windows\sysnative\drivers\rtl8192su.sys [x]
r3 synth3dvsc;microsoft virtual 3d video transport driver;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\sysnative\drivers\synth3dvsc.sys [x]
r3 terminpt;microsoft remote desktop input driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\sysnative\drivers\terminpt.sys [x]
r3 tsusbflt;tsusbflt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\sysnative\drivers\tsusbflt.sys [x]
r3 tsusbgd;remote desktop generic usb device;c:\windows\system32\drivers\tsusbgd.sys;c:\windows\sysnative\drivers\tsusbgd.sys [x]
r3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\sysnative\drivers\tsusbhub.sys [x]
r3 vgpu;vgpu;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\sysnative\drivers\rdvgkmd.sys [x]
s0 avgidsha;avgidsha;c:\windows\system32\drivers\avgidsha.sys;c:\windows\sysnative\drivers\avgidsha.sys [x]
s0 avgloga;avg logging driver;c:\windows\system32\drivers\avgloga.sys;c:\windows\sysnative\drivers\avgloga.sys [x]
s0 avgmfx64;avg mini-filter resident anti-virus shield;c:\windows\system32\drivers\avgmfx64.sys;c:\windows\sysnative\drivers\avgmfx64.sys [x]
s0 avgrkx64;avg anti-rootkit driver;c:\windows\system32\drivers\avgrkx64.sys;c:\windows\sysnative\drivers\avgrkx64.sys [x]
s1 avgdiska;avg disk driver;c:\windows\system32\drivers\avgdiska.sys;c:\windows\sysnative\drivers\avgdiska.sys [x]
s1 avgfwfd;avg network filter service;c:\windows\system32\drivers\avgfwd6a.sys;c:\windows\sysnative\drivers\avgfwd6a.sys [x]
s1 avgidsdriver;avgidsdriver;c:\windows\system32\drivers\avgidsdrivera.sys;c:\windows\sysnative\drivers\avgidsdrivera.sys [x]
s1 avgldx64;avg avi loader driver;c:\windows\system32\drivers\avgldx64.sys;c:\windows\sysnative\drivers\avgldx64.sys [x]
s1 avgtdia;avg tdi driver;c:\windows\system32\drivers\avgtdia.sys;c:\windows\sysnative\drivers\avgtdia.sys [x]
s1 dtsoftbus01;daemon tools virtual bus driver;c:\windows\system32\drivers\dtsoftbus01.sys;c:\windows\sysnative\drivers\dtsoftbus01.sys [x]
s2 amd external events utility;amd external events utility;c:\windows\system32\atiesrxx.exe;c:\windows\sysnative\atiesrxx.exe [x]
s2 amd fuel service;amd fuel service;c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe;c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe [x]
s2 aoddriver4.2.0;aoddriver4.2.0;c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys;c:\program files\ati technologies\ati.ace\fuel\amd64\aoddriver2.sys [x]
s2 avgfws;avg firewall;c:\program files (x86)\avg\avg2014\avgfws.exe;c:\program files (x86)\avg\avg2014\avgfws.exe [x]
s2 avgwd;avg watchdog;c:\program files (x86)\avg\avg2014\avgwdsvc.exe;c:\program files (x86)\avg\avg2014\avgwdsvc.exe [x]
s3 atihdaudioservice;amd function driver for hd audio service;c:\windows\system32\drivers\atihdw76.sys;c:\windows\sysnative\drivers\atihdw76.sys [x]
s3 rtl8167;realtek 8167 nt driver;c:\windows\system32\drivers\rt64win7.sys;c:\windows\sysnative\drivers\rt64win7.sys [x]
s3 saik0cfa;saik0cfa;c:\windows\system32\drivers\saik0cfa.sys;c:\windows\sysnative\drivers\saik0cfa.sys [x]
s3 saiu0cfa;saiu0cfa;c:\windows\system32\drivers\saiu0cfa.sys;c:\windows\sysnative\drivers\saiu0cfa.sys [x]
s3 usbfilter;amd usb filter driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\sysnative\drivers\usbfilter.sys [x]
s3 valfltr;roccat valo keyboard;c:\windows\system32\drivers\valofltr.sys;c:\windows\sysnative\drivers\valofltr.sys [x]
.
.
[hkey_local_machine\software\wow6432node\microsoft\active setup\installed components\{8a69d345-d564-463c-aff1-a69d9e530f96}]
2014-04-11 13:42 1077576 ----a-w- c:\program files (x86)\google\chrome\application\34.0.1847.116\installer\chrmstp.exe
.
inhoud van de 'gedeelde taken' map
.
2014-04-12 c:\windows\tasks\adobe flash player updater.job
- c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe [2014-03-18 11:35]
.
2014-04-12 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files (x86)\google\update\googleupdate.exe [2014-04-11 13:41]
.
2014-04-12 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files (x86)\google\update\googleupdate.exe [2014-04-11 13:41]
.
.
--------- x64 entries -----------
.
