Hallo,

Ik ben doorverwezen naar deze sectie van de fora vanuit de algemene Windows-sectie; van dit topic:
http://www.minatica.be/threads/75300-Algemene-problemen-o.a.-geluid-opstarten-processorverbruik-...
Ik denk niet dat er spyware op de computer staat, maar werd toch gevraagd om mijn log hier eens te laten nakijken op problemen. (meer info staat in het oorspronkelijke topic)

Hier komt het:

Alvast bedankt voor jullie tijd.
Tristan


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:29:17, on 10/05/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo x.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Weydts\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Weydts\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Weydts\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Weydts\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Weydts\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Weydts\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\RunOnce: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4056632808-708350455-503467518-1009\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-4056632808-708350455-503467518-1009\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Weydts\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Desura Install Service - Unknown owner - C:\Program Files\Common Files\Desura\desura_service.exe (file missing)
O23 - Service: DokanMounter - Unknown owner - C:\Program Files\Dokan\DokanLibrary\mounter.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9602 bytes

Ik zie ook geen rare dingen terug.

Download Iobit Smart Defrag (http://www.iobit.com/iobitsmartdefrag.html)
Gebruik de optie "Grondig Optimaliseren", deze defragmentatie zorgt ervoor, dat opstartbestanden en veel gebruikte Windows onderdelen naar de snellere gedeelten van de harddisk worden verplaatst. Hierdoor ontstaat snelheidswinst.
Zeker de eerste keer zal dit proces tijd vergen!


Download StartUpLite (http://www.malwarebytes.org/StartUpLite.exe) naar het bureaublad.
Open het programma StartUpLite en klik vervolgens op "Continue"
Herstart nu de computer.

Ik heb deze twee stappen uitgevoerd (defragmentatie duurde 16uur).
Na het gebruiken van StartUpLite duurde het opstarten van de computer nog steeds ongeveer 2 minuten (praktisch geen verschil met ervoor). Ik denk ongeveer 1 minuut tot het blauwe scherm 'Welcome' verschijnt, maar dan nog 50 seconden tot het bureaublad verschijnt (eerst komt er nog een zwart scherm, en tegen dat de computer bruikbaar is, zijn er twee minuten voorbijgegaan.) Ik vermoed dat dit niet normaal is.
Het windows geluidje bij opstarten klinkt enorm schokkerig (ik denk dat het zelfs nog erger geworden is). Ik zal het eens proberen op te nemen met een micro:
http://dl.dropbox.com/u/23259891/Memo.m4a

Download ComboFix van één van deze locaties:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier (http://www.bleepingcomputer.com/forums/topic114351.html) of hier (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) staat een handleiding over hoe je deze kan uitschakelen:)

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Logbestand van ComboFix:

