Archief - virus op vaste pc

Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Q

Quickening-SOY

Legacy Member
Hey

Mijn vriendin haar pc doet raar, als hij opgestart is krijgt ze na een aantal seconden een zwart scherm met een duitse melding over "kinderporno" en een verzoek tot betaling van 100 euro.

ik heb haar hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:53:38, on 15/03/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\uTorrent\uTorrent.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe /reminder
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKLM\..\Policies\Explorer\Run: [38340] C:\PROGRA~2\LOCALS~1\Temp\msiilhw.bat
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: MSI Global - Computer, Laptop, Notebook, Desktop, Mainboard, Graphics and more
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 4857 bytes

en haar otl log

otl:
OTL logfile created on: 15/03/2012 23:05:48 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Lindsey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,55% Memory free
6,21 Gb Paging File | 4,89 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 455,06 Gb Free Space | 48,85% Space Free | Partition Type: NTFS
Drive D: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC_VAN_LINDSEY | User Name: Lindsey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/15 23:03:37 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsey\Desktop\OTL.com
PRC - [2012/03/15 22:28:21 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/03/15 22:28:21 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/10 04:11:20 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/07/16 09:47:37 | 000,639,352 | ---- | M] (BitTorrent, Inc.) -- C:\uTorrent\uTorrent.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/06 19:40:38 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/03/15 22:28:21 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/10 04:11:20 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/15 22:41:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/12/23 07:12:10 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/10 04:44:12 | 008,913,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/11/10 03:12:20 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/01/27 13:43:20 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\NTIOLib.sys -- (NTIOLib_1_0_8)
DRV - [2010/12/30 08:01:08 | 000,309,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/12/10 12:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/12/10 12:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/10/20 13:43:08 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - [2010/10/19 09:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R)
DRV - [2010/05/10 09:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009/11/18 00:12:00 | 000,024,664 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBfilt32.sys -- (MBfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1628193280-596075395-888391198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN | Hotmail | Messenger | Nieuws, sport, entertainment, video, lifestyle, auto en nog veel meer, dat is MSN !
IE - HKU\S-1-5-21-1628193280-596075395-888391198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-be
IE - HKU\S-1-5-21-1628193280-596075395-888391198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9D 2B A9 CD EE FE CC 01 [binary data]
IE - HKU\S-1-5-21-1628193280-596075395-888391198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1628193280-596075395-888391198-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1628193280-596075395-888391198-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1628193280-596075395-888391198-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 19:01:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/07/14 21:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindsey\AppData\Roaming\mozilla\Extensions
[2012/01/09 20:31:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/07/15 01:01:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/18 19:01:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/12 11:21:47 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 11:21:47 | 000,001,892 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
[2012/02/12 11:21:47 | 000,004,558 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
[2012/02/12 11:21:47 | 000,001,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files\MSI\Live Update 5\LU5.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1628193280-596075395-888391198-1000..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1628193280-596075395-888391198-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-1628193280-596075395-888391198-1000..\Run: [uTorrent] C:\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 38340 = C:\PROGRA~2\LOCALS~1\Temp\msiilhw.bat ()
O7 - HKU\S-1-5-21-1628193280-596075395-888391198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1628193280-596075395-888391198-1000\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1628193280-596075395-888391198-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1628193280-596075395-888391198-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.133 195.130.131.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29AD2F28-6B01-4331-9202-4BB336FC783E}: DhcpNameServer = 195.130.130.133 195.130.131.133
