Ga naar inhoud

pietervdb

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    100

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door pietervdb

  1. pietervdb
    ComboFix 11-07-02.03 - Admin 03/07/2011 9:24.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3948.2790 [GMT 2:00] Gestart vanuit: c:\users\Admin\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Admin\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))) . . 2011-07-03 07:29 . 2011-07-03 07:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-07-03 07:29 . 2011-07-03 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-29 12:23 . 2011-06-29 12:23 -------- d-----w- c:\users\AppData 2011-06-29 12:23 . 2011-06-29 12:23 -------- d-----w- c:\program files (x86)\free-downloads.net 2011-06-29 12:23 . 2011-06-29 12:23 -------- d-----w- c:\program files (x86)\Conduit 2011-06-29 12:23 . 2011-06-29 12:23 -------- d-----w- c:\program files (x86)\Alcohol Soft 2011-06-29 12:20 . 2011-06-29 12:20 834544 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-06-29 12:11 . 2006-09-28 14:05 3977496 ----a-w- c:\windows\system32\d3dx9_31.dll 2011-06-29 12:11 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\SysWow64\d3dx9_31.dll 2011-06-29 11:50 . 2011-06-29 12:28 -------- d-----w- c:\program files (x86)\Electronic Arts 2011-06-29 11:08 . 2011-06-29 11:08 -------- d-----w- c:\users\Gast 2011-06-29 09:21 . 2011-06-29 09:21 -------- d-----w- c:\program files (x86)\Microsoft Works 2011-06-29 09:18 . 2011-06-29 09:22 -------- d-----w- c:\programdata\Microsoft Help 2011-06-29 09:18 . 2011-06-29 09:18 -------- d-----r- C:\MSOCache 2011-06-29 08:11 . 2011-06-29 08:11 -------- d-----w- c:\program files (x86)\Google 2011-06-29 08:07 . 2011-06-29 08:07 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2011-06-29 08:07 . 2011-06-29 08:07 -------- d-----w- c:\windows\Sun 2011-06-29 08:06 . 2011-06-29 08:06 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-29 08:06 . 2011-06-29 08:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-06-29 08:06 . 2011-06-29 08:06 -------- d-----w- c:\program files (x86)\Java 2011-06-29 08:05 . 2011-06-29 08:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-06-29 08:00 . 2011-06-29 08:00 -------- d--h--w- c:\programdata\CanonBJ 2011-06-29 08:00 . 2009-07-14 01:40 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL 2011-06-28 08:11 . 2011-06-28 08:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-28 06:45 . 2011-06-29 09:21 -------- d-----w- c:\program files (x86)\Microsoft.NET 2011-06-27 16:19 . 2011-06-27 16:19 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2011-06-27 15:50 . 2011-06-27 15:50 -------- dc----w- c:\windows\system32\DRVSTORE 2011-06-27 15:50 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-06-27 15:50 . 2011-06-27 15:50 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2011-06-27 15:50 . 2011-06-27 15:50 -------- d-----w- c:\program files\Symantec 2011-06-27 15:50 . 2011-06-27 15:50 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-06-27 15:49 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2011-06-27 15:49 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2011-06-27 15:49 . 2011-06-27 15:49 -------- d-----w- c:\windows\system32\drivers\N360x64 2011-06-27 15:49 . 2011-06-27 15:49 -------- d-----w- c:\program files (x86)\Norton 360 2011-06-27 15:45 . 2011-06-27 15:45 -------- d-----w- c:\program files (x86)\NortonInstaller 2011-06-27 15:44 . 2011-06-27 15:51 -------- d-----w- c:\programdata\Norton 2011-06-16 13:58 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-10 19:07 . 2011-06-10 19:07 -------- d-----w- C:\003508781f61aaf9a0 2011-06-10 19:05 . 2011-06-10 19:05 -------- d-----w- c:\windows\SysWow64\Wat 2011-06-10 19:05 . 2011-06-10 19:05 -------- d-----w- c:\windows\system32\Wat 2011-06-10 18:20 . 2011-06-10 18:20 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2011-06-10 18:20 . 2011-06-10 18:20 -------- d-----w- c:\windows\system32\wbem\en-US 2011-06-10 17:48 . 2011-06-29 19:08 -------- d-----w- c:\programdata\clear.fi 2011-06-10 17:08 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-06-10 17:08 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-06-10 17:02 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2011-06-10 17:02 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2011-06-10 17:02 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2011-06-10 17:02 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2011-06-10 17:02 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2011-06-10 17:02 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2011-06-10 17:02 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-06-10 17:02 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2011-06-10 17:02 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2011-06-10 17:02 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-06-10 17:01 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2011-06-10 16:57 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-06-10 16:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-06-10 16:57 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-06-10 16:57 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-06-10 16:57 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll 2011-06-10 16:57 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll 2011-06-10 16:57 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-06-10 16:57 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-06-10 16:57 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2011-06-10 16:57 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-06-10 16:57 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-06-10 16:55 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-06-10 16:54 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-06-10 16:54 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll 2011-06-10 16:54 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-06-10 16:54 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-06-10 16:54 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-06-10 16:54 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-06-10 16:54 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll 2011-06-10 16:54 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2011-06-10 16:54 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2011-06-10 16:54 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2011-06-10 16:54 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2011-06-10 16:53 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-06-10 16:35 . 2011-06-10 16:35 -------- d---a-w- C:\book 2011-06-10 16:34 . 2011-06-10 16:34 -------- d-----w- c:\windows\nl 2011-06-10 16:34 . 2011-06-10 16:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2011-06-10 16:33 . 2011-06-27 21:09 -------- d-----w- c:\program files (x86)\Windows Live 2011-06-10 16:33 . 2011-06-10 16:33 -------- d-----w- c:\windows\PCHEALTH 2011-06-10 16:33 . 2011-06-10 16:33 -------- d-----w- c:\program files\Windows Live 2011-06-10 16:32 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-06-10 16:32 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-06-10 16:32 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-06-10 16:32 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-06-10 16:32 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2011-06-10 16:32 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll 2011-06-10 16:31 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-06-10 16:31 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll 2011-06-10 16:31 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll 2011-06-10 16:31 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll 2011-06-10 16:30 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2011-06-10 16:30 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-06-10 16:30 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL 2011-06-10 16:30 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-06-10 16:30 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll 2011-06-10 16:30 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll 2011-06-10 16:30 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll 2011-06-10 16:29 . 2011-06-10 16:29 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2011-06-10 16:27 . 2010-03-30 16:18 1803264 ----a-w- c:\programdata\Microsoft\OEMOffice14\Office14\PowerPoint.nl-nl\PowerPointMUI.msi 2011-06-10 16:12 . 2011-06-10 16:12 -------- d-----w- c:\program files\Acer Accessory Store 2011-06-10 16:12 . 2011-06-10 16:21 -------- d-----w- c:\users\Admin 2011-06-10 16:10 . 2011-06-10 16:10 -------- d-----w- C:\Recovery . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-10 16:33 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr . . ((((((((((((((((((((((((((((( SnapShot@2011-06-29_11.06.35 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-06-27 15:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-06-29 19:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-06-27 15:50 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-06-29 19:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-27 15:50 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-06-29 19:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-27 03:59 . 