antivirus.startpagina.nl

Waarom wil malwarebytes niet werken

  • Anonymous avatar

    Betsie

    Wordt er niet goed van

    nu zie ik steeds een klein zwart scherm verschijnen en dan zegt die installatie mislukt.

  • Anonymous avatar

    Ben

    hallo Betsie

    Probeer dan een van de andere Rkill's

    http://www.bleepingcomputer.com/download/anti-virus/rkill

    Lukt dat niet gaan we wat anders proberen.

    Ben

    http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif

  • Anonymous avatar

    Betsie

    Hoi Ben

    vind het zo fijn hoe jullie mensen helpen echt TOP

    En ik heb ook de ander geprobeerd maar het lukt niet steeds verschijnt het dos-schermpje .

    Betsie

  • Anonymous avatar

    Ben

    hallo Betsie,

    Download combofix HIER

    Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,

    want Combofix wordt dagelijks geupdate.

    OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,

    schakel dan deze scanner uit en download Combofix opnieuw.

    Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

    Dubbelklik op Combofix.exe

    Volg de instructies, aanvaard de disclaimer.

    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

    Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.

    Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.

    Plaats deze log in je volgende post samen met een nieuw HijackThis logje.

    Ben

    http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif

  • Anonymous avatar

    Betsie

    Hoi Ben

    Even pauze gehad, Hoe kan ik mijn AVG uitschakelen en waar ?

    Betsie

  • Anonymous avatar

    Ben

    Hallo Betsie,

    Download AVG of AVAST (nog niet instaleren)

    Verwijder AVG 9 je heb toch al een verouderde versie !

    - Start

    - Configuratiescherm

    - Software

    - AVG verwijderen

    Als je tevreden bent met AVG download dan de nieuwe : http://download.cnet.com/AVG-Anti-Virus-Free-Edition-2012/3000-2239_4-10320142.html?part=dl-avg_free_us&subj=dl&tag=button&cdlPid=11014801

    AVG laat de laatste tijd nogal wat steekjes vallen dus mijn keus is AVAST(ook gratis) maar de keus is voor jou! http://www.avast.com/free-antivirus-download

    Scan daarna met combofix.

    Plaats daarna het Combo logje samen met een nieuw Hijack This logje.

    Na plaatsen logjes instaleer virusscanner weer.

    Ben

    http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif

  • Anonymous avatar

    Betsie

    Ben, nu begrijp ik het niet meer ik krijg bij het combofix een melding van je kan combofix niet hernoemen naar combofix(1)

    nu dit program heb ik nog nooit gehad en onder software zie ik ook de nieuwe nu niet staan .maar merk direct na zogenaamde install vliegt die weg.

    Ik volg alles precies op zoals je schrijft.

    Betsie

  • Anonymous avatar

    Ben

    Hallo Betsie,

    Verwijderen ComboFix, kopiëer het onderstaande commando met (Ctrl + C):

    Combofix /Uninstall (let op!!! de spatie voor /Uninstall)

    Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter

    http://www.emphyrio.be/images/SMUninstall_combofix.png

    En probeer Combofix op nieuw te installeren.

    Lukt het weer niet download dan de nieuwe viruscanner dan gaan we daarna verder.

    Ben

    http://2.bp.blogspot.com/_NAn8-ZItaHE/Scq3w6FaicI/AAAAAAAACVY/QqPkGy7EU7U/s320/school69.gif

  • Anonymous avatar

    Betsie

    oke ga ik doen ,toch heb ik nog even iets gedaan en wel de zoek exe

    hier is het logje nou je kan wel zeggen LOG

    hoop dat het niet verkeerd was en nu ga ik als de drommel het andere doen.

    ==================

    Zoek.exe by smeenk

    Updated 22-03-2011

    ==================

    Windows: Windows XP Professional Service Pack 3 (Build 2600)

    Internet Explorer: 8.0.6001.18702

    Memory (RAM): 2048 MB

    CPU Info: Intel(R) Pentium(R) 4 CPU 3.20GHz

    CPU Speed: 3198,3 MHz

    Sound Card: Realtek HD Audio output

    Display Adapters: NVIDIA GeForce 7300 LE | NetMeeting driver | RDPDD Chained DD

    Monitors: 1x; Plug en Play-monitor |

    Screen Resolution: 1024 X 768 - 32 bit

    Network: Network Present

    Network Adapters: Attansic L1 Gigabit Ethernet 10/100/1000Base-T Controller - Pakketplanner-minipoort

    CD / DVD Drives: G: Optiarc DVD RW AD-7173A

    Ports: COM1 LPT1

    Mouse: 3 Button Wheel Mouse Present

    Hard Disks: H: 465,8GB

    Hard Disks - Free: H: 435,5GB

    USB Controllers: 5 host controllers.

    Firewire (1394): 1 host controllers.

    Manufacturer *: American Megatrends Inc.

