Hijackthislogje: toggle application

[Vincent]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:43:15, on 31/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Trendmicro\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Oberon Media Game Console service (OberonGameConsoleService) - Unknown owner - C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
O23 - Service: PowerSave Service (PowerSave) - Packard Bell Services - C:\Program Files (x86)\Packard Bell\Software Suite\PowerSave\PSPBSSS.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_38986e29a8b510a2\STacSV64.e xe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9308 bytes

[Rosty]

Hey,

niet direct iets verdachts te zien hoor! Wat is het probleem juist?

[Vincent]

Bedankt Rosty,

Denk dat U al het antwoord hebt gegeven, zie mijn vragen "Malware MBAM bug"

gr, Vincent

[Rosty]

Daar je in dit topic aangeeft dat het opgelost is gaat deze op slot.

[Rosty]

Op verzoek van de TS heropend.

• Download of Update PC Info naar je bureaublad.
• Verwijder de oudere versie (indien aanwezig) via Uninstall.
• Unzip PC Info.zip het en klik op SetupPC Info.

Doorloop het installatieproces en dubbelklik (rechtsklik en admin voor Vista en W7) op PC Info.
De scanning wordt nu ingezet.



Na de scanning klik je op de tab "Logs" en vink je "Expert Mode" aan .



Klik op "Create a log" en kopie en plak deze log in je volgende posting

[Vincent]

Bij het opstarten van de scan, krijg ik het volgende bericht: Er is een onverwerkte uitzondering opgetreden in de toepassing. Als u op doorgaan klikt wordt deze fout genegeerd en gaat de toepassing verder.
De indeling van de invoertekenreeks is onjuist.
De scan begint maar blijft steeds maar doorlopen (stopt niet), gisteren meer dan 2uur, deze morgen alles verwijderd en terug geinstalleerd,zelfde bericht bij opstarten is nu nog aan het scannen (werk met mijn oude laptop).

[Rosty]

Hmmmmm, raar ik breng de maker van de tool op de hoogte!!

Download ComboFix van één van deze locaties:
Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

• Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
  Klik hier
  Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
• Dubbeklik op ComboFix.exe en volg de meldingen op het scherm.
• ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.
  **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
• Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:



Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Vincent]

Heb de scan voortijdig gestopt, maar misschien vinden jullie hier al iets, zal hem volgende keer indien nodig langer laten lopen.

PC Info vers © Emphyrio
4/1/2012 11:44:25
Boot Status: Normal boot

************************************************** ************************************
OS INFO
************************************************** ************************************

OS Version:os
Editieed
Service Packsp
Build: label8
Windows OS Bitslabel9

************************************************** ************************************

Update detected : 2012-01-03 22:13:37
Update downloaded : 2012-01-03 07:28:21
Update installed : 2012-01-03 07:28:56

************************************************** ************************************
GENERAL INFO
************************************************** ************************************

Windows dirlabel7
User Profilelabel7
Java Versionlabel7
Antivirus:
Antispyware: Windows Defender [Updated - Running ]
Firewall (3th party):


************************************************** ************************************
REG SCAN
Empthy keys and/or values aren't logged !
************************************************** ************************************


-------------- SESSION MANAGER --------------

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
BootExecute = autocheck autochk * = = sdnclean64.exe


-------------- WINLOGON --------------

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

Userinit = C:\Windows\system32\userinit.exe,
Shell = explorer.exe


-------------- ShellServiceObjectDelayLoad --------------

HKLM\Software\Microsoft\Windows\CurrentVersion\She llServiceObjectDelayLoad\

WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
File in HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InProcServer32\


-------------- Shell Extensions\Approved --------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\



File in HKCR\CLSID\{08165EA0-E946-11CF-9C87-00AA005127ED}\InProcServer32\ = C:\Windows\System32\webcheck.dll


-------------- Shell Extensions\Approved WOW 6432--------------

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Shell Extensions\Approved\


-------------- SharedTaskScheduler --------------

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\SharedTaskScheduler\



File in HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32\ = C:\Windows\system32\explorerframe.dll


************************************************** ************************************
RUN KEYS
************************************************** ************************************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