2011-06-29 19:05 36640 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-06-29 19:09 29960 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2011-03-03 08:09 . 2011-06-29 08:26 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-03-03 08:09 . 2011-06-29 11:10 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-03-03 08:09 . 2011-06-29 08:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-03-03 08:09 . 2011-06-29 11:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-06-29 08:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-06-29 11:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2011-06-30 05:14 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-07-14 04:46 . 2011-06-29 07:36 80352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2011-06-10 16:13 . 2011-06-29 19:09 5020 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1761514740-3234673199-2318220368-1001_UserData.bin - 2011-06-29 11:06 . 2011-06-29 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-07-03 07:30 . 2011-07-03 07:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-29 11:06 . 2011-06-29 11:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-07-03 07:30 . 2011-07-03 07:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-09-05 00:22 . 2008-09-05 00:22 447752 c:\windows\SysWOW64\vp6vfw.dll + 2011-06-18 14:55 . 2011-07-03 06:58 137274 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2011-06-10 19:04 . 2011-07-03 00:10 231132 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2011-03-03 07:22 . 2011-06-29 08:01 706116 c:\windows\system32\perfh013.dat + 2011-03-03 07:22 . 2011-06-29 18:58 706116 c:\windows\system32\perfh013.dat + 2009-07-14 02:36 . 2011-06-29 18:58 620150 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2011-06-29 08:01 620150 c:\windows\system32\perfh009.dat + 2011-03-03 07:22 . 2011-06-29 18:58 135886 c:\windows\system32\perfc013.dat - 2011-03-03 07:22 . 2011-06-29 08:01 135886 c:\windows\system32\perfc013.dat - 2009-07-14 02:36 . 2011-06-29 08:01 108332 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2011-06-29 18:58 108332 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2011-06-29 11:05 286892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-07-03 07:30 286892 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-06-29 12:21 . 2011-06-29 12:21 287660 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1761514740-3234673199-2318220368-501-8192.dat + 2011-06-27 15:48 . 2011-06-29 18:17 919772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1761514740-3234673199-2318220368-1001-12288.dat + 2011-06-29 12:12 . 2011-06-29 12:12 884736 c:\windows\assembly\tmp\AYE2GWUB\Microsoft.Web.Services3.dll - 2009-07-14 04:45 . 2011-06-28 06:42 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2011-06-29 12:24 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-06-10 19:09 . 2011-07-03 07:30 6846512 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1761514740-3234673199-2318220368-1001-8192.dat + 2006-12-02 05:09 . 2006-12-02 05:09 2818048 c:\windows\Installer\3cb511.msi - 2009-07-14 02:34 . 2011-06-29 09:20 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2011-07-03 09:22 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}] 2009-12-31 09:53 2349080 ----a-w- c:\program files (x86)\free-downloads.net\tbfree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files (x86)\free-downloads.net\tbfree.dll" [2009-12-31 2349080] . [HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-01-18 1028688] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-10 177448] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2009-07-14 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110701.051\IDSvia64.sys [2011-06-03 488056] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-01-18 313424] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-12 1997416] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232] S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x] S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x] S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x] S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-25 136824] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1098640 uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\umugsncg.default\ FF - prefs.js: browser.startup.homepage - hxxp://acer.msn.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: general.useragent.extra.brc - . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1761514740-3234673199-2318220368-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1761514740-3234673199-2318220368-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1761514740-3234673199-2318220368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74F66B09-BC15-92B1-C2BF-D74ED8680E6E}*] "hakgjbcgmnjokhmi"=hex:6a,61,69,62,6c,65,62,63,6d,61,62,6f,62,68,65,61,6e,69, 6b,68,00,d4 "iaeghbndhdkppganjl"=hex:6a,61,69,62,6c,65,62,63,6d,61,62,6f,62,68,65,61,6e,69, 6b,68,00,69 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Launch Manager\LMworker.exe c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe . ************************************************************************** . Voltooingstijd: 2011-07-03 12:06:13 - machine werd herstart ComboFix-quarantined-files.txt 2011-07-03 10:06 ComboFix2.txt 2011-06-29 11:10 . Pre-Run: 413.233.303.552 bytes beschikbaar Post-Run: 412.834.107.392 bytes beschikbaar . - - End Of File - - 68C5304914C1CFBF3F7174A7E631807D
  2. pietervdb
    Ik kan even niet goed op het internet, omdat de downloadlimiet overschreden is, dus daarom kan ik pas de 11 juli terug normaal op het internet
  3. pietervdb
    heeft er iemand nog andere suggesties, want het is een zeer storend probleem, het rare is da mijn broer zijn laptop geen problemen ondervind
  4. pietervdb
    ComboFix 11-06-29.02 - Admin 29/06/2011 13:00:26.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3948.2467 [GMT 2:00] Gestart vanuit: c:\users\Admin\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\Admin\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . /wow section - STAGE 50 Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. Het proces heeft geen toegang tot het bestand omdat het door een ander proces wordt gebruikt. Kan bestand LockedB niet vinden. Kan bestand lockedB niet vinden. .d.a.1.a.3.f.f. wordt niet herkend als een interne of externe opdracht, programma of batchbestand. .0.\\. wordt niet herkend als een interne of externe opdracht, programma of batchbestand. Kan bestand LockedB niet vinden. Kan bestand LockedB niet vinden. . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))) . . 2011-06-29 09:21 . 2011-06-29 09:21 -------- d-----w- c:\program files (x86)\Microsoft Works 2011-06-29 09:18 . 2011-06-29 09:22 -------- d-----w- c:\programdata\Microsoft Help 2011-06-29 09:18 . 2011-06-29 09:18 -------- d-----r- C:\MSOCache 2011-06-29 08:11 . 2011-06-29 08:11 -------- d-----w- c:\program files (x86)\Google 2011-06-29 08:07 . 2011-06-29 08:07 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2011-06-29 08:07 . 2011-06-29 08:07 -------- d-----w- c:\windows\Sun 2011-06-29 08:06 . 2011-06-29 08:06 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-29 08:06 . 2011-06-29 08:06 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-06-29 08:06 . 2011-06-29 08:06 -------- d-----w- c:\program files (x86)\Java 2011-06-29 08:05 . 2011-06-29 08:05 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2011-06-29 08:00 . 2011-06-29 08:00 -------- d--h--w- c:\programdata\CanonBJ 2011-06-29 08:00 . 2009-07-14 01:40 83968 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNBPP3.DLL 2011-06-28 08:11 . 2011-06-28 08:11 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-28 06:45 . 2011-06-29 09:21 -------- d-----w- c:\program files (x86)\Microsoft.NET 2011-06-27 16:19 . 2011-06-27 16:19 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2011-06-27 15:50 . 2011-06-27 15:50 -------- dc----w- c:\windows\system32\DRVSTORE 2011-06-27 15:50 . 2010-08-21 03:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2011-06-27 15:50 . 2011-06-27 15:50 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2011-06-27 15:50 . 2011-06-27 15:50 -------- d-----w- c:\program files\Symantec 2011-06-27 15:50 . 2011-06-27 15:50 -------- d-----w- c:\program files\Common Files\Symantec Shared 2011-06-27 15:49 . 2010-08-21 03:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2011-06-27 15:49 . 2010-08-21 03:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2011-06-27 15:49 . 2011-06-27 15:49 -------- d-----w- c:\windows\system32\drivers\N360x64 2011-06-27 15:49 . 2011-06-27 15:49 -------- d-----w- c:\program files (x86)\Norton 360 2011-06-27 15:45 . 2011-06-27 15:45 -------- d-----w- c:\program files (x86)\NortonInstaller 2011-06-27 15:44 . 2011-06-27 15:51 -------- d-----w- c:\programdata\Norton 2011-06-16 13:58 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-10 19:07 . 2011-06-10 19:07 -------- d-----w- C:\003508781f61aaf9a0 2011-06-10 19:05 . 2011-06-10 19:05 -------- d-----w- c:\windows\SysWow64\Wat 2011-06-10 19:05 . 2011-06-10 19:05 -------- d-----w- c:\windows\system32\Wat 2011-06-10 18:20 . 2011-06-10 18:20 -------- d-----w- c:\windows\SysWow64\wbem\en-US 2011-06-10 18:20 . 2011-06-10 18:20 -------- d-----w- c:\windows\system32\wbem\en-US 2011-06-10 17:48 . 2011-06-28 06:41 -------- d-----w- c:\programdata\clear.fi 2011-06-10 17:08 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll 2011-06-10 17:08 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll 2011-06-10 17:02 . 