ComboFix 11-05-12.02 - Weydts 13/05/2011 11:54:22.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3327.2529 [GMT 2:00]
Gestart vanuit: c:\users\Weydts\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\Weydts\AppData\Roaming\Microsoft\~DFK3fa1 2d9.tmp
c:\users\Weydts\AppData\Roaming\Microsoft\1eaadjc. dll
c:\users\Weydts\AppData\Roaming\Microsoft\bass.dll
c:\users\Weydts\AppData\Roaming\Microsoft\kfgresk. dll
c:\users\Weydts\AppData\Roaming\Microsoft\mjcriu.d ll
c:\users\Weydts\AppData\Roaming\Microsoft\peaadje. dll
c:\users\Weydts\AppData\Roaming\Microsoft\qwadjb.d ll
c:\users\Weydts\AppData\Roaming\Microsoft\rsaadjd. dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))
.
.
2011-05-13 10:10 . 2011-05-13 10:11 -------- d-----w- c:\users\Weydts\AppData\Local\temp
2011-05-13 10:10 . 2011-05-13 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-11 13:49 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 13:49 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 13:49 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 13:49 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 13:49 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 13:49 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 13:49 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 13:49 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 09:41 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 09:41 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 08:40 . 2011-05-11 08:42 -------- d-----w- c:\program files\MP3 My MP3 3.1
2011-05-10 17:44 . 2011-05-10 17:44 -------- d-----w- c:\program files\IObit
2011-05-10 13:00 . 2011-05-10 13:00 -------- d-----w- c:\users\Weydts\AppData\Roaming\TuneUp Software
2011-05-10 12:59 . 2011-05-10 14:37 -------- d-----w- c:\programdata\TuneUp Software
2011-05-10 12:59 . 2011-05-10 12:59 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-10 12:58 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6C7F809-6EBD-4A11-A29B-B89637559390}\mpengine.dll
2011-05-10 12:57 . 2011-02-19 05:56 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-05-10 12:57 . 2011-02-19 05:56 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-05-10 12:57 . 2011-02-19 05:56 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-10 12:57 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-06 13:52 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-29 21:08 . 2011-04-29 21:08 -------- d-sh--w- c:\users\Weydts\wc
2011-04-29 21:08 . 2011-04-29 21:08 -------- d-sh--w- c:\users\Weydts\AppData\Roaming\wyUpdate AU
2011-04-29 21:07 . 2011-05-04 20:23 -------- d-----w- c:\program files\Universe Sandbox
2011-04-27 10:10 . 2011-04-27 10:10 -------- d-----w- c:\users\Weydts\AppData\Roaming\Malwarebytes
2011-04-27 10:10 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 10:10 . 2011-04-27 10:10 -------- d-----w- c:\programdata\Malwarebytes
2011-04-27 10:10 . 2011-04-27 10:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 10:10 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 08:36 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 08:36 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 08:36 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 08:36 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 08:36 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 08:36 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 08:36 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 08:36 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 08:36 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 08:36 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 08:36 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 08:35 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-25 19:09 . 2011-04-25 19:09 -------- d-----w- c:\users\Weydts\AppData\Local\Sunbelt Software
2011-04-25 18:53 . 2011-04-25 19:30 -------- d-----w- c:\programdata\Lavasoft
2011-04-25 18:42 . 2011-04-25 19:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-25 17:24 . 2011-04-25 17:24 -------- d-----w- c:\programdata\PC-Doctor for Windows
2011-04-25 17:24 . 2011-04-25 17:25 -------- d-----w- c:\program files\PC-Doctor for Windows
2011-04-25 17:20 . 2011-05-11 10:19 -------- d--h--w- c:\program files\Temp
2011-04-25 17:20 . 2011-02-25 17:37 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-04-25 17:20 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iuser.dll
2011-04-25 17:20 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iscript.dll
2011-04-25 17:20 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iKernel.dll
2011-04-25 17:20 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ctor.dll
2011-04-25 17:20 . 2011-04-25 17:20 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\setup.dll
2011-04-25 17:20 . 2011-04-25 17:20 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iGdi.dll
2011-04-25 08:55 . 2011-05-04 10:32 -------- d-----w- c:\users\UpdatusUser
2011-04-25 08:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-25 08:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-25 08:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-25 08:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-25 08:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-25 08:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-25 08:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-04-25 08:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-25 08:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-25 08:54 . 2011-04-08 05:14 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-24 12:42 . 2011-05-08 18:31 -------- d-----w- c:\users\Weydts\AppData\Roaming\DiskSpaceFan
2011-04-24 12:42 . 2011-05-11 22:38 -------- d-----w- c:\program files\DiskSpaceFan
2011-04-22 13:11 . 2011-04-22 13:11 -------- d-----w- c:\program files\Common Files\Skype
2011-04-19 13:41 . 2011-04-19 13:41 -------- d-----w- c:\program files\iPod
2011-04-19 13:39 . 2011-04-19 13:39 -------- d-----w- c:\program files\Bonjour
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-10 12:10 . 2010-06-29 10:24 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-03-02 18:51 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-03-02 18:53 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-03-02 18:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-03-02 18:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-03-02 18:53 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-03-02 18:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-27 09:56 . 2010-03-06 15:15 737280 ----a-w- c:\windows\iun6002.exe