HKCU\Software\Microsoft\Windows\CurrentVersion\Run OnceEx

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\RunOnce


HKCU\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\RunOnce

HKCU\Software\Microsoft\Windows\CurrentVersion\Run Once

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

EeeStorageBackup = C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
ETDWare = C:\Program Files\Elantech\ETDCtrl.exe
HotKeysCmds = C:\Windows\system32\hkcmd.exe
IgfxTray = C:\Windows\system32\igfxtray.exe
Persistence = C:\Windows\system32\igfxpers.exe
Windows Mobile Device Center = C:\Windows\WindowsMobile\wmdc.exe
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Run

QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Google Update = "C:\Users\Vincent Bourdeaux\AppData\Local\Google\Update\GoogleUpdate .exe" /c
SUPERAntiSpyware = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
************************************************** ************************************


-------------- Shell Folder --------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Shell Folders
Startup = C:\Users\Vincent Bourdeaux\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup


************************************************** ************************************
End of Boot Loading Keys
************************************************** ************************************

-------------- DLL Loaded --------------

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows


( 0x0 – Load any DLLs. 0x1 – Load only code-signed DLLs.)



*************** Krepper Trojan Pointers ******************

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run


HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load



-------------- ShellExecuteHooks --------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\exp lorer\ShellExecuteHooks


-------------- Command Processor --------------

HKLM\Software\Microsoft\Command Processor
HKCU\Software\Microsoft\Command Processor


************************************************** ************************************
RunServices
************************************************** ************************************
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Services

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ServicesOnce

HKU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunS ervicesOnce

HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Sidebar = C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun

HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Sidebar = C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun

************************************************** ************************************
BROWSER HELPER OBJECTS
************************************************** ************************************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} = avast! WebRep
File in HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\InProcServer32\
= C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
--------------------------------------------------------------------
{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} = Windows Live Family Safety Browser Helper Class
File in HKCR\CLSID\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}\InProcServer32\
= C:\Program Files\Windows Live\Family Safety\fssbho.dll
--------------------------------------------------------------------
{9030D464-4C02-4ABF-8ECC-5164760863C6} = Windows Live ID Sign-in Helper
AppID = {062C56BD-B2FF-4405-88D9-93154F27D785}
File in HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32\
= C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
--------------------------------------------------------------------
{DBC80044-A445-435b-BC74-9C25C1C588A9} = Java(tm) Plug-In 2 SSV Helper
File in HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\
= C:\Program Files\Java\jre6\bin\jp2ssv.dll
--------------------------------------------------------------------
BHO - WOW
--------------------------------------------------------------------
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\explorer\Browser Helper Objects

--------------------------- BHO - CLSID Wow6432Node --------------------------------

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} = Adobe PDF Link Helper
AppID = {77AB4812-5411-4EA9-8437-77AD0F230302}
File in HKCR\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\InProcServer32\
= C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

--------------------------------------------------------------------
--------------------------- BHO - CLSID Wow6432Node --------------------------------

--------------------------- BHO - CLSID Wow6432Node --------------------------------

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} = avast! WebRep
File in HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32\
= C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

--------------------------------------------------------------------
{9030D464-4C02-4ABF-8ECC-5164760863C6} = Windows Live ID Sign-in Helper
AppID = {062C56BD-B2FF-4405-88D9-93154F27D785}
File in HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32\
= C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

--------------------------- BHO - CLSID Wow6432Node --------------------------------

{9030D464-4C02-4ABF-8ECC-5164760863C6} = Windows Live ID Sign-in Helper
AppID = {062C56BD-B2FF-4405-88D9-93154F27D785}
File in HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\InProcServer32\
= C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

--------------------------------------------------------------------
{DBC80044-A445-435b-BC74-9C25C1C588A9} = Java(tm) Plug-In 2 SSV Helper
File in HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InProcServer32\
= C:\Program Files\Java\jre6\bin\jp2ssv.dll

--------------------------- BHO - CLSID Wow6432Node --------------------------------


************************************************** ************************************
TOOLBAR
************************************************** ************************************

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} = avast! WebRep
File in HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\InProcServer32\
= C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

--------------------------------------------------------------------
Toolbar - WOW
--------------------------------------------------------------------
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar

--------------------------- TOOLBAR - Wow6432Node --------------------------------
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} = avast! WebRep
File in HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\InProcServer32\
= C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
----------------------------------------------------------------------------------------------- TOOLBAR - Wow6432Node --------------------------------

************************************************** ************************************
URL SEARCH HOOKS
************************************************** ************************************