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lindsey\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lindsey\AppData\Roaming\Microsoft\Windows Photo Gallery\Bureaubladachtergrond van Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 23:03:37 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Lindsey\Desktop\OTL.com
[2012/03/15 22:52:48 | 000,000,000 | ---D | C] -- C:\Users\Lindsey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/03/15 22:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/15 22:40:53 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/15 22:40:53 | 000,000,000 | ---D | C] -- C:\Users\Lindsey\AppData\Roaming\Malwarebytes
[2012/03/15 22:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/15 22:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/15 22:40:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/15 22:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/15 22:39:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/15 22:28:25 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/03/15 22:26:15 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2012/03/15 22:26:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/03/15 22:26:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/03/15 22:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/03/15 22:26:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/03/15 22:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/03/15 22:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2012/03/15 16:28:52 | 000,000,000 | ---D | C] -- C:\Users\Lindsey\AppData\Roaming\kodak
[2012/03/15 16:28:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/03/10 20:58:43 | 000,000,000 | ---D | C] -- C:\Users\Lindsey\Desktop\gewenste haarkleur
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/15 23:03:37 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Lindsey\Desktop\OTL.com
[2012/03/15 23:01:25 | 000,002,527 | ---- | M] () -- C:\Users\Lindsey\Desktop\HiJackThis.lnk
[2012/03/15 23:00:05 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/15 22:58:59 | 000,676,950 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2012/03/15 22:58:59 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/15 22:58:59 | 000,129,980 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2012/03/15 22:58:59 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/15 22:41:13 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/03/15 22:40:46 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 22:28:25 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2012/03/15 22:26:22 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/03/15 22:15:07 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Panda ActiveScan Cleaner.lnk
[2012/03/15 22:10:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 22:10:23 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 22:10:23 | 000,001,042 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 22:10:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/15 22:10:18 | 3207,524,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/15 18:25:12 | 000,178,688 | ---- | M] () -- C:\Users\Lindsey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/15 22:52:48 | 000,002,527 | ---- | C] () -- C:\Users\Lindsey\Desktop\HiJackThis.lnk
[2012/03/15 22:40:46 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/15 22:26:22 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/03/15 22:15:07 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Panda ActiveScan Cleaner.lnk
[2011/12/25 12:57:17 | 000,001,896 | ---- | C] () -- C:\Windows\System32\install.ini
[2011/12/25 12:56:25 | 180,132,084 | ---- | C] () -- C:\Windows\System32\install.exe
[2011/12/25 12:56:21 | 004,224,177 | ---- | C] () -- C:\Windows\System32\autorun.exe
[2011/12/25 11:30:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/11/10 03:11:06 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011/11/09 22:39:44 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/11/09 22:39:32 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/10/21 20:30:14 | 000,243,168 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/09/08 19:42:51 | 000,096,256 | ---- | C] () -- C:\Windows\System32\Smackw32.dll
[2011/09/08 19:42:51 | 000,081,920 | ---- | C] () -- C:\Windows\System32\asr32311.dll
[2011/09/08 19:42:51 | 000,077,824 | ---- | C] () -- C:\Windows\System32\asr32312.dll
[2011/09/08 19:32:32 | 000,000,063 | ---- | C] () -- C:\Windows\HGSpeech.ini
[2011/09/04 14:48:23 | 000,178,688 | ---- | C] () -- C:\Users\Lindsey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 14:28:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/15 14:28:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/15 14:28:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/07/14 21:17:20 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/07/14 20:12:18 | 000,001,356 | ---- | C] () -- C:\Users\Lindsey\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/01/02 18:18:05 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\GetRightToGo
[2011/08/11 10:43:38 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\Origin
[2011/10/28 20:19:38 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\PlayFirst
[2011/10/30 13:25:14 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\RIFT
[2012/03/15 23:05:41 | 000,000,000 | ---D | M] -- C:\Users\Lindsey\AppData\Roaming\uTorrent
[2012/03/15 19:12:20 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
Q

