videofan

misschien een domme opmerking? Ik moest van een collega het programma [msconfig] opstarten. Dit herkent windows niet! Overal gezocht! En gevonden in de map [C;/Windows/WINSXS]. Kan het vandaar uit wel opstarten en werkt ook. Kan het niet zo zijn dat windows in de verkeerde map zoekt? Domme vragen bestaan niet dus ik stel ze hier.

helaas. Dit is de nieuwe log: ComboFix 11-07-23.04 - Wil 25-07-2011 12:07:44.2.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.3333 [GMT 2:00] Gestart vanuit: c:\users\Wil\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Wil\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\dtmn.exe" "c:\windows\kdhr.exe" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\dtmn.exe c:\windows\kdhr.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_BBSvc -------\Service_rseb . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))) . . 2011-07-25 10:21 . 2011-07-25 10:21 -------- d-----w- c:\users\Wil\AppData\Local\temp 2011-07-25 10:21 . 2011-07-25 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-25 10:21 . 2011-07-25 10:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2011-07-23 17:36 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-23 17:36 . 2011-07-23 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-07-23 17:36 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-23 14:56 . 2011-07-23 14:56 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-07-23 14:42 . 2011-07-23 14:42 -------- d-----w- c:\users\Wil\AppData\Roaming\TuneUp Software 2011-07-23 13:18 . 2011-07-23 13:18 388096 ----a-r- c:\users\Wil\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Administrator\AppData\Local\Ahead 2011-07-23 12:16 . 2011-07-24 12:56 -------- d-----w- c:\users\Administrator\AppData\Roaming\Vista Start Menu 2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Codessentials 2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2011-07-21 20:56 . 2011-07-21 20:56 -------- d-----w- C:\Rbackup 2011-07-21 20:27 . 2011-07-21 20:28 -------- d-----w- c:\program files\CCleaner 2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\users\Wil\AppData\Roaming\Big Fish Games 2011-07-21 11:47 . 2011-07-21 11:47 -------- d-----w- c:\programdata\Spotnet origineel 2011-07-21 06:59 . 2011-07-21 06:59 -------- d-----w- c:\users\Wil\AppData\Roaming\Media Player Classic 2011-07-20 14:39 . 2011-07-20 14:39 -------- d-----w- c:\users\Wil\AppData\Roaming\CattaleGames 2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\programdata\TomTom 2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\users\Wil\AppData\Roaming\TomTom 2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\users\Wil\AppData\Local\TomTom 2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\program files (x86)\TomTom International B.V 2011-07-19 11:21 . 2005-07-14 10:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll 2011-07-19 11:21 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll 2011-07-19 11:21 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll 2011-07-17 14:42 . 2011-07-17 14:42 -------- d-----w- c:\windows\nl 2011-07-17 14:36 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-07-17 14:36 . 2011-07-17 14:43 -------- d-----w- c:\program files (x86)\Windows Live 2011-07-17 14:35 . 2011-07-17 14:36 -------- d-----w- c:\program files\Windows Live 2011-07-17 14:34 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll 2011-07-17 14:34 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-07-17 14:33 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-07-17 14:33 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-07-17 14:33 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-07-17 14:33 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-07-17 14:32 . 2009-08-04 08:12 1103872 ----a-w- c:\windows\system32\webservices.dll 2011-07-17 14:32 . 2009-08-04 08:02 754688 ----a-w- c:\windows\SysWow64\webservices.dll 2011-07-17 14:30 . 2011-07-17 14:30 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15ea452a1cc448e06\bingbarsetup.exe 2011-07-17 14:30 . 2011-07-17 14:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\481a2ba1cc448e05\MeshBetaRemover.exe 2011-07-17 14:29 . 2011-07-17 14:29 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\DSETUP.dll 2011-07-17 14:29 . 2011-07-17 14:29 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\DXSETUP.exe 2011-07-17 14:29 . 2011-07-17 14:29 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\dsetup32.dll 2011-07-17 14:29 . 2011-07-17 14:29 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\DSETUP.dll 2011-07-17 14:29 . 2011-07-17 14:29 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\DXSETUP.exe 2011-07-17 14:29 . 