2009-11-25 10:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2011-06-10 17:02 . 2009-11-25 10:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2011-06-10 17:02 . 2009-11-25 10:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2011-06-10 17:02 . 2009-11-25 10:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2011-06-10 17:02 . 2009-11-25 10:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2011-06-10 17:02 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2011-06-10 17:02 . 2009-11-25 10:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2011-06-10 17:02 . 2009-11-25 10:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2011-06-10 17:02 . 2009-11-25 10:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2011-06-10 17:02 . 2009-11-25 10:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2011-06-10 17:01 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe 2011-06-10 16:57 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-06-10 16:57 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-06-10 16:57 . 2011-02-19 06:36 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-06-10 16:57 . 2011-02-19 05:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-06-10 16:57 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll 2011-06-10 16:57 . 2011-02-19 06:37 1540608 ----a-w- c:\windows\system32\DWrite.dll 2011-06-10 16:57 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-06-10 16:57 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe 2011-06-10 16:57 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe 2011-06-10 16:57 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll 2011-06-10 16:57 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2011-06-10 16:55 . 2011-03-11 06:19 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-06-10 16:54 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe 2011-06-10 16:54 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll 2011-06-10 16:54 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2011-06-10 16:54 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2011-06-10 16:54 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2011-06-10 16:54 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2011-06-10 16:54 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll 2011-06-10 16:54 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2011-06-10 16:54 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2011-06-10 16:54 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2011-06-10 16:54 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2011-06-10 16:53 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-06-10 16:35 . 2011-06-10 16:35 -------- d---a-w- C:\book 2011-06-10 16:34 . 2011-06-10 16:34 -------- d-----w- c:\windows\nl 2011-06-10 16:34 . 2011-06-10 16:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2011-06-10 16:33 . 2011-06-27 21:09 -------- d-----w- c:\program files (x86)\Windows Live 2011-06-10 16:33 . 2011-06-10 16:33 -------- d-----w- c:\windows\PCHEALTH 2011-06-10 16:33 . 2011-06-10 16:33 -------- d-----w- c:\program files\Windows Live 2011-06-10 16:32 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-06-10 16:32 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-06-10 16:32 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-06-10 16:32 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-06-10 16:32 . 2006-11-29 11:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll 2011-06-10 16:32 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll 2011-06-10 16:31 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2011-06-10 16:31 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll 2011-06-10 16:31 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll 2011-06-10 16:31 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll 2011-06-10 16:30 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL 2011-06-10 16:30 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll 2011-06-10 16:30 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL 2011-06-10 16:30 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-06-10 16:30 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll 2011-06-10 16:30 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll 2011-06-10 16:30 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll 2011-06-10 16:29 . 2011-06-10 16:29 -------- d-----w- c:\program files (x86)\Common Files\Windows Live 2011-06-10 16:27 . 2010-03-30 16:18 1803264 ----a-w- c:\programdata\Microsoft\OEMOffice14\Office14\PowerPoint.nl-nl\PowerPointMUI.msi 2011-06-10 16:12 . 2011-06-10 16:12 -------- d-----w- c:\program files\Acer Accessory Store 2011-06-10 16:12 . 2011-06-10 16:21 -------- d-----w- c:\users\Admin 2011-06-10 16:10 . 2011-06-10 16:10 -------- d-----w- C:\Recovery . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-10 16:33 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-09-18 407920] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-09-18 201584] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2010-11-12 296768] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-01-18 1028688] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288] "MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-10 177448] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2009-07-14 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110628.050\IDSvia64.sys [2011-06-03 488056] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0501000.01D\SYMNETS.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-01-18 313424] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-10-29 868224] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2010-11-12 257344] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-12 1997416] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232] S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys [x] S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys [x] S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys [x] S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-25 136824] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-23 11725928] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-10-29 860040] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-30 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-30 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-30 418328] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://acer.msn.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\umugsncg.default\ FF - prefs.js: browser.startup.homepage - hxxp://acer.msn.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: general.useragent.extra.brc - . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1761514740-3234673199-2318220368-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1761514740-3234673199-2318220368-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1761514740-3234673199-2318220368-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{74F66B09-BC15-92B1-C2BF-D74ED8680E6E}*] "hakgjbcgmnjokhmi"=hex:6a,61,69,62,6c,65,62,63,6d,61,62,6f,62,68,65,61,6e,69, 6b,68,00,d4 "iaeghbndhdkppganjl"=hex:6a,61,69,62,6c,65,62,63,6d,61,62,6f,62,68,65,61,6e,69, 6b,68,00,69 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe c:\program files (x86)\Launch Manager\LMworker.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Launch Manager\LMworker.exe c:\program files (x86)\Mozilla Firefox\firefox.exe c:\program files (x86)\Mozilla Firefox\plugin-container.exe . ************************************************************************** . Voltooingstijd: 2011-06-29 13:10:56 - machine werd herstart ComboFix-quarantined-files.txt 2011-06-29 11:10 . Pre-Run: 437.000.212.480 bytes beschikbaar Post-Run: 436.823.445.504 bytes beschikbaar . - - End Of File - - A3A2B3F9AC13850EF0A3C055FF07C2DD
  5. pietervdb
    hey, Ik denk dat de problemen van de router komen, omdat ik nu een nieuwe laptop heb en die heeft juist dezelfde problemen om op internetpagina's te komen. weet iemand hier raad mee
  6. pietervdb
    hey Ik ben naar de computerwinkel geweest en er was niets meer aan te doen, er waren bepaalde circuits op het moederbord aangetast, dus we hebben een nieuwe laptop moeten kopen
  7. pietervdb
    hey bij het toetsenbord heb ik het product eerst op keukenrol aangebracht, maar ik denk dat ik iets te veel op het doekje gespoten heb en het scherm heb ik rechtstreeks gedaan, maar dat heb ik direct met een ander doekje verspreid over heel het scherm
  8. pietervdb
    hallo Na het kuisen van mijn scherm en laptop start hem niet meer op. Nu heb ik gezien dat ik per ongeluk de verkeerde bus heb gebruikt. Ik heb een product voor ruiten en spiegels gebruikt, maar er zit een anti-kalk oplossing in. Na het kuisen van het scherm had ik hem een paar uur niet meer opgezet en toen ik hem voor het eerst opzette, startte hij nog wel op, maar de touchpad deed al niet meer normaal en de laptop begon zelf dingen te tijpen en toen we later hem nog eens probeerde aan te zetten, begon er een alarm te gaan en later geraakte hij niet voorbij het acer opstart scherm. Is er nog iets aan te doen? mvg Pieter
  9. pietervdb
    hey De problemen zijn toch nog niet helemaal opgelost. Vaak worden webpagina's niet fatsoenlijk geladen of vind hij ze weer niet.