    Product Make *: System Product Name

    AC Power Status: OnLine

    BIOS Info: AT/AT COMPATIBLE | 09/05/06 | A M I - 9000605

    Time Zone: West-Europa (standaardtijd)

    Battery: No Battery

    Motherboard *: ASUSTeK Computer INC. P5L-VM 1394

    System Serial Number: System Serial Number

    Sun Java version: 1.6.0_26

    Country: Nederland

    Language: NLD

    Files recently created/modified:

    ======H:\WINDOWS====

    2011-08-03 19:08:40 737280 —-a-w- H:\WINDOWS\iun6002.exe

    ======H:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp====

    2011-09-01 17:59:30 3591008 —-a-w- H:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\setup.exe

    2011-08-31 16:02:36 40960 —-a-w- H:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\INST01.dll

    2011-08-31 15:55:25 53248 —-a-w- H:\DOCUME~1\GEBRUI~1\LOCALS~1\Temp\INST011.dll

    ======H:\WINDOWS\system32=====

    2011-08-16 20:22:36 73728 —-a-w- H:\WINDOWS\System32\javacpl.cpl

    2011-08-16 20:22:35 157472 —-a-w- H:\WINDOWS\System32\javaws.exe

    2011-08-16 20:22:35 145184 —-a-w- H:\WINDOWS\System32\javaw.exe

    2011-08-16 20:22:35 145184 —-a-w- H:\WINDOWS\System32\java.exe

    ======H:\WINDOWS\system32\drivers=====

    2011-09-01 18:05:55 41272 —-a-w- H:\WINDOWS\System32\drivers\mbamswissarmy.sys

    2011-09-01 18:05:52 22712 —-a-w- H:\WINDOWS\System32\drivers\mbam.sys

    ======H:\WINDOWS\Tasks======

    ======H:\WINDOWS\Temp======

    =======H:\Program Files=====

    2011-09-01 11:40:45 ——– d—–w- H:\Program Files\Malwarebytes' Anti-Malware

    2011-09-01 11:03:15 ——– d—–w- H:\Program Files\CCleaner

    2011-08-31 18:42:59 ——– d—–w- H:\Program Files\Emsisoft Anti-Malware

    2011-08-16 20:22:52 ——– d—–w- H:\Program Files\Common Files\Java

    2011-08-16 20:22:19 ——– d—–w- H:\Program Files\Java

    2011-08-03 19:08:39 ——– d—–w- H:\Program Files\Verjaardagen

    =======H:=====

    ======H:\Documents and Settings\Gebruiker\Application Data======

    2011-08-14 16:20:17 ——– d—–w- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    2011-08-13 22:55:04 ——– d—–w- H:\Documents and Settings\All Users\Application Data\clp

    2011-08-13 22:54:47 ——– d—–w- H:\Documents and Settings\All Users\Application Data\Common Toolkit Suite

    2011-08-13 22:54:41 ——– d—–w- H:\Documents and Settings\All Users\Application Data\Fighters

    2011-08-13 22:53:47 ——– d—–w- H:\Documents and Settings\Gebruiker\Application Data\Fighters

    ======H:\Documents and Settings\Gebruiker======

    ======H:\WINDOWS\Downloaded Program Files====

    =============

    ======H:==exe-files==

    2011-09-01 18:05:55 366640 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    2011-09-01 18:05:53 449584 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    2011-09-01 18:05:52 709968 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\unins000.exe

    2011-09-01 18:05:52 1047656 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    2011-09-01 17:59:30 3591008 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\setup.exe

    2011-09-01 14:04:39 98816 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\sed.exe

    2011-09-01 14:04:39 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\userinit.exe

    2011-09-01 14:04:39 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\nird\iexplore.exe

    2011-09-01 14:04:39 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\nircmd.exe

    2011-09-01 14:04:39 30720 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\nircmdc.exe

    2011-09-01 14:04:39 302187 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\proxycheck.exe

    2011-09-01 14:04:39 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\procs\iexplore.exe

    2011-09-01 14:04:39 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\procs\explorer.exe

    2011-09-01 14:04:39 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\pev.exe

    2011-09-01 14:04:39 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\h\iexplore.exe

    2011-09-01 14:04:39 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\h\explorer.exe

    2011-09-01 12:35:19 98816 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\sed.exe

    2011-09-01 12:35:19 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\userinit.exe

    2011-09-01 12:35:18 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\nird\iexplore.exe

    2011-09-01 12:35:18 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\nircmd.exe

    2011-09-01 12:35:18 30720 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\nircmdc.exe

    2011-09-01 12:35:18 302187 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\proxycheck.exe

    2011-09-01 12:35:18 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\procs\iexplore.exe

    2011-09-01 12:35:18 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\procs\explorer.exe

    2011-09-01 12:35:18 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\pev.exe

    2011-09-01 12:35:18 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\h\iexplore.exe

    2011-09-01 12:35:18 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\h\explorer.exe

    2011-09-01 12:27:21 98816 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\sed.exe

    2011-09-01 12:27:21 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\userinit.exe

    2011-09-01 12:27:21 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\nird\iexplore.exe

    2011-09-01 12:27:21 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\nircmd.exe

    2011-09-01 12:27:21 30720 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\nircmdc.exe

    2011-09-01 12:27:21 302187 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\proxycheck.exe

    2011-09-01 12:27:21 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\procs\iexplore.exe

    2011-09-01 12:27:21 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\procs\explorer.exe

    2011-09-01 12:27:21 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\pev.exe

    2011-09-01 12:27:21 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\h\iexplore.exe

    2011-09-01 12:27:21 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\h\explorer.exe

    2011-09-01 12:24:40 98816 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\sed.exe