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks


************************************************** ************************************
SAFE BOOT
************************************************** ************************************

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot

AlternateShell = cmd.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal

{533C5B84-EC70-11D2-9505-00C04F79DEAF}
= Volume shadow copy{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
= IEEE 1394 Bus host controllers{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
= SBP2 IEEE 1394 Devices{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
= SecurityDevices

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work

{50DD5230-BA8A-11D1-BF5D-0000F805F530}
= Smart card readers{533C5B84-EC70-11D2-9505-00C04F79DEAF}
= Volume shadow copy{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
= IEEE 1394 Bus host controllers{D48179BE-EC20-11D1-B6B8-00C04FA372A7}
= SBP2 IEEE 1394 Devices{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}
= SecurityDevicesDnsCache
= ServiceWudfPf
= DriverWudfRd
= DriverWudfSvc
= ServiceWudfUsbccidDriver
= Driver
************************************************** ************************************
DESKTOP
************************************************** ************************************

HKCU\Control Panel\Desktop

ScreenSaveActive = 0
HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop\SCRNSAVE.EXE

************************************************** ************************************
SECURITYPROVIDERS
************************************************** ************************************

HKLM\system\currentcontrolset\control\securityprov iders

SecurityProviders = credssp.dll
File in C:\Windows\System32\credssp.dll 22016 bytes [ 23/02/2011 17:48:50 ]

************************************************** ************************************
SVCHOST (White Listed)
************************************************** ************************************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost

HPZ12 => Pml Driver HPZ12
SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12\Parameters
ServiceDll = C:\Windows\system32\HPZipm12.dll
HPZ12 => Net Driver HPZ12
SYSTEM\CurrentControlSet\Services\Net Driver HPZ12\Parameters
ServiceDll = C:\Windows\system32\HPZinw12.dll
HPService => HPSLPSVC
SYSTEM\CurrentControlSet\Services\HPSLPSVC\Paramet ers
ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
WindowsMobile => wcescomm
SYSTEM\CurrentControlSet\Services\wcescomm\Paramet ers
ServiceDll = C:\Windows\WindowsMobile\wcescomm.dll
WindowsMobile => rapimgr
SYSTEM\CurrentControlSet\Services\rapimgr\Paramete rs
ServiceDll = C:\Windows\WindowsMobile\rapimgr.dll
LocalServiceRestricted => WcesComm
SYSTEM\CurrentControlSet\Services\WcesComm\Paramet ers
ServiceDll = C:\Windows\WindowsMobile\wcescomm.dll
LocalServiceRestricted => RapiMgr
SYSTEM\CurrentControlSet\Services\RapiMgr\Paramete rs
ServiceDll = C:\Windows\WindowsMobile\rapimgr.dll

-------------- WOW-SVCHOST --------------

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost

hpdevmgmt => hpqcxs08
HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Service s\hpqcxs08\Parameters
ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
hpdevmgmt => hpqddsvc
HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Service s\hpqddsvc\Parameters
ServiceDll = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll


************************************************** ************************************
INTERFACES
************************************************** ************************************

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces

{23FA1320-7B20-454C-8CDC-36CB6DC37271}
--------------------------------------------------------------------
{4F2915BF-A0F8-40E0-8BA9-6F6C13C9E06C}
--------------------------------------------------------------------
{846ee342-7039-11de-9d20-806e6f6e6963}
--------------------------------------------------------------------
{DDA0C47B-D25D-4D09-9CDC-5B77757B6B3F}
--------------------------------------------------------------------
{FDFB5583-94EE-4800-B084-5601EF44CE3A}
--------------------------------------------------------------------


************************************************** ************************************
SEARCHSCOPES
************************************************** ************************************

HKCU\Software\Microsoft\Internet Explorer\SearchScopes

DefaultScope : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL :
--------------------------------------------------------------------

HKLM\Software\Microsoft\Internet Explorer\SearchScopes

DefaultScope : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
URL : http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
--------------------------------------------------------------------

There are no .job files found.

Log finished at 4/01/2012 11:44:26
********** END ********

[Vincent]

Rosty

Ben momenteel in Willerzie, met vakantie, ben volgende week thuis en heb dan meer mogelijkheden en tijd om het verder af te werken.

gr, Vincent

[Rosty]

Hier ook niets verdachts te zien hoor! De scan met Combofix is niet nodig.