Archief - Windows 7-problemen, waarschijnlijk door virus (error code 0x80040154)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:02:21, on 18/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Program Files (x86)\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
F2 - REGystem.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe /applicationModeystemTray /showWelcome:false
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Google Calendar Sync.lnk = C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nb) (pr2ah4nb) - Unknown owner - C:\Windows\system32\pr2ah4nb.exe (file missing)
O23 - Service: DiRT Drivers Auto Removal (pr2ah4nc) (pr2ah4nc) - Unknown owner - C:\Windows\system32\pr2ah4nc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10849 bytes

Klik om te vergroten...

• Sluit alle openstaande vensters.
• Rechtsklik op AdwCleaner en selecteer als Administrator uitvoeren!
• Klik vervolgens op Delete.
• Klik bij AdwCleaner – Information op OK.
• Klik bij AdwCleaner – Restart Required op OK.
  

# AdwCleaner v1.801 - Logfile created 08/28/2012 at 19:45:49
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Pieter - GAME-PC
# Boot Mode : Normal
# Running from : C:\Users\Pieter\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Pieter\AppData\Local\Conduit
Folder Deleted : C:\Users\Pieter\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\hcq7pslh.default\ConduitCommon
Folder Deleted : C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\hcq7pslh.default\CT2865317
Folder Deleted : C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\hcq7pslh.default\extensions\{87775fdb-6972-41f9-ae51-8326e38cb206}
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2865317
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit

***** [Registre - GUID] *****

[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (nl)

Profile name : default
File : C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\hcq7pslh.default\prefs.js