    2011-09-01 12:24:40 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\userinit.exe

    2011-09-01 12:24:40 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\nird\iexplore.exe

    2011-09-01 12:24:40 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\nircmd.exe

    2011-09-01 12:24:40 30720 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\nircmdc.exe

    2011-09-01 12:24:40 302187 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\proxycheck.exe

    2011-09-01 12:24:40 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\procs\iexplore.exe

    2011-09-01 12:24:40 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\procs\explorer.exe

    2011-09-01 12:24:40 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\pev.exe

    2011-09-01 12:24:40 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\h\iexplore.exe

    2011-09-01 12:24:40 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\h\explorer.exe

    2011-09-01 12:22:15 98816 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\sed.exe

    2011-09-01 12:22:15 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\userinit.exe

    2011-09-01 12:22:14 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\nird\iexplore.exe

    2011-09-01 12:22:14 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\nircmd.exe

    2011-09-01 12:22:14 30720 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\nircmdc.exe

    2011-09-01 12:22:14 302187 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\proxycheck.exe

    2011-09-01 12:22:14 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\procs\iexplore.exe

    2011-09-01 12:22:14 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\procs\explorer.exe

    2011-09-01 12:22:14 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\pev.exe

    2011-09-01 12:22:14 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\h\iexplore.exe

    2011-09-01 12:22:14 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\h\explorer.exe

    2011-09-01 11:44:29 98816 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\sed.exe

    2011-09-01 11:44:29 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\userinit.exe

    2011-09-01 11:44:29 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\nird\iexplore.exe

    2011-09-01 11:44:29 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\nircmd.exe

    2011-09-01 11:44:29 30720 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\nircmdc.exe

    2011-09-01 11:44:29 302187 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\proxycheck.exe

    2011-09-01 11:44:29 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\procs\iexplore.exe

    2011-09-01 11:44:29 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\procs\explorer.exe

    2011-09-01 11:44:29 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\pev.exe

    2011-09-01 11:44:29 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\h\iexplore.exe

    2011-09-01 11:44:29 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\h\explorer.exe

    2011-09-01 11:42:00 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\userinit.exe

    2011-09-01 11:41:59 98816 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\sed.exe

    2011-09-01 11:41:59 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\nird\iexplore.exe

    2011-09-01 11:41:59 31232 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\nircmd.exe

    2011-09-01 11:41:59 30720 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\nircmdc.exe

    2011-09-01 11:41:59 302187 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\proxycheck.exe

    2011-09-01 11:41:59 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\procs\iexplore.exe

    2011-09-01 11:41:59 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\procs\explorer.exe

    2011-09-01 11:41:59 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\pev.exe

    2011-09-01 11:41:59 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\h\iexplore.exe

    2011-09-01 11:41:59 1536 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\h\explorer.exe

    2011-08-31 18:43:01 1153912 —-a-w- H:\Program Files\Emsisoft Anti-Malware\BlitzBlank.exe

    2011-08-31 18:43:00 5425064 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2start.exe

    2011-08-31 18:43:00 395168 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2updateproxy.exe

    2011-08-31 18:43:00 3775408 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2wizard.exe

    2011-08-31 18:43:00 3029208 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2service.exe

    2011-08-31 18:43:00 153504 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2scan.exe

    2011-08-31 18:42:59 3750776 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2HiJackFree.exe

    2011-08-31 18:42:59 3321232 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2guard.exe

    2011-08-31 18:42:59 1446824 —-a-w- H:\Program Files\Emsisoft Anti-Malware\unins000.exe

    2011-08-31 18:42:59 1260952 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2cmd.exe

    2011-08-31 16:07:56 149504 —-a-w- H:\Program Files\Filters\Xenofex 1-2\UNWISE.EXE

    2011-08-31 16:05:45 128608 —-a-w- H:\Program Files\Filters\Xenofex 2\UNWISE.EXE

    2011-08-27 19:40:44 347920 —-a-w- H:\Documents and Settings\Gebruiker\Mijn documenten\averzameltube\Alies\MicrosoftFixit.IEPerformance.Run.exe

    ===H:=other files==

    2011-09-01 18:05:55 521264 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll

    2011-09-01 18:05:55 46416 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll

    2011-09-01 18:05:55 41272 —-a-w- H:\WINDOWS\system32\drivers\mbamswissarmy.sys

    2011-09-01 18:05:55 2224176 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll

    2011-09-01 18:05:55 174128 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\mbam.dll

    2011-09-01 18:05:52 79408 —-a-w- H:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

    2011-09-01 18:05:52 22712 —-a-w- H:\WINDOWS\system32\drivers\mbam.sys

    2011-09-01 14:04:39 68 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\prep.bat

    2011-09-01 14:04:39 5080 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\rkill.bat

    2011-09-01 14:04:39 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX6\procs\iexplore.com

    2011-09-01 12:35:18 68 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\prep.bat

    2011-09-01 12:35:18 5080 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\rkill.bat

    2011-09-01 12:35:18 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX5\procs\iexplore.com

    2011-09-01 12:27:21 5080 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\rkill.bat

    2011-09-01 12:27:21 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\procs\iexplore.com

    2011-09-01 12:27:20 68 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX4\prep.bat

    2011-09-01 12:24:40 68 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\prep.bat