2011-04-08 05:14 . 2011-04-25 08:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2009-06-26 20:01 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2009-06-26 20:01 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-07 20:45 . 2011-04-07 20:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:45 . 2011-04-07 20:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:45 . 2011-04-07 20:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:44 . 2011-04-07 20:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:44 . 2011-04-07 20:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 14:05 . 2011-03-29 14:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-29 14:05 . 2011-03-29 14:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-29 14:05 . 2011-03-29 14:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-29 14:05 . 2011-03-29 14:05 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-29 14:05 . 2011-03-29 14:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-29 14:05 . 2011-03-29 14:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-29 14:05 . 2011-03-29 14:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-29 14:05 . 2011-03-29 14:05 367104 ----a-w- c:\windows\system32\html.iec
2011-03-29 14:05 . 2011-03-29 14:05 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-29 14:05 . 2011-03-29 14:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-29 14:05 . 2011-03-29 14:05 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-29 14:05 . 2011-03-29 14:05 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-29 14:05 . 2011-03-29 14:05 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-29 14:05 . 2011-03-29 14:05 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-29 14:05 . 2011-03-29 14:05 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-29 14:05 . 2011-03-29 14:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-29 14:05 . 2011-03-29 14:05 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-29 14:05 . 2011-03-29 14:05 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-29 14:05 . 2011-03-29 14:05 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-29 14:05 . 2011-03-29 14:05 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-29 14:05 . 2011-03-29 14:05 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-27 12:25 . 2011-03-26 11:16 139224 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-27 12:25 . 2011-03-26 11:16 183152 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-26 11:16 . 2011-03-26 11:16 22328 ----a-w- c:\users\Weydts\AppData\Roaming\PnkBstrK.sys
2011-03-26 11:16 . 2011-03-26 11:16 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-03-26 11:16 . 2011-03-26 11:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-11 08:29 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-03-11 05:40 . 2011-04-12 17:55 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-12 17:55 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-12 17:56 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-12 17:55 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-12 17:55 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-12 17:55 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 06:27 . 2011-02-23 06:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 06:27 . 2011-02-23 06:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 05:06 . 2011-04-12 17:56 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-12 17:56 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-12 17:56 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-12 17:55 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-12 17:55 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-12 17:55 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-12 17:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 05:32 . 2011-04-12 17:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-12 17:56 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-15 12:22 . 2011-02-15 12:22 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-02-15 12:22 . 2011-02-15 12:22 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-22 19:31 . 2011-03-22 19:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo xExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo xExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo xExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.ex e" [2010-02-22 406992]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 106992]
.
c:\users\Weydts\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo x.exe [2011-3-31 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Weydts^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\users\Weydts\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exe.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Google Update"="c:\users\Weydts\AppData\Local\Google\Update\Google Update.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x3 2.sys [x]
R3 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.SYS [2009-12-14 36608]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-03-25 31824]
R4 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-12 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/23 23:47];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 13:50 87536]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-05-10 53592]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-05-18 599040]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-08-06 750592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-03 16:44]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 16:45]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 16:45]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056632808-708350455-503467518-1001Core.job
- c:\users\Weydts\AppData\Local\Google\Update\Google Update.exe [2010-03-02 17:58]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056632808-708350455-503467518-1001UA.job
- c:\users\Weydts\AppData\Local\Google\Update\Google Update.exe [2010-03-02 17:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Weydts\AppData\Roaming\Mozilla\Firefox\Pr ofiles\pe6417a8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{ 55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2011-05-13 12:13:02
ComboFix-quarantined-files.txt 2011-05-13 10:13
.
Pre-Run: 360.033.026.048 bytes beschikbaar
Post-Run: 362.420.256.768 bytes beschikbaar
.
- - End Of File - - DAA8DBDF3253D17D0962FB6892DAC9E2