  10. pietervdb
    oké bedankt
  11. pietervdb
    hallo, Mijn computer maakt verbinding door middel van een router (niet rechtstreeks aangesloten aan het internet) en wanneer ik lange tijd niet meer op mijn laptop heb gezeten of na slaapstand of zo, moet ik terug handmatig verbinding maken met de router, iemand een oplossing. (het probleem is redelijk moeilijk om te omschrijven) groetjes Pieter
  12. pietervdb
    Tot nu toe start het internet normaal op
  13. pietervdb
    ComboFix 11-06-22.01 - pieter 22/06/2011 19:47:16.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3956.2517 [GMT 2:00] Gestart vanuit: c:\users\pieter\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\pieter\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))) . . 2011-06-22 17:52 . 2011-06-22 17:52 -------- d-----w- c:\users\Gast\AppData\Local\temp 2011-06-22 17:52 . 2011-06-22 17:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-21 15:31 . 2011-06-21 15:31 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll 2011-06-21 15:30 . 2011-06-21 15:30 704320 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-06-20 16:53 . 2011-06-20 16:53 -------- d-----w- c:\users\pieter\AppData\Roaming\Malwarebytes 2011-06-20 16:52 . 2011-06-20 16:52 -------- d-----w- c:\programdata\Malwarebytes 2011-06-20 16:52 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-19 18:15 . 2011-06-19 18:15 388096 ----a-r- c:\users\pieter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-19 18:15 . 2011-06-19 18:15 -------- d-----w- c:\program files (x86)\Trend Micro 2011-06-18 14:03 . 2011-06-18 14:03 -------- d-----w- c:\program files (x86)\MASC Software BV 2011-06-18 13:54 . 2011-06-18 14:04 45056 ----a-r- c:\users\pieter\AppData\Roaming\Microsoft\Installer\{FF0F8E63-36EC-4180-8DF2-0F3CE3D91966}\_65966CD02315_4C87_B57B_372B5E3E6ABB.exe 2011-06-18 13:54 . 2011-06-18 13:54 -------- d-----w- c:\program files (x86)\Masc software 2011-06-18 13:18 . 2011-06-18 14:01 -------- d-----w- c:\program files (x86)\Mindscape 2011-06-17 17:35 . 2011-06-20 06:25 -------- d-----w- c:\users\pieter\AppData\Local\{01F616B1-3547-4A7A-8C60-7888F9787E2C} 2011-06-16 13:12 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-16 13:12 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-06-16 13:04 . 2011-06-16 13:04 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-06-15 18:04 . 2011-06-15 18:04 -------- d-----w- c:\users\Gast\AppData\Roaming\DAEMON Tools Pro 2011-06-14 15:17 . 2011-06-14 15:17 -------- d-----w- c:\users\pieter\AppData\Local\Origin 2011-06-14 15:16 . 2011-06-14 15:17 -------- d-----w- c:\programdata\Origin 2011-06-14 15:16 . 2011-06-14 15:16 -------- d-----w- c:\program files (x86)\Origin Games 2011-06-14 15:16 . 2011-06-14 15:16 -------- d-----w- c:\program files (x86)\Origin 2011-06-12 17:06 . 2011-06-12 17:06 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-06-12 16:55 . 2011-06-12 17:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro 2011-06-12 16:55 . 2011-06-12 17:04 -------- d-----w- c:\users\pieter\AppData\Roaming\DAEMON Tools Pro 2011-06-12 16:55 . 2011-06-12 16:55 -------- d-----w- c:\programdata\DAEMON Tools Pro 2011-06-12 16:52 . 2011-06-12 16:52 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2011-06-12 16:49 . 2011-06-12 16:50 -------- d-----w- c:\program files (x86)\AnyToISO 2011-06-11 15:24 . 2011-06-11 15:24 -------- d-----w- c:\program files\Common Files\Idu 2011-06-11 15:23 . 2011-06-11 16:11 -------- d-----w- c:\program files (x86)\WarZone 2011-06-11 15:23 . 2011-06-11 15:23 -------- d-----w- c:\program files\Microprose 2011-06-10 13:23 . 2011-06-10 13:23 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-05 16:04 . 2011-06-05 16:06 -------- d-----w- c:\windows\WindowsMobile 2011-06-05 10:56 . 2011-06-05 10:56 -------- d-----w- c:\program files\railroad tycoon 3 2011-06-05 10:47 . 2011-06-11 16:14 -------- d-----w- c:\program files (x86)\Railroad Tycoon 3 2011-05-25 05:17 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-24 15:22 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-05-24 15:22 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-11 11:10 . 2010-06-08 14:57 135375 ----a-w- c:\users\pieter\AppData\Roaming\mdbu.bin 2011-05-04 02:52 . 2010-04-23 14:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr 2011-04-09 06:45 . 2011-05-11 18:33 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:13 . 2011-05-11 18:33 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 18:33 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-06-21_13.11.31 ))))))))))))))))))))))))))))))))))))))))) . - 2010-01-23 20:52 . 2011-06-21 13:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-23 20:52 . 2011-06-22 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-23 20:52 . 2011-06-21 13:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-23 20:52 . 2011-06-22 17:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-25 09:23 . 2011-06-22 08:45 328358 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2010-01-24 20:37 . 2011-06-21 23:06 257628 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 02:34 . 2011-06-22 09:09 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2011-06-21 12:27 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110622.001\IDSvia64.sys [2011-06-03 488056] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Inhoud van de 'Gedeelde Taken' map . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 06:34] . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 06:34] . 2011-06-22 c:\windows\Tasks\Norton AntiVirus - pieter - Volledige systeemscan.job - c:\program files (x86)\Norton 360\Engine\4.3.0.5\navw32.exe [2011-01-07 19:24] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5740&r=27360110l816l0428z155t54i1d533 mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2456C6B696E6F5166313234356: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2626F68723D203465393: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2656C6B696E602E65647775627B6: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\pieter\AppData\Roaming\Mozilla\Firefox\Profiles\zh17vyj9.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - %profile%\extensions\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} FF - Ext: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} - %profile%\extensions\{46735dee-f862-49d1-876d-6382794dc625} FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - %profile%\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{37295164-6894-4F93-AD7D-B7DE830DBB96} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1669923516-1675829682-1240158397-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:6d,20,7f,9b,77,de,07,95,10,36,dd,59,e9,36,43,b1,f4,f6,1a,ee,ff,ce,2e, d0,2d,7b,8d,ce,02,ca,e8,59,62,b3,c2,6d,a9,8c,63,92,fc,38,f6,2d,82,58,91,6d,\ "??"=hex:70,83,9f,fc,c4,01,fd,a1,de,d7,49,8e,e2,b0,59,d5 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-06-22 19:54:41 ComboFix-quarantined-files.txt 2011-06-22 17:54 ComboFix2.txt 2011-06-21 14:30 ComboFix3.txt 2011-06-21 13:13 . Pre-Run: 470.283.083.776 bytes beschikbaar Post-Run: 470.229.372.928 bytes beschikbaar . - - End Of File - - 8A81E3EF0467C3A8CE863277DE7D8AD1