    2011-09-01 12:24:40 5080 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\rkill.bat

    2011-09-01 12:24:40 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX3\procs\iexplore.com

    2011-09-01 12:22:14 68 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\prep.bat

    2011-09-01 12:22:14 5080 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\rkill.bat

    2011-09-01 12:22:14 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX2\procs\iexplore.com

    2011-09-01 11:44:29 68 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\prep.bat

    2011-09-01 11:44:29 5080 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\rkill.bat

    2011-09-01 11:44:29 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX1\procs\iexplore.com

    2011-09-01 11:41:59 68 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\prep.bat

    2011-09-01 11:41:59 5080 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\rkill.bat

    2011-09-01 11:41:59 255488 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\RarSFX0\procs\iexplore.com

    2011-08-31 18:43:09 167560 —-a-w- H:\Program Files\Emsisoft Anti-Malware\vdbupdate.dll

    2011-08-31 18:43:08 7207104 —-a-w- H:\Program Files\Emsisoft Anti-Malware\t3.dll

    2011-08-31 18:43:01 85800 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2accx64.sys

    2011-08-31 18:43:01 79080 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2dix64.dll

    2011-08-31 18:43:01 73728 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2accx86.sys

    2011-08-31 18:43:01 73104 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2core64.dll

    2011-08-31 18:43:01 63792 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2core32.dll

    2011-08-31 18:43:01 48216 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2dix64.sys

    2011-08-31 18:43:01 41928 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2dix86.sys

    2011-08-31 18:43:01 309144 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2contmenu64.dll

    2011-08-31 18:43:01 2546080 —-a-w- H:\Program Files\Emsisoft Anti-Malware\engine.dll

    2011-08-31 18:43:01 234904 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2contmenu.dll

    2011-08-31 18:43:01 226696 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2wsc.dll

    2011-08-31 18:43:01 220912 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2hooks64.dll

    2011-08-31 18:43:01 213696 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll

    2011-08-31 18:43:01 14720 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2util64.sys

    2011-08-31 18:43:01 131072 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2acc.dll

    2011-08-31 18:43:01 129544 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2dix86.dll

    2011-08-31 18:43:01 11776 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2util32.sys

    2011-08-31 18:43:00 581024 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2mor.dll

    2011-08-31 18:43:00 2914720 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2update.dll

    2011-08-31 18:42:59 1704360 —-a-w- H:\Program Files\Emsisoft Anti-Malware\a2framework.dll

    2011-08-31 16:05:45 1433600 —-a-w- H:\Program Files\Filters\Xenofex 2\Xenofex 2 Core.dll

    2011-08-31 16:02:36 40960 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\INST01.dll

    2011-08-31 15:55:25 53248 —-a-w- H:\Documents and Settings\Gebruiker\Local Settings\Temp\INST011.dll

    2011-08-28 19:49:04 733 —-a-w- H:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityInternetExplorer1.zip

    2011-08-28 15:45:02 187759828 —-a-w- H:\Documents and Settings\Gebruiker\Mijn documenten\E PUBS boeken\w1112131415.rar

    2011-08-28 14:44:40 19622879 —-a-w- H:\Documents and Settings\Gebruiker\Mijn documenten\Downloading\w16.rar

    2011-08-28 14:41:12 13609140 —-a-w- H:\Documents and Settings\Gebruiker\Mijn documenten\E PUBS boeken\evdjeugd.rar

    ==================

    “Silent Runners.vbs”, revision 63, http://www.silentrunners.org/

    Output limited to non-default values, except where indicated by “{++}”

    Startup items buried in registry:

    ———————————

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

    “MSMSGS” = “”H:\Program Files\Messenger\msmsgs.exe“ /background”

    “Verjaardagen” = “H:\Program Files\Verjaardagen\Verjaardagen.exe auto”

    “ctfmon.exe” = “H:\WINDOWS\system32\ctfmon.exe”

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    “RTHDCPL” = “RTHDCPL.EXE”

    “Alcmtr” = “ALCMTR.EXE”

    “ehTray” = “H:\WINDOWS\ehome\ehtray.exe”

    “NvMediaCenter” = “RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit”

    “Corel File Shell Monitor” = “H:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe”

    “Adobe Reader Speed Launcher” = “”H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe“”

    “Adobe ARM” = “”H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe“”

    “a-squared” = “”H:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe“ /d=60”

    “NvCplDaemon” = “RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup”

    “Corel Photo Downloader” = “”H:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe“ -startup”

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

    “Malwarebytes' Anti-Malware” = “H:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent”

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = “AcroIEHelperStub”

    -> {HKLM…CLSID} = “Adobe PDF Link Helper”

    \InProcServer32\(Default) = “H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll”

    {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)

    -> {HKLM…CLSID} = “Java™ Plug-In 2 SSV Helper”

    \InProcServer32\(Default) = “H:\Program Files\Java\jre6\bin\jp2ssv.dll”

    {E7E6F031-17CE-4C07-BC86-EABFE594F69C}\(Default) = “JQSIEStartDetectorImpl”

    -> {HKLM…CLSID} = “JQSIEStartDetectorImpl Class”

    \InProcServer32\(Default) = “H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll”

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Configuratiescherm-uitbreiding Beeldscherm-panning”