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

Firefox::
FF - ProfilePath - c:\users\Weydts\AppData\Roaming\Mozilla\Firefox\Pr ofiles\pe6417a8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3& q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=




Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :

http://crew.nucia.eu/smeenk/CFScript.gif
Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van Combofix.txt in je volgende antwoord.

Hier is het resultaat, een herstart van de pc was niet nodig:

ComboFix 11-05-13.01 - Weydts 13/05/2011 22:28:24.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.3327.2276 [GMT 2:00]
Gestart vanuit: c:\users\Weydts\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Weydts\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))
.
.
2011-05-13 20:35 . 2011-05-13 20:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-13 13:30 . 2004-08-28 00:06 61440 ----a-w- c:\windows\UnDeploy.exe
2011-05-13 10:13 . 2011-05-13 20:35 -------- d-----w- c:\users\Weydts\AppData\Local\temp
2011-05-11 13:49 . 2011-03-25 03:06 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 13:49 . 2011-03-25 03:06 284160 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 13:49 . 2011-03-25 03:06 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 13:49 . 2011-03-25 03:06 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 13:49 . 2011-03-25 03:06 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 13:49 . 2011-03-25 03:06 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 13:49 . 2011-03-25 03:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 13:49 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-05-11 09:41 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-05-11 09:41 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 08:40 . 2011-05-11 08:42 -------- d-----w- c:\program files\MP3 My MP3 3.1
2011-05-10 17:44 . 2011-05-10 17:44 -------- d-----w- c:\program files\IObit
2011-05-10 13:00 . 2011-05-10 13:00 -------- d-----w- c:\users\Weydts\AppData\Roaming\TuneUp Software
2011-05-10 12:59 . 2011-05-10 14:37 -------- d-----w- c:\programdata\TuneUp Software
2011-05-10 12:59 . 2011-05-10 12:59 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-05-10 12:58 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A6C7F809-6EBD-4A11-A29B-B89637559390}\mpengine.dll
2011-05-10 12:57 . 2011-02-19 05:56 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-05-10 12:57 . 2011-02-19 05:56 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-05-10 12:57 . 2011-02-19 05:56 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-05-10 12:57 . 2011-02-24 05:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-05-06 13:52 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-29 21:08 . 2011-04-29 21:08 -------- d-sh--w- c:\users\Weydts\wc
2011-04-29 21:08 . 2011-04-29 21:08 -------- d-sh--w- c:\users\Weydts\AppData\Roaming\wyUpdate AU
2011-04-27 10:10 . 2011-04-27 10:10 -------- d-----w- c:\users\Weydts\AppData\Roaming\Malwarebytes
2011-04-27 10:10 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 10:10 . 2011-04-27 10:10 -------- d-----w- c:\programdata\Malwarebytes
2011-04-27 10:10 . 2011-04-27 10:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-27 10:10 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 08:36 . 2011-03-11 05:44 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-04-27 08:36 . 2011-03-11 05:44 1210240 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-04-27 08:36 . 2011-03-11 05:44 146304 ----a-w- c:\windows\system32\drivers\storport.sys
2011-04-27 08:36 . 2011-03-11 05:44 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-04-27 08:36 . 2011-03-11 05:43 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-04-27 08:36 . 2011-03-11 05:43 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-04-27 08:36 . 2011-03-11 05:43 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-04-27 08:36 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\system32\esent.dll
2011-04-27 08:36 . 2011-03-11 05:37 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-04-27 08:36 . 2011-03-12 11:31 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 08:36 . 2011-02-18 05:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-04-27 08:35 . 2011-02-26 05:33 2614784 ----a-w- c:\windows\explorer.exe
2011-04-25 19:09 . 2011-04-25 19:09 -------- d-----w- c:\users\Weydts\AppData\Local\Sunbelt Software
2011-04-25 18:53 . 2011-04-25 19:30 -------- d-----w- c:\programdata\Lavasoft
2011-04-25 18:42 . 2011-04-25 19:20 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-25 17:24 . 2011-04-25 17:24 -------- d-----w- c:\programdata\PC-Doctor for Windows
2011-04-25 17:24 . 2011-04-25 17:25 -------- d-----w- c:\program files\PC-Doctor for Windows
2011-04-25 17:20 . 2011-05-11 10:19 -------- d--h--w- c:\program files\Temp
2011-04-25 17:20 . 2011-02-25 17:37 1284712 ----a-w- c:\windows\RtlExUpd.dll
2011-04-25 17:20 . 2006-02-07 13:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iuser.dll
2011-04-25 17:20 . 2006-02-07 13:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iscript.dll
2011-04-25 17:20 . 2006-02-07 13:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iKernel.dll