  14. pietervdb
    eigenlijk zo goed als geen problemen meer, soms nog als ik het internet opstart, maar daarna nie meer
  15. pietervdb
    ComboFix 11-06-20.02 - pieter 21/06/2011 16:22:53.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3956.2497 [GMT 2:00] Gestart vanuit: c:\users\pieter\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\pieter\Desktop\CFScript.txt AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\pieter\AppData\Local\{00EDB5B4-54FD-42BF-AF76-E831D168D21B} c:\users\pieter\AppData\Local\{05B1C651-DC24-4B1D-B1A4-F475D3E16755} c:\users\pieter\AppData\Local\{0D618A6D-B4F9-40F0-89A4-27B8C3EE687A} c:\users\pieter\AppData\Local\{132A2C49-9559-422A-8AE6-CCD240C4134A} c:\users\pieter\AppData\Local\{1DD5EA09-955E-46F0-AD71-D7CA1FDA8ABF} c:\users\pieter\AppData\Local\{21781DBC-F1CB-4364-8962-CD2A613DDE37} c:\users\pieter\AppData\Local\{26A42ABF-C440-448F-B6A3-FAD973930E11} c:\users\pieter\AppData\Local\{2B4FB948-517D-4E27-BE4E-59E6C10E5B5B} c:\users\pieter\AppData\Local\{4477FF4B-A030-4F95-A6BC-A62287EF221D} c:\users\pieter\AppData\Local\{57E8F055-0620-48E1-904F-E036FE160D11} c:\users\pieter\AppData\Local\{5CC8F62F-2815-45E6-BEF2-862171A3D5A6} c:\users\pieter\AppData\Local\{6E02DF3B-743B-4616-B3F6-324239BE8974} c:\users\pieter\AppData\Local\{71EAB3A9-C89D-4310-BA7F-92E8CD76BF66} c:\users\pieter\AppData\Local\{9136616D-ADBF-41FE-BF8F-94208B8257DD} c:\users\pieter\AppData\Local\{9476561A-A74F-4AE4-8137-63BCDF103446} c:\users\pieter\AppData\Local\{A2832AA2-B829-4E4C-8FD0-3390E6FBF983} c:\users\pieter\AppData\Local\{B0F293A8-622C-4DA9-AB1E-FD5E8F7FE6BB} c:\users\pieter\AppData\Local\{B4B8A88F-6F2F-4DA7-AC1E-482411A2F55D} c:\users\pieter\AppData\Local\{B89F4164-12A7-4882-B3DD-234145BD1FCD} c:\users\pieter\AppData\Local\{DA5C1B7F-449A-49BE-8E3F-6961B6AAC875} c:\users\pieter\AppData\Local\{E2287725-BACB-4168-BDD3-FEA3569FC0CD} c:\users\pieter\AppData\Local\{E61D4BFC-3314-49C8-9285-3348F349161C} c:\users\pieter\AppData\Local\{EAFC69DB-1D0E-45C1-9D02-91E90DEE8608} c:\users\pieter\AppData\Local\{EECA433B-FA76-4D5C-8703-2587E25A9420} c:\users\pieter\AppData\Local\{F162FB6E-E2B9-4C02-8068-4DD3302363D0} c:\users\pieter\AppData\Local\{FA201381-F773-4515-93F7-48D2E9895609} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))) . . 2011-06-21 14:28 . 2011-06-21 14:28 -------- d-----w- c:\users\Gast\AppData\Local\temp 2011-06-21 14:28 . 2011-06-21 14:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-20 16:53 . 2011-06-20 16:53 -------- d-----w- c:\users\pieter\AppData\Roaming\Malwarebytes 2011-06-20 16:52 . 2011-06-20 16:52 -------- d-----w- c:\programdata\Malwarebytes 2011-06-20 16:52 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-19 18:15 . 2011-06-19 18:15 388096 ----a-r- c:\users\pieter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-19 18:15 . 2011-06-19 18:15 -------- d-----w- c:\program files (x86)\Trend Micro 2011-06-18 14:03 . 2011-06-18 14:03 -------- d-----w- c:\program files (x86)\MASC Software BV 2011-06-18 13:54 . 2011-06-18 14:04 45056 ----a-r- c:\users\pieter\AppData\Roaming\Microsoft\Installer\{FF0F8E63-36EC-4180-8DF2-0F3CE3D91966}\_65966CD02315_4C87_B57B_372B5E3E6ABB.exe 2011-06-18 13:54 . 2011-06-18 13:54 -------- d-----w- c:\program files (x86)\Masc software 2011-06-18 13:18 . 2011-06-18 14:01 -------- d-----w- c:\program files (x86)\Mindscape 2011-06-17 17:35 . 2011-06-20 06:25 -------- d-----w- c:\users\pieter\AppData\Local\{01F616B1-3547-4A7A-8C60-7888F9787E2C} 2011-06-16 13:12 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-16 13:12 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-06-16 13:04 . 2011-06-16 13:04 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-06-15 18:04 . 2011-06-15 18:04 -------- d-----w- c:\users\Gast\AppData\Roaming\DAEMON Tools Pro 2011-06-14 15:17 . 2011-06-14 15:17 -------- d-----w- c:\users\pieter\AppData\Local\Origin 2011-06-14 15:16 . 2011-06-14 15:17 -------- d-----w- c:\programdata\Origin 2011-06-14 15:16 . 2011-06-14 15:16 -------- d-----w- c:\program files (x86)\Origin Games 2011-06-14 15:16 . 2011-06-14 15:16 -------- d-----w- c:\program files (x86)\Origin 2011-06-12 17:06 . 2011-06-12 17:06 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-06-12 16:55 . 2011-06-12 17:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro 2011-06-12 16:55 . 2011-06-12 17:04 -------- d-----w- c:\users\pieter\AppData\Roaming\DAEMON Tools Pro 2011-06-12 16:55 . 2011-06-12 16:55 -------- d-----w- c:\programdata\DAEMON Tools Pro 2011-06-12 16:52 . 2011-06-12 16:52 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2011-06-12 16:49 . 2011-06-12 16:50 -------- d-----w- c:\program files (x86)\AnyToISO 2011-06-11 15:24 . 2011-06-11 15:24 -------- d-----w- c:\program files\Common Files\Idu 2011-06-11 15:23 . 2011-06-11 16:11 -------- d-----w- c:\program files (x86)\WarZone 2011-06-11 15:23 . 2011-06-11 15:23 -------- d-----w- c:\program files\Microprose 2011-06-10 13:23 . 2011-06-10 13:23 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-05 16:04 . 2011-06-05 16:06 -------- d-----w- c:\windows\WindowsMobile 2011-06-05 10:56 . 2011-06-05 10:56 -------- d-----w- c:\program files\railroad tycoon 3 2011-06-05 10:47 . 2011-06-11 16:14 -------- d-----w- c:\program files (x86)\Railroad Tycoon 3 2011-05-25 05:17 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-24 15:22 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-05-24 15:22 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-11 11:10 . 2010-06-08 14:57 135375 ----a-w- c:\users\pieter\AppData\Roaming\mdbu.bin 2011-05-04 02:52 . 2010-04-23 14:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr 2011-04-09 06:45 . 2011-05-11 18:33 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:13 . 