2011-07-17 14:29 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\dsetup32.dll 2011-07-17 14:29 . 2011-07-25 06:55 -------- d-----w- c:\users\Wil\AppData\Local\Windows Live 2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\windows\SysWow64\spool 2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\program files\Windows Portable Devices 2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\program files (x86)\Windows Portable Devices 2011-07-17 14:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe 2011-07-17 14:14 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll 2011-07-17 14:13 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-07-17 14:13 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll 2011-07-17 14:13 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll 2011-07-17 14:13 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-07-17 14:13 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll 2011-07-17 14:13 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll 2011-07-17 14:13 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys 2011-07-17 14:13 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2011-07-17 13:50 . 2011-07-17 13:51 -------- d-----w- c:\program files (x86)\Windows Mail 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\ca-ES 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\eu-ES 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\vi-VN 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\ca-ES 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\eu-ES 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\vi-VN 2011-07-17 13:45 . 2011-07-17 13:45 -------- d-----w- c:\windows\system32\SPReview 2011-07-17 13:32 . 2009-04-10 22:11 946688 ----a-w- c:\windows\system32\scavenge.dll 2011-07-17 13:32 . 2009-04-10 22:10 56320 ----a-w- c:\windows\system32\compcln.exe 2011-07-17 13:31 . 2009-04-28 11:14 3584 ----a-w- c:\windows\system32\drivers\nl-NL\hdaudbus.sys.mui 2011-07-17 13:31 . 2009-04-28 11:12 8704 ----a-w- c:\windows\system32\drivers\nl-NL\bthport.sys.mui 2011-07-17 13:27 . 2009-04-10 22:15 73176 ----a-w- c:\windows\system32\drivers\partmgr.sys 2011-07-17 13:26 . 2009-04-10 22:15 164328 ----a-w- c:\windows\system32\drivers\Storport.sys 2011-07-17 13:23 . 2011-07-17 13:23 -------- d-----w- c:\windows\system32\EventProviders 2011-07-17 12:19 . 2011-07-17 12:53 -------- d-----w- c:\users\Wil\AppData\Roaming\GetRightToGo 2011-07-17 12:12 . 2011-07-23 14:56 -------- d-sh--w- c:\windows\Installer 2011-07-16 21:32 . 2011-07-16 21:32 -------- d-----w- c:\users\Wil\AppData\Roaming\AnvSoft 2011-07-16 21:18 . 2011-07-16 21:18 -------- d-----w- c:\program files (x86)\OJOsoft 2011-07-16 21:07 . 2011-07-16 21:07 -------- d-----w- c:\program files (x86)\Common Files\Common Share 2011-07-16 21:07 . 2008-12-18 11:38 719872 ----a-w- c:\windows\SysWow64\devil.dll 2011-07-16 21:07 . 2009-09-27 07:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll 2011-07-15 04:29 . 2011-07-15 04:29 -------- d-----w- c:\windows\Installer orig in H gezet 2011-07-14 18:44 . 2011-07-14 18:44 -------- d-----r- C:\Sandbox 2011-07-13 10:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll 2011-07-13 10:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-13 10:52 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys 2011-07-12 15:09 . 2011-07-12 15:09 -------- d-----w- c:\program files\Soluto 2011-07-09 17:18 . 2008-12-18 11:38 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-07-09 17:18 . 2008-12-18 11:38 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-07-09 17:18 . 2008-12-18 11:38 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2011-07-09 08:37 . 2011-07-09 08:37 -------- d-----w- c:\programdata\FirmTools 2011-07-09 07:53 . 2011-07-09 08:16 -------- d-----w- c:\users\Wil\AppData\Roaming\calibre 2011-07-09 07:52 . 2011-07-09 07:52 -------- d-----w- c:\program files (x86)\Calibre2 2011-07-09 07:44 . 2003-06-05 15:15 57436 ----a-w- c:\windows\DASShp.dll 2011-07-09 07:44 . 2003-05-22 22:15 217174 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ClearType\ctras.dll 2011-07-09 07:44 . 2000-10-05 13:55 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-07-09 07:44 . 2000-10-05 13:55 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2011-07-09 07:44 . 2000-10-05 13:50 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-07-09 07:44 . 2000-10-05 13:49 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-07-09 07:44 . 2000-10-05 06:01 602244 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-07-08 20:05 . 2011-07-08 20:06 -------- d-----w- c:\users\Wil\AppData\Roaming\MovieSpot 2011-07-08 08:53 . 2009-06-30 08:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys 2011-07-08 08:53 . 2011-07-08 08:53 -------- d-----w- c:\program files (x86)\Panda Security 2011-07-08 08:00 . 