Quickening-SOY

Legacy Member
verder heb ik ook nog haar otl extra log

otl extra log

OTL Extras logfile created on: 15/03/2012 23:05:48 - Run 1
OTL by OldTimer - Version 3.2.37.1 Folder = C:\Users\Lindsey\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy

2,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 49,55% Memory free
6,21 Gb Paging File | 4,89 Gb Available in Paging File | 78,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931,51 Gb Total Space | 455,06 Gb Free Space | 48,85% Space Free | Partition Type: NTFS
Drive D: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: PC_VAN_LINDSEY | User Name: Lindsey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1628193280-596075395-888391198-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F3F6B8-01E6-4BE5-9488-288CAD0958CC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0AAA6510-5708-447D-B5A3-314CD862DF84}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5247B838-1C7F-43AB-AD25-790A4A26650E}" = lport=139 | protocol=6 | dir=in | app=system |
"{528F2634-0D73-46E6-BE1B-3B17C0C7D567}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FE55164-EB43-48AE-BE3C-D7661CE6F7FB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{68726818-8BA1-46D0-8759-7DCBFF4035F4}" = rport=137 | protocol=17 | dir=out | app=system |
"{6EB540F2-1295-4279-B8E5-7C9B66B549D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A08F5C7-0DFB-44A1-8D75-B86762E9CE02}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E26F4B4-FAB8-4482-A2BE-CEC9DB168977}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7F877273-B847-44A0-8278-5E5512DB4A03}" = rport=138 | protocol=17 | dir=out | app=system |
"{92B06171-AF2A-4F71-B965-ABCB2CD46D54}" = lport=445 | protocol=6 | dir=in | app=system |
"{92BEC8C9-E3E2-4935-992F-B3FFA3C8661B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E9D55CA-B086-46D8-A83D-76DCA1688AC2}" = rport=139 | protocol=6 | dir=out | app=system |
"{AB040428-DF66-4081-B2D1-0F80CDCD8290}" = lport=137 | protocol=17 | dir=in | app=system |
"{AB0DABAB-4F0C-4552-8850-5C430D0560F5}" = lport=138 | protocol=17 | dir=in | app=system |
"{C316DE07-89F5-4196-AEB3-4637F3BC824C}" = rport=445 | protocol=6 | dir=out | app=system |
"{C3FB63B7-6D06-44BA-8A30-01DEB5F34833}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D6EBCC5D-7699-4B90-9B01-3A92A2768CA0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008914FF-1CFD-4038-952B-40DD4C1109AF}" = protocol=17 | dir=in | app=c:\utorrent\utorrent.exe |
"{01794B55-1AAC-4403-BA4D-9DDDDA28040F}" = protocol=1 | dir=out | [email protected],-28544 |
"{1E409640-4732-4D48-836A-3E0ED6DB3724}" = protocol=6 | dir=in | app=c:\utorrent\utorrent.exe |
"{37965CA8-BCC5-489E-90E2-6640ED38C4F9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5DBB4D84-B6C8-4555-8022-35BB9CCB4421}" = protocol=58 | dir=out | [email protected],-28546 |
"{7721CC2B-4A4B-4D9D-BB3C-E2CD58A8C7E1}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe |
"{7A8F3170-1C83-45DD-AD4A-FCFB0BDF62ED}" = protocol=17 | dir=in | app=c:\users\lindsey\appdata\local\apps\2.0\8v1m92np.h59\82zy682n.ml5\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\curseclient.exe |
"{9D81B156-86FB-4065-BA7B-7E2CE556BF79}" = protocol=58 | dir=in | [email protected],-28545 |
"{AE3069D0-61E4-4482-9B76-2E3C709D4DB0}" = dir=in | app=c:\games\allods online\bin\launcher.exe |
"{CA2595F8-762C-4774-BD6B-C16C1BFABD57}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.patch.exe |
"{D3730A66-FB2F-4CFA-90FE-D463071412A3}" = protocol=6 | dir=in | app=c:\users\lindsey\appdata\local\apps\2.0\8v1m92np.h59\82zy682n.ml5\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\curseclient.exe |
"{DAE14731-719D-432C-9EE7-C2B6C257056C}" = protocol=6 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"{E2B3C997-6748-44CA-8263-3711A1C904CF}" = protocol=1 | dir=in | [email protected],-28543 |
"{ECAA3DC4-B017-4A26-928D-52C139CBA5F2}" = protocol=17 | dir=in | app=c:\games\world of warcraft\launcher.exe |
"TCP Query User{26FA8CE9-9E20-4BE9-A4AA-6F74A087ADB6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{E160A1D3-B009-450C-9D37-4CC60A9B251E}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E5DF2-3F97-480B-89DA-F2D5E672E14A}_is1" = Live Update 5
"{065D77D3-44C7-4C90-86E8-5FDEA66D51FD}" = Travel Adventure
"{101738D7-D805-37A9-BB91-1F2C351782BF}" = Microsoft .NET Framework 3.5 Language Pack SP1 - nld
"{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{29778A23-2B6D-46E8-82C6-5B2484033344}" = Panda ActiveScan Cleaner
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6B091BE9-6D17-11D8-B6D6-00C04F4351FF}" = Vanzelfsprekend Frans 7.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A942958E-AF92-7901-861B-7F373A1B6ABA}" = AMD Catalyst Install Manager
"{AC76BA86-7AD7-1043-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Nederlands
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AstrumNival Allods" = Allods Online 2.0.06.42
"ATLANTIS 3" = ATLANTIS 3
"De verborgen tempel van Oom Ernest" = De verborgen tempel van Oom Ernest
"Denda Publishers Gourmania" = Gourmania
"DSJV1_is1" = Delaware St. John Volume 1: The Curse of Midnight Manor
"DSJV2_is1" = Delaware St. John Volume 2: The Town with No Name
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - nld" = Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Mozilla Firefox 10.0.2 (x86 nl)" = Mozilla Firefox 10.0.2 (x86 nl)
"Origin" = Origin
"QuickTime" = QuickTime
"Schizm - mysterious journey" = Schizm - mysterious journey
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WinRAR archiver" = WinRAR 4.10 beta 1 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1628193280-596075395-888391198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/03/2012 4:56:37 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 11/03/2012 13:17:10 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 12/03/2012 14:44:36 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 13/03/2012 16:31:09 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 14/03/2012 15:06:27 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2012 10:23:19 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2012 11:33:02 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2012 11:36:59 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2012 13:24:54 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