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"rthdvcpl"=c:\program files\realtek\audio\hda\rtkngui64.exe [2012-05-08 6470760]
"profileru"=c:\program files\smarttechnology\software\profileru.exe [2013-04-16 454144]
"saimfd"=c:\program files\smarttechnology\software\saimfd.exe [2013-04-16 158208]
.
------- bijkomende scan -------
.
ulocal page = c:\windows\system32\blank.htm
ustart page = hxxp://www.google.com
udefault_search_url = hxxp://www.qone8.com/web/?type=ds&ts=1397215390&from=ild&uid=st31000524as_9vpgjp5axxxx9vpgjp5a&q={searchterms}
mdefault_search_url = hxxp://www.qone8.com/web/?type=ds&ts=1397215390&from=ild&uid=st31000524as_9vpgjp5axxxx9vpgjp5a&q={searchterms}
mdefault_page_url = hxxp://www.google.com
mstart page = hxxp://www.google.com
mlocal page = c:\windows\syswow64\blank.htm
msearch page = hxxp://www.qone8.com/web/?type=ds&ts=1397215390&from=ild&uid=st31000524as_9vpgjp5axxxx9vpgjp5a&q={searchterms}
tcp: dhcpnameserver = 212.54.40.25 212.54.35.25
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
addremove-{35a2fe53-cc80-4d17-941f-3a7c82824fc7} - c:\program files (x86)\common files\eainstaller\command and conquer 3 tw and kw\cleanup.exe
.
.
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\system32\\macromed\\flash\\flashutil64_13_0_0_182_activex.exe,-101"
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\localserver32]
@=c:\\windows\\system32\\macromed\\flash\\flashutil64_13_0_0_182_activex.exe
.
[hkey_local_machine\software\classes\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="iflashbroker5"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="flashbroker"
"localizedstring"="@c:\\windows\\syswow64\\macromed\\flash\\flashutil32_13_0_0_182_activex.exe,-101"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\elevation]
"enabled"=dword:00000001
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\localserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flashutil32_13_0_0_182_activex.exe
.
[hkey_local_machine\software\classes\wow6432node\clsid\{73c9dfa0-750d-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="shockwave flash object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_13_0_0_182.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\miscstatus]
@="0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\progid]
@="shockwaveflash.shockwaveflash.13"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_13_0_0_182.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb6e-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="shockwaveflash.shockwaveflash"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}]
@denied: (a 2) (everyone)
@="macromedia flash factory object"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\inprocserver32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_13_0_0_182.ocx
"threadingmodel"="apartment"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\progid]
@="flashfactory.flashfactory.1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\toolboxbitmap32]
@=c:\\windows\\syswow64\\macromed\\flash\\flash32_13_0_0_182.ocx, 1"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\typelib]
@="{d27cdb6b-ae6d-11cf-96b8-444553540000}"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\version]
@="1.0"
.
[hkey_local_machine\software\classes\wow6432node\clsid\{d27cdb70-ae6d-11cf-96b8-444553540000}\versionindependentprogid]
@="flashfactory.flashfactory"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}]
@denied: (a 2) (everyone)
@="iflashbroker5"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\proxystubclsid32]
@="{00020424-0000-0000-c000-000000000046}"
.
[hkey_local_machine\software\classes\wow6432node\interface\{6ae38ae0-750c-11e1-b0c4-0800200c9a66}\typelib]
@="{fab3e735-69c7-453b-a446-b6823c6df1c9}"
"version"="1.0"
.
[hkey_local_machine\system\controlset002\control\pcw\security]
@denied: (full) (everyone)
.
voltooingstijd: 2014-04-12 17:01:21
combofix-quarantined-files.txt 2014-04-12 15:01
combofix2.txt 2014-04-11 17:32
.
pre-run: 840.838.311.936 bytes beschikbaar
post-run: 840.758.038.528 bytes beschikbaar
.
- - end of file - - cbdb13be599d6b18e2e5aa444b0401dd
a36c5e4f47e84449ff07ed3517b43a31