2011-05-11 18:33 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 18:33 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-06-21_13.11.31 ))))))))))))))))))))))))))))))))))))))))) . - 2010-01-23 20:52 . 2011-06-21 13:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-23 20:52 . 2011-06-21 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-23 20:52 . 2011-06-21 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-01-23 20:52 . 2011-06-21 13:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Inhoud van de 'Gedeelde Taken' map . 2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 06:34] . 2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 06:34] . 2011-06-20 c:\windows\Tasks\Norton AntiVirus - pieter - Volledige systeemscan.job - c:\program files (x86)\Norton 360\Engine\4.3.0.5\navw32.exe [2011-01-07 19:24] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5740&r=27360110l816l0428z155t54i1d533 mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2456C6B696E6F5166313234356: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2626F68723D203465393: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2656C6B696E602E65647775627B6: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\pieter\AppData\Roaming\Mozilla\Firefox\Profiles\zh17vyj9.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - %profile%\extensions\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} FF - Ext: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} - %profile%\extensions\{46735dee-f862-49d1-876d-6382794dc625} FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - %profile%\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{37295164-6894-4F93-AD7D-B7DE830DBB96} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1669923516-1675829682-1240158397-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:6d,20,7f,9b,77,de,07,95,10,36,dd,59,e9,36,43,b1,f4,f6,1a,ee,ff,ce,2e, d0,2d,7b,8d,ce,02,ca,e8,59,62,b3,c2,6d,a9,8c,63,92,fc,38,f6,2d,82,58,91,6d,\ "??"=hex:70,83,9f,fc,c4,01,fd,a1,de,d7,49,8e,e2,b0,59,d5 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-06-21 16:30:05 ComboFix-quarantined-files.txt 2011-06-21 14:30 ComboFix2.txt 2011-06-21 13:13 . Pre-Run: 471.902.130.176 bytes beschikbaar Post-Run: 471.836.639.232 bytes beschikbaar . - - End Of File - - EE229C0AAFEEE48656340EC932F9B201
  16. pietervdb
    voila, hier zijn de resultaten ComboFix 11-06-20.01 - pieter 21/06/2011 15:03:38.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3956.2300 [GMT 2:00] Gestart vanuit: c:\users\pieter\Downloads\ComboFix.exe AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\pieter\AppData\Roaming\inst.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))) . . 2011-06-20 16:53 . 2011-06-20 16:53 -------- d-----w- c:\users\pieter\AppData\Roaming\Malwarebytes 2011-06-20 16:52 . 2011-06-20 16:52 -------- d-----w- c:\programdata\Malwarebytes 2011-06-20 16:52 . 2011-05-29 07:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-19 18:15 . 2011-06-19 18:15 388096 ----a-r- c:\users\pieter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-19 18:15 . 2011-06-19 18:15 -------- d-----w- c:\program files (x86)\Trend Micro 2011-06-18 14:03 . 2011-06-18 14:03 -------- d-----w- c:\program files (x86)\MASC Software BV 2011-06-18 13:54 . 2011-06-18 14:04 45056 ----a-r- c:\users\pieter\AppData\Roaming\Microsoft\Installer\{FF0F8E63-36EC-4180-8DF2-0F3CE3D91966}\_65966CD02315_4C87_B57B_372B5E3E6ABB.exe 2011-06-18 13:54 . 2011-06-18 13:54 -------- d-----w- c:\program files (x86)\Masc software 2011-06-18 13:18 . 2011-06-18 14:01 -------- d-----w- c:\program files (x86)\Mindscape 2011-06-17 17:35 . 2011-06-20 06:25 -------- d-----w- c:\users\pieter\AppData\Local\{01F616B1-3547-4A7A-8C60-7888F9787E2C} 2011-06-16 13:12 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2011-06-16 13:12 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2011-06-16 13:04 . 2011-06-16 13:04 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-06-15 18:04 . 2011-06-15 18:04 -------- d-----w- c:\users\Gast\AppData\Roaming\DAEMON Tools Pro 2011-06-15 04:39 . 2011-06-17 05:34 -------- d-----w- c:\users\pieter\AppData\Local\{A2832AA2-B829-4E4C-8FD0-3390E6FBF983} 2011-06-14 15:23 . 2011-06-14 15:23 -------- d-----w- c:\users\pieter\AppData\Local\{EAFC69DB-1D0E-45C1-9D02-91E90DEE8608} 2011-06-14 15:17 . 2011-06-14 15:17 -------- d-----w- c:\users\pieter\AppData\Local\Origin 2011-06-14 15:16 . 2011-06-14 15:17 -------- d-----w- c:\programdata\Origin 2011-06-14 15:16 . 2011-06-14 15:16 -------- d-----w- c:\program files (x86)\Origin Games 2011-06-14 15:16 . 2011-06-14 15:16 -------- d-----w- c:\program files (x86)\Origin 2011-06-13 00:23 . 2011-06-13 12:23 -------- d-----w- c:\users\pieter\AppData\Local\{0D618A6D-B4F9-40F0-89A4-27B8C3EE687A} 2011-06-12 17:06 . 2011-06-12 17:06 272448 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2011-06-12 16:55 . 2011-06-12 17:06 -------- d-----w- c:\program files (x86)\DAEMON Tools Pro 2011-06-12 16:55 . 2011-06-12 17:04 -------- d-----w- c:\users\pieter\AppData\Roaming\DAEMON Tools Pro 2011-06-12 16:55 . 2011-06-12 16:55 -------- d-----w- c:\programdata\DAEMON Tools Pro 2011-06-12 16:52 . 2011-06-12 16:52 -------- d-----w- c:\program files (x86)\Elaborate Bytes 2011-06-12 16:49 . 2011-06-12 16:50 -------- d-----w- c:\program files (x86)\AnyToISO 2011-06-12 10:21 . 2011-06-12 10:21 -------- d-----w- c:\users\pieter\AppData\Local\{1DD5EA09-955E-46F0-AD71-D7CA1FDA8ABF} 2011-06-11 15:24 . 2011-06-11 15:24 -------- d-----w- c:\program files\Common Files\Idu 2011-06-11 15:23 . 2011-06-11 16:11 -------- d-----w- c:\program files (x86)\WarZone 2011-06-11 15:23 . 2011-06-11 15:23 -------- d-----w- c:\program files\Microprose 2011-06-10 13:23 . 2011-06-10 13:23 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-06-10 13:18 . 2011-06-10 13:18 -------- d-----w- c:\users\pieter\AppData\Local\{2B4FB948-517D-4E27-BE4E-59E6C10E5B5B} 2011-06-10 06:02 . 2011-06-10 06:02 -------- d-----w- c:\users\pieter\AppData\Local\{9136616D-ADBF-41FE-BF8F-94208B8257DD} 2011-06-09 10:24 . 2011-06-09 10:26 -------- d-----w- c:\users\pieter\AppData\Local\{EECA433B-FA76-4D5C-8703-2587E25A9420} 2011-06-08 18:27 . 2011-06-08 18:28 -------- d-----w- c:\users\pieter\AppData\Local\{E61D4BFC-3314-49C8-9285-3348F349161C} 2011-06-08 06:27 . 2011-06-08 06:27 -------- d-----w- c:\users\pieter\AppData\Local\{05B1C651-DC24-4B1D-B1A4-F475D3E16755} 2011-06-07 18:26 . 2011-06-07 18:27 -------- d-----w- c:\users\pieter\AppData\Local\{B89F4164-12A7-4882-B3DD-234145BD1FCD} 2011-06-07 06:26 . 