Error - 15/03/2012 17:12:01 | Computer Name = PC_van_Lindsey | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/08/2011 16:25:04 | Computer Name = PC_van_Lindsey | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 22:23:31 op 9/08/2011 is onverwacht
gebeurd.

Error - 13/08/2011 12:57:27 | Computer Name = PC_van_Lindsey | Source = Server | ID = 2505
Description = De server kan geen binding tot stand brengen met transport \Device\NetBT_Tcpip_{29AD2F28-6B01-4331-9202-4BB336FC783E}
omdat een andere computer op het netwerk dezelfde naam heeft. De server kan niet
worden gestart.

Error - 17/08/2011 13:36:44 | Computer Name = PC_van_Lindsey | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 28/08/2011 5:28:49 | Computer Name = PC_van_Lindsey | Source = Server | ID = 2505
Description = De server kan geen binding tot stand brengen met transport \Device\NetBT_Tcpip_{29AD2F28-6B01-4331-9202-4BB336FC783E}
omdat een andere computer op het netwerk dezelfde naam heeft. De server kan niet
worden gestart.

Error - 29/08/2011 13:21:32 | Computer Name = PC_van_Lindsey | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 4/09/2011 2:47:53 | Computer Name = PC_van_Lindsey | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 5/09/2011 10:48:09 | Computer Name = PC_van_Lindsey | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 16:46:21 op 5/09/2011 is onverwacht
gebeurd.

Error - 5/09/2011 14:47:14 | Computer Name = PC_van_Lindsey | Source = EventLog | ID = 6008
Description = De vorige afsluiting van het systeem om 20:45:45 op 5/09/2011 is onverwacht
gebeurd.

Error - 17/09/2011 13:24:28 | Computer Name = PC_van_Lindsey | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =

Error - 18/09/2011 7:41:57 | Computer Name = PC_van_Lindsey | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description =


< End of report >

alle logs zijn genomen met standaard instellingen
J

Juisterr

Legacy Member
Download ComboFix van één van deze locaties:

Link 1
Link 2


* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.



4de6eab6867f3-Combofix.JPG


1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Q

Quickening-SOY

Legacy Member
thanks

kan ik combofix vanuit veilige modus starten?

ik geraak in "normale" modus niet aan mijn bureaublad vanwege het andere scherm (allesvullend en alt tab werkt dan niet)

nog es bedankt
Het archief is een bevroren moment uit een vorige versie van dit forum, met andere regels en andere bazen. Deze posts weerspiegelen op geen enkele manier onze huidige ideeën, waarden of wereldbeelden en zijn op sommige plaatsen gecensureerd wegens ontoelaatbaar. Veel zijn in een andere tijdsgeest gemaakt, al dan niet ironisch - zoals in het ironische subforum Off-Topic - en zouden op dit moment niet meer gepost (mogen) worden. Toch bieden we dit archief nog graag aan als informatiedatabank en naslagwerk. Lees er hier meer over of start een gesprek met anderen.
Terug
Bovenaan