2011-04-25 17:20 . 2006-02-07 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\ctor.dll
2011-04-25 17:20 . 2011-04-25 17:20 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\setup.dll
2011-04-25 17:20 . 2011-04-25 17:20 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Int el32\iGdi.dll
2011-04-25 08:55 . 2011-05-13 10:20 -------- d-----w- c:\users\UpdatusUser
2011-04-25 08:54 . 2011-04-08 05:14 944232 ----a-w- c:\windows\system32\nvdispco3220140.dll
2011-04-25 08:54 . 2011-04-08 05:14 855656 ----a-w- c:\windows\system32\nvgenco322060.dll
2011-04-25 08:54 . 2011-04-08 05:14 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-25 08:54 . 2011-04-08 05:14 5180824 ----a-w- c:\windows\system32\nvcuda.dll
2011-04-25 08:54 . 2011-04-08 05:14 2765928 ----a-w- c:\windows\system32\nvcuvid.dll
2011-04-25 08:54 . 2011-04-08 05:14 2074216 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-04-25 08:54 . 2011-04-08 05:14 15227496 ----a-w- c:\windows\system32\nvoglv32.dll
2011-04-25 08:54 . 2011-04-08 05:14 13007464 ----a-w- c:\windows\system32\nvcompiler.dll
2011-04-25 08:54 . 2011-04-08 05:14 10690024 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-04-25 08:54 . 2011-04-08 05:14 10071656 ----a-w- c:\windows\system32\nvd3dum.dll
2011-04-24 12:42 . 2011-05-08 18:31 -------- d-----w- c:\users\Weydts\AppData\Roaming\DiskSpaceFan
2011-04-24 12:42 . 2011-05-11 22:38 -------- d-----w- c:\program files\DiskSpaceFan
2011-04-22 13:11 . 2011-04-22 13:11 -------- d-----w- c:\program files\Common Files\Skype
2011-04-19 13:41 . 2011-04-19 13:41 -------- d-----w- c:\program files\iPod
2011-04-19 13:39 . 2011-04-19 13:39 -------- d-----w- c:\program files\Bonjour
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2011-05-10 12:10 . 2010-06-29 10:24 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-03-02 18:51 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-03-02 18:53 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-03-02 18:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-03-02 18:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-03-02 18:53 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-03-02 18:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-27 09:56 . 2010-03-06 15:15 737280 ----a-w- c:\windows\iun6002.exe
2011-04-08 05:14 . 2011-04-25 08:54 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-04-08 05:14 . 2009-06-26 20:01 6299752 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-04-08 05:14 . 2009-06-26 20:01 2034280 ----a-w- c:\windows\system32\nvapi.dll
2011-04-07 20:45 . 2011-04-07 20:45 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-04-07 20:45 . 2011-04-07 20:45 612456 ----a-w- c:\windows\system32\nvvsvc.exe
2011-04-07 20:45 . 2011-04-07 20:45 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-04-07 20:44 . 2011-04-07 20:44 3701352 ----a-w- c:\windows\system32\nvcpl.dll
2011-04-07 20:44 . 2011-04-07 20:44 2565224 ----a-w- c:\windows\system32\nvsvc.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-29 14:05 . 2011-03-29 14:05 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-29 14:05 . 2011-03-29 14:05 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-29 14:05 . 2011-03-29 14:05 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-29 14:05 . 2011-03-29 14:05 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-29 14:05 . 2011-03-29 14:05 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-29 14:05 . 2011-03-29 14:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-29 14:05 . 2011-03-29 14:05 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-29 14:05 . 2011-03-29 14:05 367104 ----a-w- c:\windows\system32\html.iec
2011-03-29 14:05 . 2011-03-29 14:05 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-29 14:05 . 2011-03-29 14:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-29 14:05 . 2011-03-29 14:05 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-29 14:05 . 2011-03-29 14:05 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-29 14:05 . 2011-03-29 14:05 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-29 14:05 . 2011-03-29 14:05 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-29 14:05 . 2011-03-29 14:05 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-29 14:05 . 2011-03-29 14:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-29 14:05 . 2011-03-29 14:05 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-29 14:05 . 2011-03-29 14:05 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-29 14:05 . 2011-03-29 14:05 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-29 14:05 . 2011-03-29 14:05 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-29 14:05 . 2011-03-29 14:05 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-27 12:25 . 2011-03-26 11:16 139224 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-03-27 12:25 . 2011-03-26 11:16 183152 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-26 11:16 . 2011-03-26 11:16 22328 ----a-w- c:\users\Weydts\AppData\Roaming\PnkBstrK.sys
2011-03-26 11:16 . 2011-03-26 11:16 669184 ----a-w- c:\windows\system32\pbsvc.exe