2011-06-07 06:26 -------- d-----w- c:\users\pieter\AppData\Local\{21781DBC-F1CB-4364-8962-CD2A613DDE37} 2011-06-06 18:25 . 2011-06-06 18:26 -------- d-----w- c:\users\pieter\AppData\Local\{F162FB6E-E2B9-4C02-8068-4DD3302363D0} 2011-06-06 06:25 . 2011-06-06 06:25 -------- d-----w- c:\users\pieter\AppData\Local\{132A2C49-9559-422A-8AE6-CCD240C4134A} 2011-06-05 18:24 . 2011-06-05 18:24 -------- d-----w- c:\users\pieter\AppData\Local\{71EAB3A9-C89D-4310-BA7F-92E8CD76BF66} 2011-06-05 16:04 . 2011-06-05 16:06 -------- d-----w- c:\windows\WindowsMobile 2011-06-05 10:56 . 2011-06-05 10:56 -------- d-----w- c:\program files\railroad tycoon 3 2011-06-05 10:47 . 2011-06-11 16:14 -------- d-----w- c:\program files (x86)\Railroad Tycoon 3 2011-06-02 17:57 . 2011-06-05 06:23 -------- d-----w- c:\users\pieter\AppData\Local\{E2287725-BACB-4168-BDD3-FEA3569FC0CD} 2011-06-02 05:56 . 2011-06-02 05:57 -------- d-----w- c:\users\pieter\AppData\Local\{57E8F055-0620-48E1-904F-E036FE160D11} 2011-06-01 05:21 . 2011-06-01 17:22 -------- d-----w- c:\users\pieter\AppData\Local\{26A42ABF-C440-448F-B6A3-FAD973930E11} 2011-05-31 14:04 . 2011-05-31 14:04 -------- d-----w- c:\users\pieter\AppData\Local\{6E02DF3B-743B-4616-B3F6-324239BE8974} 2011-05-31 10:33 . 2011-05-31 10:33 -------- d-----w- c:\users\pieter\AppData\Local\{4477FF4B-A030-4F95-A6BC-A62287EF221D} 2011-05-27 17:37 . 2011-05-27 17:37 -------- d-----w- c:\users\pieter\AppData\Local\{FA201381-F773-4515-93F7-48D2E9895609} 2011-05-27 05:36 . 2011-05-27 05:36 -------- d-----w- c:\users\pieter\AppData\Local\{00EDB5B4-54FD-42BF-AF76-E831D168D21B} 2011-05-26 14:08 . 2011-05-26 14:08 -------- d-----w- c:\users\pieter\AppData\Local\{B4B8A88F-6F2F-4DA7-AC1E-482411A2F55D} 2011-05-26 09:14 . 2011-05-26 09:14 -------- d-----w- c:\users\pieter\AppData\Local\{5CC8F62F-2815-45E6-BEF2-862171A3D5A6} 2011-05-25 05:17 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2011-05-24 17:50 . 2011-05-24 17:50 -------- d-----w- c:\users\pieter\AppData\Local\{9476561A-A74F-4AE4-8137-63BCDF103446} 2011-05-24 15:22 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-05-24 15:22 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-05-23 17:49 . 2011-05-24 05:49 -------- d-----w- c:\users\pieter\AppData\Local\{B0F293A8-622C-4DA9-AB1E-FD5E8F7FE6BB} 2011-05-22 18:16 . 2011-05-22 18:17 -------- d-----w- c:\users\pieter\AppData\Local\{DA5C1B7F-449A-49BE-8E3F-6961B6AAC875} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-11 11:10 . 2010-06-08 14:57 135375 ----a-w- c:\users\pieter\AppData\Roaming\mdbu.bin 2011-05-04 02:52 . 2010-04-23 14:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr 2011-04-09 06:45 . 2011-05-11 18:33 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-04-09 06:13 . 2011-05-11 18:33 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-04-09 06:13 . 2011-05-11 18:33 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [x] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 136824] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Inhoud van de 'Gedeelde Taken' map . 2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 06:34] . 2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 06:34] . 2011-06-20 c:\windows\Tasks\Norton AntiVirus - pieter - Volledige systeemscan.job - c:\program files (x86)\Norton 360\Engine\4.3.0.5\navw32.exe [2011-01-07 19:24] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0813&m=aspire_5740&r=27360110l816l0428z155t54i1d533 mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Open using &Advanced JPEG Compressor - c:\program files (x86)\Advanced JPEG Compressor\ajcieex.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2456C6B696E6F5166313234356: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2626F68723D203465393: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{6AA23AAF-360B-4985-A46D-A2C4D1DB5B2E}\2656C6B696E602E65647775627B6: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\pieter\AppData\Roaming\Mozilla\Firefox\Profiles\zh17vyj9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17241 FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=17241 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: ToggleDU Toolbar: {3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} - %profile%\extensions\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1} FF - Ext: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} - %profile%\extensions\{46735dee-f862-49d1-876d-6382794dc625} FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} FF - Ext: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - %profile%\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{46735DEE-F862-49D1-876D-6382794DC625} - (no file) WebBrowser-{37295164-6894-4F93-AD7D-B7DE830DBB96} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43} - c:\program files (x86)\AGI\core\4.2.0.10752\InstallerGUI.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360] "ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1669923516-1675829682-1240158397-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:6d,20,7f,9b,77,de,07,95,10,36,dd,59,e9,36,43,b1,f4,f6,1a,ee,ff,ce,2e, d0,2d,7b,8d,ce,02,ca,e8,59,62,b3,c2,6d,a9,8c,63,92,fc,38,f6,2d,82,58,91,6d,\ "??"=hex:70,83,9f,fc,c4,01,fd,a1,de,d7,49,8e,e2,b0,59,d5 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2011-06-21 15:13:38 ComboFix-quarantined-files.txt 2011-06-21 13:13 . Pre-Run: 472.181.579.776 bytes beschikbaar Post-Run: 472.112.025.600 bytes beschikbaar . - - End Of File - - 7633C2C006573E902D3ED1E4C86AC410
  17. pietervdb
    voila hier zijn de resultaten: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:18:30, on 20/06/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16800) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R3 - URLSearchHook: (no name) - {37295164-6894-4f93-ad7d-b7de830dbb96} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files (x86)\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13028 bytes Malwarebytes' Anti-Malware 1.51.0.1200 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Databaseversie: 6903 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20/06/2011 19:04:48 mbam-log-2011-06-20 (19-04-48).txt Scantype: Snelle scan Objecten gescand: 188426 Verstreken tijd: 5 minuut/minuten, 2 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Users\pieter\downloads\railworks 2 crack 2011.exe (Trojan.BTMananger.Gen) -> Quarantined and deleted successfully.