Deleted : user_pref("CT2865317..clientLogIsEnabled", false);
Deleted : user_pref("CT2865317..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2865317..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2865317.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2865317.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2865317.CTID", "CT2865317");
Deleted : user_pref("CT2865317.CurrentServerDate", "28-8-2012");
Deleted : user_pref("CT2865317.DSInstall", false);
Deleted : user_pref("CT2865317.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2865317.DialogsGetterLastCheckTime", "Sun Aug 26 2012 14:12:17 GMT+0200 (Romance (zomer[...]
Deleted : user_pref("CT2865317.DownloadReferralCookieData", "");
Deleted : user_pref("CT2865317.EMailNotifierPollDate", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance (zomertijd)[...]
Deleted : user_pref("CT2865317.FeedLastCount5397019970362056034", 227);
Deleted : user_pref("CT2865317.FeedPollDate2429156812186649977", "Fri Jun 22 2012 20:09:53 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156813040823546", "Fri Jun 22 2012 20:09:51 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156813130095866", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156813224203613", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156813230837251", "Fri Jun 22 2012 20:09:53 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156813454291735", "Fri Jun 22 2012 20:09:53 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156813729834876", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156813860870021", "Fri Jun 22 2012 20:09:53 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156814264681793", "Fri Jun 22 2012 20:09:53 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156814863075366", "Fri Jun 22 2012 20:09:53 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedPollDate2429156815257761081", "Fri Jun 22 2012 20:09:51 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2865317.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2865317.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2865317.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2865317.FirstServerDate", "22-6-2012");
Deleted : user_pref("CT2865317.FirstTime", true);
Deleted : user_pref("CT2865317.FirstTimeFF3", true);
Deleted : user_pref("CT2865317.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2865317.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2865317.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2865317.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2865317.HPInstall", false);
Deleted : user_pref("CT2865317.HasUserGlobalKeys", true);
Deleted : user_pref("CT2865317.Initialize", true);
Deleted : user_pref("CT2865317.InitializeCommonPrefs", true);
Deleted : user_pref("CT2865317.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2865317.InstallationId", "fft70D0.tmp.exe");
Deleted : user_pref("CT2865317.InstallationType", "XPE");
Deleted : user_pref("CT2865317.InstalledDate", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance (zomertijd))");
Deleted : user_pref("CT2865317.IsGrouping", false);
Deleted : user_pref("CT2865317.IsInitSetupIni", true);
Deleted : user_pref("CT2865317.IsMulticommunity", false);
Deleted : user_pref("CT2865317.IsOpenThankYouPage", true);
Deleted : user_pref("CT2865317.IsOpenUninstallPage", false);
Deleted : user_pref("CT2865317.LanguagePackLastCheckTime", "Tue Aug 28 2012 17:45:58 GMT+0200 (Romance (zomert[...]
Deleted : user_pref("CT2865317.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2865317.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2865317.LastLogin_3.13.0.6", "Tue Jul 17 2012 17:12:37 GMT+0200 (Romance (zomertijd))")[...]
Deleted : user_pref("CT2865317.LastLogin_3.14.1.0", "Tue Aug 28 2012 17:45:58 GMT+0200 (Romance (zomertijd))")[...]
Deleted : user_pref("CT2865317.LastLogin_3.15.1.0", "Tue Aug 28 2012 19:33:17 GMT+0200 (Romance (zomertijd))")[...]
Deleted : user_pref("CT2865317.LatestVersion", "3.14.1.0");
Deleted : user_pref("CT2865317.Locale", "nl");
Deleted : user_pref("CT2865317.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2865317.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2865317.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2865317.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2865317.OriginalFirstVersion", "3.13.0.6");
Deleted : user_pref("CT2865317.SearchCaption", "uTorrentBar_NL Customized Web Search");
Deleted : user_pref("CT2865317.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2865317.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT286[...]
Deleted : user_pref("CT2865317.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2865317.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2865317.SearchInNewTabLastCheckTime", "Tue Aug 28 2012 17:45:58 GMT+0200 (Romance (zome[...]
Deleted : user_pref("CT2865317.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2865317.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2865317.ServiceMapLastCheckTime", "Tue Aug 28 2012 17:45:58 GMT+0200 (Romance (zomertij[...]
Deleted : user_pref("CT2865317.SettingsLastCheckTime", "Tue Aug 28 2012 17:45:57 GMT+0200 (Romance (zomertijd)[...]
Deleted : user_pref("CT2865317.SettingsLastUpdate", "1346143051");
Deleted : user_pref("CT2865317.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2865317&SearchSource=13");
Deleted : user_pref("CT2865317.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2865317.ThirdPartyComponentsLastCheck", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance (zo[...]
Deleted : user_pref("CT2865317.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2865317.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2865317.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2865317");
Deleted : user_pref("CT2865317.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2865317.UserID", "UN96096285642128685");
Deleted : user_pref("CT2865317.WeatherNetwork", "");
Deleted : user_pref("CT2865317.WeatherPollDate", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance (zomertijd))");
Deleted : user_pref("CT2865317.WeatherUnit", "C");
Deleted : user_pref("CT2865317.alertChannelId", "1257316");
Deleted : user_pref("CT2865317.autoDisableScopes", -1);
Deleted : user_pref("CT2865317.backendstorage.cbcountry_001", "4245");
Deleted : user_pref("CT2865317.backendstorage.cbfirsttime", "467269204A756E20323220323031322032303A30393A35332[...]
Deleted : user_pref("CT2865317.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2865317.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2865317.globalFirstTimeInfoLastCheckTime", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance [...]
Deleted : user_pref("CT2865317.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2865317.initDone", true);
Deleted : user_pref("CT2865317.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2865317.myStuffEnabled", true);
Deleted : user_pref("CT2865317.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2865317.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2865317.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2865317.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2865317.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2865317.revertSettingsEnabled", true);
Deleted : user_pref("CT2865317.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2865317.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2865317.testingCtid", "");
Deleted : user_pref("CT2865317.toolbarAppMetaDataLastCheckTime", "Tue Aug 28 2012 17:45:58 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.toolbarContextMenuLastCheckTime", "Fri Jun 22 2012 20:09:50 GMT+0200 (Romance ([...]
Deleted : user_pref("CT2865317.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2865317/CT2865317[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2865317", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2865317",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=nl", "\"f1c[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Pieter\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2865317");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2865317");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2865317");
Deleted : user_pref("CommunityToolbar.globalUserId", "8abd07b2-6b03-43da-a118-4c84761ea2be");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2865317");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jun 22 2012 20:09:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 20:09:53 GMT+0200 (R[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "98ee5388-a622-4f92-b80e-0388cb7f1016");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://mail.yahoo.com");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2865317&SearchSource=2&q=[...]