    -> {HKLM…CLSID} = “Configuratiescherm-uitbreiding Beeldscherm-panning”

    \InProcServer32\(Default) = “deskpan.dll”

    “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal-pictogramuitbreiding”

    -> {HKLM…CLSID} = “HyperTerminal Icon Ext”

    \InProcServer32\(Default) = “H:\WINDOWS\system32\hticons.dll”

    “{A70C977A-BF00-412C-90B7-034C51DA2439}” = “NvCpl DesktopContext Class”

    -> {HKLM…CLSID} = “DesktopContext Class”

    \InProcServer32\(Default) = “H:\WINDOWS\system32\nvcpl.dll”

    “{1CDB2949-8F65-4355-8456-263E7C208A5D}” = “Desktop Explorer”

    -> {HKLM…CLSID} = “Desktop Explorer”

    \InProcServer32\(Default) = “H:\Program Files\NVIDIA Corporation\nView\nvshell.dll”

    “{1E9B04FB-F9E5-4718-997B-B8DA88302A47}” = “Desktop Explorer Menu”

    -> {HKLM…CLSID} = (no title provided)

    \InProcServer32\(Default) = “H:\Program Files\NVIDIA Corporation\nView\nvshell.dll”

    “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}” = “nView Desktop Context Menu”

    -> {HKLM…CLSID} = “nView Desktop Context Menu”

    \InProcServer32\(Default) = “H:\Program Files\NVIDIA Corporation\nView\nvshell.dll”

    “{FFB699E0-306A-11d3-8BD1-00104B6F7516}” = “Play on my TV helper”

    -> {HKLM…CLSID} = “NVIDIA CPL Extension”

    \InProcServer32\(Default) = “H:\WINDOWS\system32\nvcpl.dll”

    “{97090E2F-3062-4459-855B-014F0D3CDBB1}” = “Windows Search Deskbar”

    -> {HKCU…CLSID} = “Windows Search Bureaubalk”

    \InProcServer32\(Default) = “H:\Program Files\Windows Desktop Search\deskbar.dll”

    -> {HKLM…CLSID} = “Windows Search Deskbar”

    \InProcServer32\(Default) = “H:\Program Files\Windows Desktop Search\deskbar.dll”

    “{13E7F612-F261-4391-BEA2-39DF4F3FA311}” = “Windows Desktop Search”

    -> {HKLM…CLSID} = “Windows Desktop Search”

    \InProcServer32\(Default) = “H:\Program Files\Windows Desktop Search\msnlExt.dll”

    “{E0D79304-84BE-11CE-9641-444553540000}” = “WinZip”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    “{E0D79305-84BE-11CE-9641-444553540000}” = “WinZip”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    “{E0D79306-84BE-11CE-9641-444553540000}” = “WinZip”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    “{E0D79307-84BE-11CE-9641-444553540000}” = “WinZip”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    “{B41DB860-8EE4-11D2-9906-E49FADC173CA}” = “WinRAR shell extension”

    -> {HKLM…CLSID} = “WinRAR”

    \InProcServer32\(Default) = “H:\Program Files\WinRAR\rarext.dll”

    “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”

    -> {HKLM…CLSID} = “Outlook File Icon Extension”

    \InProcServer32\(Default) = “H:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL”

    “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”

    -> {HKLM…CLSID} = “Microsoft Office Outlook”

    \InProcServer32\(Default) = “H:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL”

    “{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}” = “Microsoft Office Metadata Handler”

    -> {HKLM…CLSID} = “Microsoft Office Metadata Handler”

    \InProcServer32\(Default) = “H:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll”

    “{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}” = “Microsoft Office Thumbnail Handler”

    -> {HKLM…CLSID} = “Microsoft Office Thumbnail Handler”

    \InProcServer32\(Default) = “H:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll”

    “{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}” = “PhotoToys”

    -> {HKLM…CLSID} = (no title provided)

    \InProcServer32\(Default) = “H:\WINDOWS\system32\phototoys.dll”

    “{AB77609F-2178-4E6F-9C4B-44AC179D937A}” = “a-squared Anti-Malware Shell Extension”

    -> {HKLM…CLSID} = “a-squared Anti-Malware Shell Extension”

    \InProcServer32\(Default) = “H:\Program Files\Emsisoft Anti-Malware\a2contmenu.dll”

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    <> “{56F9679E-7826-4C84-81F3-532071A8BCC5}” = (no title provided)

    -> {HKLM…CLSID} = “Windows Desktop Search Namespace Manager”

    \InProcServer32\(Default) = “H:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll”

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

    “WPDShServiceObj” = “{AAA288BA-9A4C-45B0-95D7-94D524869DB5}”

    -> {HKLM…CLSID} = “WPDShServiceObj Class”

    \InProcServer32\(Default) = “H:\WINDOWS\system32\wpdshserviceobj.dll”

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

    <> ms-help\CLSID = “{314111c7-a502-11d2-bbca-00c04f8ec294}”

    -> {HKLM…CLSID} = “HxProtocol Class”

    \InProcServer32\(Default) = “H:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll”

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

    -> {HKLM…CLSID} = “WinRAR”

    \InProcServer32\(Default) = “H:\Program Files\WinRAR\rarext.dll”