2011-03-26 11:16 . 2011-03-26 11:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-11 08:29 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
2011-03-11 05:40 . 2011-04-12 17:55 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 05:40 . 2011-04-12 17:55 1137664 ----a-w- c:\windows\system32\mfc42.dll
2011-03-08 05:38 . 2011-04-12 17:56 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 05:29 . 2011-04-12 17:55 132608 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-03-03 05:27 . 2011-04-12 17:55 28672 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-03-03 03:31 . 2011-04-12 17:55 2331136 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 06:27 . 2011-02-23 06:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 06:27 . 2011-02-23 06:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 05:06 . 2011-04-12 17:56 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-23 05:05 . 2011-04-12 17:56 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-23 05:05 . 2011-04-12 17:56 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-23 05:05 . 2011-04-12 17:55 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-23 05:05 . 2011-04-12 17:55 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-23 05:05 . 2011-04-12 17:55 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-23 05:05 . 2011-04-12 17:55 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-19 05:32 . 2011-04-12 17:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-19 03:37 . 2011-04-12 17:56 294912 ----a-w- c:\windows\system32\atmfd.dll
2011-02-18 15:36 . 2011-02-18 15:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 15:36 . 2011-02-18 15:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-15 12:22 . 2011-02-15 12:22 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-02-15 12:22 . 2011-02-15 12:22 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-22 19:31 . 2011-03-22 19:31 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo xExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo xExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo xExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2010-03-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe" [2010-03-06 500208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 106992]
.
c:\users\Weydts\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo x.exe [2011-3-31 23360040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Weydts^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
path=c:\users\Weydts\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\PowerReg Scheduler.exe
backup=c:\windows\pss\PowerReg Scheduler.exe.Startup
backupExtension=.Startup
.
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"Google Update"="c:\users\Weydts\AppData\Local\Google\Update\Google Update.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x3 2.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.SYS [2009-12-14 36608]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2010-04-19 18432]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-03-25 31824]
R4 AirPrint;AirPrint;c:\program files\AirPrint\airprint.exe [x]
R4 Desura Install Service;Desura Install Service;c:\program files\Common Files\Desura\desura_service.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-12 691696]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/03/23 23:47];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2009-10-20 13:50 87536]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2011-05-10 53592]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [2009-05-18 599040]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2009-08-06 750592]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-05-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-03 16:44]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 16:45]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 16:45]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056632808-708350455-503467518-1001Core.job
- c:\users\Weydts\AppData\Local\Google\Update\Google Update.exe [2010-03-02 17:58]
.
2011-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056632808-708350455-503467518-1001UA.job
- c:\users\Weydts\AppData\Local\Google\Update\Google Update.exe [2010-03-02 17:58]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Weydts\AppData\Roaming\Mozilla\Firefox\Pr ofiles\pe6417a8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{ 55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4336)
c:\users\Weydts\AppData\Roaming\Dropbox\bin\Dropbo xExt.14.dll
.
Voltooingstijd: 2011-05-13 22:37:38
ComboFix-quarantined-files.txt 2011-05-13 20:37
ComboFix2.txt 2011-05-13 10:13
.
Pre-Run: 363.901.427.712 bytes beschikbaar
Post-Run: 363.813.486.592 bytes beschikbaar
.
- - End Of File - - 55F76789813F95A046B1F9FB656B8D59

Nice hoe staat het met de klachten nu ?

Er is jammer genoeg nog niets veranderd.. In de oorspronkelijke topic (link staat in het begin van deze thread) zijn we wel al iets verder gevorderd en een probleem op het spoor. Volgens mij is de spyware van deze computer wel verwijderd, en is deze thread overbodig geworden. Juisterr, ik wil je alvast hartelijk bedanken voor je tijd en hulp!

Tristan

Graag gedaan hoor.