[/hjt]
 

Python99

Gevestigd lid
#12
iki heb het nog steeds, al heb ik nu wel een truc gevonden of het (tijdelijk) te verhelpen: Ik start Steam op, en dan Skyrim. Daarna sluit ik Skyrim weer af, en hij doet het weer, soms voor 5 min, soms voor een paar uur. Maar het is nog steeds niet weg
 

Abraham54

Administrator
Medewerker
#13
Doe de
ESET online scan (Klik).

  • Klik op de blauwe knop Run ESET Online Scanner
  • Zet een vinkje bij YES, I accept the Terms of Use
  • Klik op Start
  • Sta het ActiveX control toe om te installeren.
  • Zet een vinkje bij de volgende opties:
    • Remove found threats
    • Scan archives
  • Klik vervolgens op Advanced Settings
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Klik op Start

  • De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
  • is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
  • Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner (Windows 64-bit: C:\Program Files (x86)\ESET\ESET Online Scanner) en klik daar op log.txt
  • Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.
  • Notabene: deaktiveer tijdelijk de eigen antivirus tijdens de scan, dan is de onlinescan sneller!

Gebruik je een andere browser dan IE, dan download je een kleine webinstaller, esetsmartinstaller_enu.exe.
De Eset Online scanner zal vervolgens in een kleiner venster opstarten, je markeert dan eerst de instelling zoals hierboven aangegeven.
Klik daarna op de knop "Start" - vervolgens zal eerst de database worden gedownload en is dat gebeurd, start de scan.
 

Python99

Gevestigd lid
#14
Ik heb dat laatste niet gedaan, het is nu wel weg. Nadat ik hem de volgende dag opstartte (zonder dat ESET online scan gedaan te hebben) was alles prima. Bedankt voor alle hulp, I really appriciate it ;)
 

Abraham54

Administrator
Medewerker
#15
Dat is dan fijn - doe nu het volgende: download
Security Check
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden of anders naar het bureaublad verplaatsen!
SecurityCheck.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op SecurityCheck.exe.
  • Windows Vista, Windows 7 en Windows 8 rechtsklik op SecurityCheck.exe en kies "Als Administrator uitvoeren".
  • Let op de instrukties in het zwarte venster.
  • Een Kladblok document genaamd checkup.txt dient automatisch open te gaan; sluit dit document via opslaan op het bureaublad.
  • Indien een van je veiligheidstools rapporteert, dat DIG.EXE het internet op wil, sta dit dan toe.
Post de inhoud van checkup.txt in jouw volgende post.
 

Python99

Gevestigd lid
#16
Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 51
Java version out of Date!
Adobe Reader 10.1.9 Adobe Reader out of Date!
Google Chrome 34.0.1847.116
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Abraham54

Administrator
Medewerker
#17
Daar is een en ander te verbeteren.

In de eerste plaats: de UAC of ook Gebruikersaccountbeheer is uitgeschakeld.
Daardoor is jouw moderne Windows maar net iets veiliger dan zijn antieke broertje Windows XP.
Advies: inschakelen - de hoogste stand is de veiligste.


Java
Download eerst Java SE Runtime Environment 7 Update 55 Windows Offline (64-bits) groot 27,7 MB

Echter nog niet de nieuwe versie installeren!

U gaat daarna eerst naar Configuratiescherm
  • Software - Windows 2000/Windows XP
  • Programma's en onderdelen - Windows Vista, Windows 7 en Windows 8
en u verwijdert daar alle voorkomende Java onderdelen.

Belangrijk: start nu eerst uw PC of notebook opnieuw op, zodat de oude Java instellingen verwijderd worden.
Nadat uw computer opnieuw is opgestart, mag u de nieuwste Java versie installeren.


Adobe Reader
Adobe Reader XI (11.0) is uit - deze is veiliger dan de voorgaande Readers, doordat deze versie in een virtuele omgeving opstart!

Dus: verwijder eerst de huidige Adobe Reader en ga dan naar http://get.adobe.com/nl/reader/ om de nieuwste Adobe Reader XI (11.0) te verkrijgen!
Vink wel eerst de meeliftende software van Google of McAfee uit, indien je die niet erbij wil hebben!

Als veel beter alternatief kan je Adobe inwisselen voor een andere PDF-reader, dan ben je AdobeReader met zijn telkens opduikende veiligheidsproblemen kwijt.
PDF-XChange Editor van Tracker Software is wat de gratis Readers betreft de favoriete software.
http://www.chip.de/downloads/PDF-XChange-Editor_65384876.html

Je zal merken dat deze het minstens net zo goed doet en bovendien veel sneller opstart.


En dan nu de webbrowsers.
Zowel IE alsook Chrome zijn niet up-todate.

Ook al gebruik je IE niet, omdat deze zo diep in Windows zit, altijd de meest aktuele versie aanhouden.

http://www.microsoft.com/nl-nl/download/details.aspx?id=40901


En dan nu Google Chrome: start deze op en klik dan op de drie balkjes rechtsoven in de browser.
Kies in het uiklapmenu voor "Over Google Chrome" en dan zal de updater al aktief zijn.

Post als alles gedaan is een nieuw Security-log.
 

Python99

Gevestigd lid
#18
Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Adobe Reader XI
Google Chrome 34.0.1847.116
Google Chrome 34.0.1847.131
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 

Abraham54

Administrator
Medewerker
#19
Dat ziet er nu goed uit.
En de Google updater was ook bij jou slordig.

OldChromeRemover
Download
OldChromeRemover

OldChromeRemover-0.5.exe opstarten:
  • Windows 2000 en Windows XP: dubbelklik op OldChromeRemover-0.5.exe.
  • Windows Vista, Windows 7 en Windows 8: via rechtsklik op OldChromeRemover-0.5.exe en kies voor "Als Administrator uitvoeren".

OldChromeRemover is een simpel opdrachtpromptprogramma ("zwart scherm"), dat onderzoekt of er nog achtergebleven versies van Google Chrome aanwezig zijn,
welke dus niet zijn opgeruimd door de Google update.
Dit "Consoleprogramma" zal snel alles verwijderen, behalve de nieuwste versie van Chrome, waardoor er weer ruimte wordt vrijgegeven op de harddisk.

Ook controleert het tool op aanwezige "Canary builds" van Chrome en verwijdert deze ook.
 
Status
Niet open voor verdere reacties.

Nieuwste berichten