  18. pietervdb
    Het probleem is nog altijd niet opgelost
  19. pietervdb
    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:16:39, on 19/06/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16800) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\Users\pieter\AppData\Local\MediaGet2\mediaget.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe C:\Program Files (x86)\Vuze\Azureus.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing) R3 - URLSearchHook: dutch.ilsc.org Toolbar - {37295164-6894-4f93-ad7d-b7de830dbb96} - C:\Program Files (x86)\dutch.ilsc.org\tbdutc.dll R3 - URLSearchHook: (no name) - {46735dee-f862-49d1-876d-6382794dc625} - (no file) R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll O2 - BHO: dutch.ilsc.org Toolbar - {37295164-6894-4f93-ad7d-b7de830dbb96} - C:\Program Files (x86)\dutch.ilsc.org\tbdutc.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll O3 - Toolbar: Kiwee Toolbar - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll (file missing) O3 - Toolbar: dutch.ilsc.org Toolbar - {37295164-6894-4f93-ad7d-b7de830dbb96} - C:\Program Files (x86)\dutch.ilsc.org\tbdutc.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [MediaGet2] C:\Users\pieter\AppData\Local\MediaGet2\mediaget.exe --minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1669923516-1675829682-1240158397-501\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'Gast') O4 - HKUS\S-1-5-21-1669923516-1675829682-1240158397-501\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'Gast') O4 - HKUS\S-1-5-21-1669923516-1675829682-1240158397-501\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount (User 'Gast') O4 - HKUS\S-1-5-21-1669923516-1675829682-1240158397-501\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 (User 'Gast') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files (x86)\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 18053 bytes Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:16:39, on 19/06/2011 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16800) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe C:\Users\pieter\AppData\Local\MediaGet2\mediaget.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Kiwee Toolbar\3.2\kwtbaim.exe C:\Program Files (x86)\Vuze\Azureus.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll R3 - URLSearchHook: agihelper.AGUtils - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - mscoree.dll (file missing) R3 - URLSearchHook: dutch.ilsc.org Toolbar - {37295164-6894-4f93-ad7d-b7de830dbb96} - C:\Program Files (x86)\dutch.ilsc.org\tbdutc.dll R3 - URLSearchHook: (no name) - {46735dee-f862-49d1-876d-6382794dc625} - (no file) R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: agihelper.AGUtils - {0bc6e3fa-78ef-4886-842c-5a1258c4455a} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll O2 - BHO: dutch.ilsc.org Toolbar - {37295164-6894-4f93-ad7d-b7de830dbb96} - C:\Program Files (x86)\dutch.ilsc.org\tbdutc.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll O3 - Toolbar: Kiwee Toolbar - {1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - mscoree.dll (file missing) O3 - Toolbar: dutch.ilsc.org Toolbar - {37295164-6894-4f93-ad7d-b7de830dbb96} - C:\Program Files (x86)\dutch.ilsc.org\tbdutc.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.4\youtubedownloaderToolbarIE.dll O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [MediaGet2] C:\Users\pieter\AppData\Local\MediaGet2\mediaget.exe --minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1669923516-1675829682-1240158397-501\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background (User 'Gast') O4 - HKUS\S-1-5-21-1669923516-1675829682-1240158397-501\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'Gast') O4 - HKUS\S-1-5-21-1669923516-1675829682-1240158397-501\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount (User 'Gast') O4 - HKUS\S-1-5-21-1669923516-1675829682-1240158397-501\..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 (User 'Gast') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html O8 - Extra context menu item: Open using &Advanced JPEG Compressor - C:\Program Files (x86)\Advanced JPEG Compressor\ajcieex.htm O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 18053 bytes
  20. pietervdb
    hier zijn de resultaten: Microsoft Windows [versie 6.1.7600] Copyright © 2009 Microsoft Corporation. Alle rechten voorbehouden. C:\Users\pieter>ipconfig Windows IP-configuratie Draadloos LAN-adapter voor Draadloze netwerkverbinding: Verbindingsspec. DNS-achtervoegsel: Belkin Link-local IPv6-adres . . . . . . : fe80::4173:88d2:ba88:edb0%12 IPv4-adres. . . . . . . . . . . . : 192.168.2.3 Subnetmasker. . . . . . . . . . . : 255.255.255.0 Standaardgateway. . . . . . . . . : 192.168.2.1 Ethernet-adapter voor LAN-verbinding: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Tunnel-adapter voor isatap.Belkin: Verbindingsspec. DNS-achtervoegsel: Belkin Link-local IPv6-adres . . . . . . : fe80::5efe:192.168.2.3%18 Standaardgateway. . . . . . . . . : Tunnel-adapter voor LAN-verbinding* 12: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: Tunnel-adapter voor Teredo Tunneling Pseudo-Interface: Verbindingsspec. DNS-achtervoegsel: IPv6-adres. . . . . . . . . . . . : 2001:0:5ef5:79fd:2892:32b5:ab3c:93f6 Link-local IPv6-adres . . . . . . : fe80::2892:32b5:ab3c:93f6%19 Standaardgateway. . . . . . . . . : :: Tunnel-adapter voor isatap.{079E895E-A34A-44CA-AB30-B5385D4D0B79}: Mediumstatus. . . . . . . . . . . : medium ontkoppeld Verbindingsspec. DNS-achtervoegsel: C:\Users\pieter> ---------- Post toegevoegd om 20:08 ---------- Vorige post was om 20:03 ---------- ik heb het in uitvoeren in gegeven, maar problemen zijn niet opgelost. Ik wordt vaak ook als ik een website wil bereiken naar ask.com
  21. pietervdb
    iemand andere suggesties? mvg Pieter
  22. pietervdb
    dat heb ik gedaan ---------- Post toegevoegd om 19:17 ---------- Vorige post was om 19:16 ---------- ma is da normaal als ik da uitpak, da da direct weg springt
  23. pietervdb
    Het probleem was eventjes opgelost,maar enkele uren later, kan ik weer bepaalde sites niet meer openen, zoals de apple store. Heeft u of iemand nog andere suggesties
  24. pietervdb
    Het probleem is opgelost. Dank u wel mvg Pieter
  25. pietervdb
    Hallo [h=1]Sinds enige tijd heb ik problemen om bepaalde websites te bereiken, bijvoorbeeld bij hotmail komt het volgende te staan: Oops! This page appears broken. DNS Error - Server cannot be found. Het internet op mijn laptop gaat tegenwoordig ook veel trager.[/h] [h=1]Weet iemand raad?[/h] [h=1]Mvg Pieter[/h]
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.