*************************

AdwCleaner[S1].txt - [13872 octets] - [28/08/2012 19:45:49]

########## EOF - C:\AdwCleaner[S1].txt - [14001 octets] ##########

Klik om te vergroten...

Juisterr zei:

Mooi, probeer combofix nog eens nu.

Klik om te vergroten...

ComboFix 12-11-13.02 - Pieter 13/11/2012 17:33:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8175.6716 [GMT 1:00]
Gestart vanuit: c:\users\Pieter\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\to_r0tsef.pad
c:\windows\SysWow64\tmp2E14.tmp
c:\windows\SysWow64\tmp2E15.tmp
c:\windows\SysWow64\tmpF843.tmp
c:\windows\SysWow64\tmpF844.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-13 to 2012-11-13 ))))))))))))))))))))))))))))))
.
.
2012-11-13 16:37 . 2012-11-13 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-13 16:19 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A8271D0-8554-47C4-B053-CA8A744B1D02}\mpengine.dll
2012-11-07 19:02 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-21 14:45 . 2012-10-21 14:45 -------- d-----w- c:\program files (x86)\SimBin
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-13 16:27 . 2009-08-18 10:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-13 16:27 . 2009-08-18 09:24 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-10-11 15:29 . 2012-04-03 15:02 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-11 15:29 . 2011-05-21 07:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2010-11-18 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 pr2ah4nb;DiRT Drivers Auto Removal (pr2ah4nb);c:\windows\system32\pr2ah4nb.exe svc [x]
R2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-10-01 302120]
S0 pe3ah4nb;DiRT Environment Driver (pe3ah4nb);c:\windows\system32\drivers\pe3ah4nb.sys [2007-07-19 72296]
S0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-05-18 72560]
S0 ps6ah4nb;DiRT Synchronization Driver (ps6ah4nb);c:\windows\system32\drivers\ps6ah4nb.sys [2007-07-19 102000]
S0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-05-18 77176]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 15368]
S1 WMDrive;WMDrive;c:\windows\SysWOW64\drivers\WMDrive.sys [2012-06-22 92536]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2010-11-01 62080]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-21 08:41 308736 ----a-w- c:\program files\WinMount\WinMTExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-28 11101800]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.130.131.132 195.130.130.4
FF - ProfilePath - c:\users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\hcq7pslh.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
Wow6432Node-HKCU-Run-zASRockInstantBoot - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-4024282988-3646476333-4183479418-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:75,ef,ce,41,38,ca,96,58,64,c2,76,f6,93,49,6c,e0,19,91,96,75,f7,bb,9c,
ec,36,95,a6,e1,4a,29,76,ae,2b,cf,fc,a3,88,5a,42,50,ec,5d,c6,9e,da,c8,64,3e,\
"??"=hex:a9,9f,dc,fa,91,a9,b7,bc,93,0a,9f,23,3f,a3,41,39
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-11-13 17:39:28
ComboFix-quarantined-files.txt 2012-11-13 16:39
.
Pre-Run: 303.459.258.368 bytes beschikbaar
Post-Run: 303.388.835.840 bytes beschikbaar
.
- - End Of File - - 4FDF94DED7A285796F7BFC30C7859705

Klik om te vergroten...

• Houd de linker CTRL toets ingedrukt en dubbelklik op "HitmanPro36.exe" om de "Force Breach" te starten en klik op "volgende" als HitmanPro de processen heeft geblokkeerd.
• Vink de optie "Ik accepteer de voorwaarden van de gebruikersovereenkomst aan" en klik op "Volgende"
• Klik in het setup scherm nu nogmaals op "Volgende", nu zal automatisch de scan starten, doe verder niets op de computer totdat de scan gereed is.
• Als de scan klaar is klik je op "volgende"
• Activeer nu de gratis licentie, hiermee kunt u 30 dagen gratis HitmanPro gebruiken en de gevonden infecties verwijderen.
• Note: indien u reeds eerder gebruik hebt gemaakt van de 30 dagen trial-versie van HitmanPro is het niet meer mogelijk om gratis de gevonden infecties te verwijderen.
• Als het verwijderen gereed is klik je onderin het scherm op "Save log" of "Logbestand opslaan" en sla deze op bijvoorbeeld het bureaublad op.
  Post dit logje.
• Klik nu op de knop "Herstarten".