    WinZip\(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

    a-squared Anti-Malware Shell Extension\(Default) = “{AB77609F-2178-4E6F-9C4B-44AC179D937A}”

    -> {HKLM…CLSID} = “a-squared Anti-Malware Shell Extension”

    \InProcServer32\(Default) = “H:\Program Files\Emsisoft Anti-Malware\a2contmenu.dll”

    MBAMShlExt\(Default) = “{57CE581A-0CB6-4266-9CA0-19364C90A0B3}”

    -> {HKLM…CLSID} = “MBAMShlExt Class”

    \InProcServer32\(Default) = “H:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll”

    {C95FFEAE-A32E-4122-A5C4-49B5BFB69795}\(Default) = “{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}”

    -> {HKLM…CLSID} = “Adobe Drive CS4”

    \InProcServer32\(Default) = “H:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll”

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

    FolderHighlight\(Default) = “{6EFE4D50-7184-4501-ACFD-FA140104CE1E}”

    -> {HKLM…CLSID} = “FolderHighlight Shell Extension”

    \InProcServer32\(Default) = “H:\Program Files\FolderHighlight\folderhighlight.dll”

    WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

    -> {HKLM…CLSID} = “WinRAR”

    \InProcServer32\(Default) = “H:\Program Files\WinRAR\rarext.dll”

    WinZip\(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

    WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

    -> {HKLM…CLSID} = “WinRAR”

    \InProcServer32\(Default) = “H:\Program Files\WinRAR\rarext.dll”

    WinZip\(Default) = “{E0D79305-84BE-11CE-9641-444553540000}”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    00nView\(Default) = “{1E9B04FB-F9E5-4718-997B-B8DA88302A48}”

    -> {HKLM…CLSID} = “nView Desktop Context Menu”

    \InProcServer32\(Default) = “H:\Program Files\NVIDIA Corporation\nView\nvshell.dll”

    NvCplDesktopContext\(Default) = “{A70C977A-BF00-412C-90B7-034C51DA2439}”

    -> {HKLM…CLSID} = “DesktopContext Class”

    \InProcServer32\(Default) = “H:\WINDOWS\system32\nvcpl.dll”

    {C95FFEAE-A32E-4122-A5C4-49B5BFB69795}\(Default) = “{C95FFEAE-A32E-4122-A5C4-49B5BFB69795}”

    -> {HKLM…CLSID} = “Adobe Drive CS4”

    \InProcServer32\(Default) = “H:\Program Files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll”

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = “PDF Column Info”

    -> {HKLM…CLSID} = “PDF Shell Extension”

    \InProcServer32\(Default) = “H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll”

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    a-squared Anti-Malware Shell Extension\(Default) = “{AB77609F-2178-4E6F-9C4B-44AC179D937A}”

    -> {HKLM…CLSID} = “a-squared Anti-Malware Shell Extension”

    \InProcServer32\(Default) = “H:\Program Files\Emsisoft Anti-Malware\a2contmenu.dll”

    MBAMShlExt\(Default) = “{57CE581A-0CB6-4266-9CA0-19364C90A0B3}”

    -> {HKLM…CLSID} = “MBAMShlExt Class”

    \InProcServer32\(Default) = “H:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll”

    WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

    -> {HKLM…CLSID} = “WinRAR”

    \InProcServer32\(Default) = “H:\Program Files\WinRAR\rarext.dll”

    WinZip\(Default) = “{E0D79304-84BE-11CE-9641-444553540000}”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

    WinRAR\(Default) = “{B41DB860-8EE4-11D2-9906-E49FADC173CA}”

    -> {HKLM…CLSID} = “WinRAR”

    \InProcServer32\(Default) = “H:\Program Files\WinRAR\rarext.dll”

    WinZip\(Default) = “{E0D79305-84BE-11CE-9641-444553540000}”

    -> {HKLM…CLSID} = “WinZip”

    \InProcServer32\(Default) = “H:\Program Files\WinZip\wzshlstb.dll”

    Group Policies {GPedit.msc branch and setting}:

    ———————————————–

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\

    “LowRiskFileTypes” = (REG_SZ) .zip;.rar;.nfo;.txt;.exe;.bat;.com;.cmd;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mpg;.mpeg;.mov;.mp3;.m3u;.wav;

    {unrecognized setting}

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

    “SaveZoneInformation” = (REG_DWORD) dword:0x00000001

    {User Configuration|Administrative Templates|Windows Components|Attachment Manager|

    Do not preserve zone information in file attachments}

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    “NoStartBanner” = (REG_DWORD) dword:0x00000001

    {Remove “Click here to begin” from Start button}

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    “disableregistrytools” = (REG_DWORD) dword:0x00000000

    {User Configuration|Administrative Templates|System|

    Prevent access to registry editing tools}

    HKCU\Software\Policies\Microsoft\Windows\System\

    “disablecmd” = (REG_DWORD) dword:0x00000000

    {User Configuration|Administrative Templates|System|

    Disable the command prompt}

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    “InstallVisualStyle” = (REG_EXPAND_SZ) H:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

    {unrecognized setting}

    “InstallTheme” = (REG_EXPAND_SZ) H:\WINDOWS\Resources\Themes\Royale.theme

    {unrecognized setting}

    Active Desktop and Wallpaper:

    —————————–

    Active Desktop may be disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

    “Wallpaper” = “H:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

    HKCU\Control Panel\Desktop\

    “Wallpaper” = “H:\Documents and Settings\Gebruiker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”

    Enabled Screen Saver:

    ———————

    HKCU\Control Panel\Desktop\

    “SCRNSAVE.EXE” = “H:\WINDOWS\system32\yowindow.scr”

    Windows Portable Device AutoPlay Handlers

    —————————————–

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    BridgeCS4ImportMediaOnArrival\

    “Provider” = “Adobe Bridge CS4”

    “InvokeProgID” = “Adobe.adobebridgeCS4”

    “InvokeVerb” = “launch”

    HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS4\shell\launch\command\(Default) = “H:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe -v %1”

    BridgeCS4NonVolumeHandler\

    “Provider” = “Adobe Bridge CS4”

    “ProgID” = “Adobe.adobebridgeMTP_1”

    HKLM\SOFTWARE\Classes\Adobe.adobebridgeMTP_1\CLSID\(Default) = “{1E6C711B-6D70-4a65-8AB6-745DC19BE2A6}”

    -> {HKLM…CLSID} = “Adobe Bridge CS4”

    \LocalServer32\(Default) = “H:\Program Files\Adobe\Adobe Bridge CS4\bridgeproxy.exe -m”

    Corel Paint Shop Pro Photo X2ShowPicturesOnArrivalHandler\

    “Provider” = “Corel Paint Shop Pro Photo X2”

    “InvokeProgID” = “PaintShopProPhotoX2.Image”

    “InvokeVerb” = “Bekijken”

    HKLM\SOFTWARE\Classes\PaintShopProPhotoX2.Image\shell\Bekijken\command\(Default) = “”H:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe“ /Review ”%1“”

    EHomeMusicDropTarget\

    “Provider” = “Media Center”

    “InvokeProgID” = “EHomeDropTarget.EHomeMusicDropTarget”

    “InvokeVerb” = “play”

    HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = “{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}”

    -> {HKLM…CLSID} = “EHomeMusicDropTarget Class”

    \InProcServer32\(Default) = “H:\WINDOWS\eHome\ehdrop.dll”

    EHomePhotosHandler\

    “Provider” = “Media Center”

    “InvokeProgID” = “EHomeDropTarget.EHomePhotosHandler”

    “InvokeVerb” = “play”

    HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = “{4b7601c1-d292-4902-89f4-583a5ce0c535}”

    -> {HKLM…CLSID} = “EHomePhotosHandler Class”

    \InProcServer32\(Default) = “H:\WINDOWS\eHome\ehdrop.dll”

    EHomeVideoDropTarget\

    “Provider” = “Media Center”

    “InvokeProgID” = “EHomeDropTarget.EHomeVideoDropTarget”

    “InvokeVerb” = “play”

    HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = “{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}”

    -> {HKLM…CLSID} = “EHomeVideoDropTarget Class”

    \InProcServer32\(Default) = “H:\WINDOWS\eHome\ehdrop.dll”

    EHomeVideosHandler\

    “Provider” = “Media Center”

    “InvokeProgID” = “EHomeDropTarget.EHomeVideosHandler”

    “InvokeVerb” = “play”

    HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = “{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}”

    -> {HKLM…CLSID} = “EHomeVideosHandler Class”

    \InProcServer32\(Default) = “H:\WINDOWS\eHome\ehdrop.dll”

    HPS10535-38\

    “Provider” = “ALDI Print Software”

    “InvokeProgID” = “HPS10535-38.BestShow”

    “InvokeVerb” = “import”

    HKLM\SOFTWARE\Classes\HPS10535-38.BestShow\shell\import\command\(Default) = “”H:\Program Files\ALDI\ALDI Print Software\ALDI Print Software.exe“ ”-i %L“”

    HPS18155-38\

    “Provider” = “ALDI Bestelsoftware”

    “InvokeProgID” = “HPS18155-38.BestShow”

    “InvokeVerb” = “import”

    HKLM\SOFTWARE\Classes\HPS18155-38.BestShow\shell\import\command\(Default) = “”H:\Program Files\ALDI\ALDI Bestelsoftware\ALDI Bestelsoftware.exe“ ”-i %L“”

    MSWPDShellNamespaceHandler\

    “Provider” = “@%SystemRoot%\System32\WPDShextRes.dll,-501”

    “CLSID” = “{A55803CC-4D53-404c-8557-FD63DBA95D24}”

    “InitCmdLine” = “ ”

    -> {HKLM…CLSID} = “WPDShextAutoplay”

    \LocalServer32\(Default) = “H:\WINDOWS\system32\WPDShextAutoplay.exe”

    NeroAutoPlay2AudioToNeroDigital\

    “Provider” = “Nero Burning ROM”

    “InvokeProgID” = “Nero.AutoPlay2”

    “InvokeVerb” = “PlayCDAudioOnArrival_AudioToNeroDigital”

    NeroAutoPlay2CDAudio\

    “Provider” = “Nero Express”

    “InvokeProgID” = “Nero.AutoPlay2”

    “InvokeVerb” = “HandleCDBurningOnArrival_CDAudio”

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = “H:\Program Files\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L”

    NeroAutoPlay2CopyCD\

    “Provider” = “Nero Express”

    “InvokeProgID” = “Nero.AutoPlay2”

    “InvokeVerb” = “PlayCDAudioOnArrival_CopyCD”

    NeroAutoPlay2DataDisc\

    “Provider” = “Nero Express”

    “InvokeProgID” = “Nero.AutoPlay2”

    “InvokeVerb” = “HandleCDBurningOnArrival_DataDisc”

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = “H:\Program Files\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L”

    NeroAutoPlay2LaunchNeroStartSmart\

    “Provider” = “Nero StartSmart”

    “InvokeProgID” = “Nero.AutoPlay2”

    “InvokeVerb” = “HandleCDBurningOnArrival_LaunchNeroStartSmart”

    HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = “H:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L”

    NeroAutoPlay2RipCD\

    “Provider” = “Nero Burning ROM”

    “InvokeProgID” = “Nero.AutoPlay2”

    “InvokeVerb” = “PlayCDAudioOnArrival_RipCD”

    PDVDPlayCDAudioOnArrival\

    “Provider” = “PowerDVD”

    “InvokeProgID” = “AudioCD”

    “InvokeVerb” = “PlayWithPowerDVD”

    HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD\Command\(Default) = “”H:\Program Files\CyberLink\PowerDVD\PowerDVD.exe“ ”%L“”

    PDVDPlayDVDMovieOnArrival\

    “Provider” = “PowerDVD”

    “InvokeProgID” = “DVD”

    “InvokeVerb” = “PlayWithPowerDVD”

    HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD\Command\(Default) = “”H:\Program Files\CyberLink\PowerDVD\PowerDVD.exe“ ”%l“”

    PDVDPlayVCDMovieOnArrival\

    “Provider” = “PowerDVD”

    “InvokeProgID” = “VCD”

    “InvokeVerb” = “PlayWithPowerDVD”

    HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD\Command\(Default) = “”H:\Program Files\CyberLink\PowerDVD\PowerDVD.exe“ ”%l“”

    Startup items in “Gebruiker” & “All Users” startup folders:

    ———————————————————–

    H:\Documents and Settings\Gebruiker\Menu Start\Programma's\Opstarten

    “Filters Unlimited Help” -> shortcut to: “H:\Program Files\Filters\FiltersUnlimited.hlp”

    “Important Information” -> shortcut to: “H:\Program Files\Filters\readme.txt”

    “Language Reference” -> shortcut to: “H:\Program Files\Filters\Reference.hlp”

    “Software License” -> shortcut to: “H:\Program Files\Filters\license.txt”

    “YoWindow” -> shortcut to: “H:\Program Files\YoWindow\yowindow.exe -mt”

    H:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

    “Windows Search” -> shortcut to: “H:\Program Files\Windows Desktop Search\WindowsSearch.exe /startup”

    “WinZip Quick Pick” -> shortcut to: “H:\Program Files\WinZip\WZQKPICK.EXE”

    Enabled Scheduled Tasks:

    ————————

    “GoogleUpdateTaskMachineCore” -> launches: “H:\Program Files\Google\Update\GoogleUpdate.exe /c”

    “GoogleUpdateTaskMachineUA” -> launches: “H:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler”

    Winsock2 Service Provider DLLs:

    ——————————-

    Namespace Service Providers

    000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll”

    000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll”

    000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll”

    Transport Service Providers

    %SystemRoot%\system32\mswsock.dll , 01 - 03, 06 - 13

    %SystemRoot%\system32\rsvpsp.dll , 04 - 05

    Toolbars, Explorer Bars, Extensions:

    ————————————

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\

    “MenuText” = “@xpsp3res.dll,-20001”

    “Exec” = “%windir%\Network Diagnostic\xpnetdiag.exe”

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\

    “ButtonText” = “Messenger”

    “MenuText” = “Windows Messenger”

    “Exec” = “H:\Program Files\Messenger\msmsgs.exe”

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ——————————————————————

    Emsisoft Anti-Malware 5.1 - Service, a2AntiMalware, “”H:\Program Files\Emsisoft Anti-Malware\a2service.exe“”

    Java Quick Starter, JavaQuickStarterService, “”H:\Program Files\Java\jre6\bin\jqs.exe“ -service -config ”H:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf“”

    Media Center Receiver Service, ehRecvr, “H:\WINDOWS\eHome\ehRecvr.exe”

    Media Center-taakplanner, ehSched, “H:\WINDOWS\eHome\ehSched.exe”

    NVIDIA Display Driver Service, NVSvc, “H:\WINDOWS\system32\nvsvc32.exe”

    ProtexisLicensing, ProtexisLicensing, “H:\WINDOWS\system32\PSIService.exe”

    Windows Search, WSearch, “H:\WINDOWS\system32\SearchIndexer.exe /Embedding”

    Safe Mode Drivers & Services (subkey name, subkey default value):

    —————————————————————–

    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

    <> PEVSystemStart, “Service”

    <> procexp90.Sys, “Driver”

    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

    <> PEVSystemStart, “Service”

    <> procexp90.Sys, “Driver”

  • Anonymous avatar

    Betsie

    Oke Ben

    ik heb dit uitgevoerd maar niets van combofix was aanwezig,dus ben ik overgegaan door avast erop te zetten en de scan te laten draaien ,er werdt niets gevonden.

    Betsie