2011-07-08 08:00 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-07-08 08:00 . 2011-07-08 08:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-07-08 07:59 . 2011-07-08 07:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2011-07-08 07:56 . 2011-07-08 08:00 -------- d-----w- c:\programdata\SpotGrit 2011-07-07 16:05 . 2011-07-07 16:05 8 ----a-w- c:\users\Wil\AppData\Roaming\rat.exe 2011-07-07 06:41 . 2011-07-07 06:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-07-05 11:30 . 2011-07-05 11:30 -------- d-----w- c:\programdata\TERMINAL Studio 2011-07-04 10:39 . 2011-07-04 10:39 -------- d-----w- c:\users\Wil\AppData\Roaming\GlarySoft 2011-07-04 08:55 . 2004-07-09 07:43 226304 ----a-w- c:\windows\system32\TwnLib4.dll 2011-07-04 08:55 . 2003-03-18 21:14 303616 ----a-w- c:\windows\system32\msvcp71.dll 2011-07-04 08:55 . 2003-03-18 19:12 451584 ----a-w- c:\windows\system32\mfc71u.dll 2011-07-04 08:55 . 2003-02-21 03:42 165888 ----a-w- c:\windows\system32\msvcr71.dll 2011-07-04 08:55 . 2004-07-26 15:16 928768 ----a-w- c:\windows\system32\imagX7.dll 2011-07-04 08:55 . 2004-07-26 15:16 476320 ----a-w- c:\windows\system32\imagXpr7.dll 2011-07-04 08:55 . 2004-07-26 15:16 364032 ----a-w- c:\windows\system32\imagXRA7.dll 2011-07-04 08:55 . 2004-07-26 15:16 224256 ----a-w- c:\windows\system32\imagXR7.dll 2011-07-04 08:55 . 2003-03-19 05:20 454144 ----a-w- c:\windows\system32\mfc71.dll 2011-07-02 19:18 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll 2011-07-02 19:18 . 2004-12-02 16:11 315392 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll 2011-07-02 19:18 . 2004-05-20 13:24 196608 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll 2011-07-02 19:02 . 2011-07-02 19:03 -------- d-----w- c:\users\Wil\AppData\Roaming\MP3 Quality Modifier . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-17 14:35 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-07 06:34 . 2011-05-22 19:03 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2011-06-30 06:41 . 2011-05-23 19:57 319488 ----a-w- c:\windows\HideWin.exe 2011-06-30 06:12 . 2009-02-07 02:17 525792 ----a-w- c:\windows\DIFxAPI.dll 2011-06-25 10:25 . 2011-05-20 17:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-05-24 17:14 . 2010-11-28 09:12 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-13 14:03 . 2011-05-13 14:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2011-05-13 13:42 . 2011-05-13 13:42 302448 ----a-w- c:\windows\WLXPGSS.SCR 2011-05-04 02:52 . 2011-01-07 13:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-02 17:16 . 2011-06-15 07:32 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-05-02 17:13 . 2011-06-15 07:32 975360 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 13:41 . 2011-06-15 07:32 176128 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 13:40 . 2011-06-15 07:32 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-29 13:39 . 2011-06-15 07:32 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-29 13:39 . 2011-06-15 07:32 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-29 13:39 . 2011-06-15 07:32 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-07-24_11.08.46 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-24 20:48 . 2011-07-25 10:26 19672 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3516149696-3862806164-1056994232-1000_UserData.bin - 2010-10-24 20:43 . 2011-07-24 10:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-24 20:43 . 2011-07-25 06:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-24 20:43 . 2011-07-25 06:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-10-24 20:43 . 2011-07-24 10:29 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-10-24 20:43 . 2011-07-24 10:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-10-24 20:43 . 2011-07-25 06:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2006-11-02 12:40 . 2011-07-25 04:40 51200 c:\windows\inf\infpub.dat - 2006-11-02 12:40 . 2011-07-17 14:22 51200 c:\windows\inf\infpub.dat + 2008-01-21 02:23 . 2011-07-25 04:35 113242 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2006-11-02 15:45 . 2011-07-25 10:26 127502 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-01-21 08:09 . 2011-07-24 10:43 770668 c:\windows\system32\perfh013.dat + 2008-01-21 08:09 . 2011-07-25 04:43 770668 c:\windows\system32\perfh013.dat + 2006-11-02 12:46 . 2011-07-25 04:43 677268 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2011-07-24 10:43 677268 c:\windows\system32\perfh009.dat - 2008-01-21 08:09 . 2011-07-24 10:43 172824 c:\windows\system32\perfc013.dat + 2008-01-21 08:09 . 2011-07-25 04:43 172824 c:\windows\system32\perfc013.dat + 2006-11-02 12:46 . 2011-07-25 04:43 137012 c:\windows\system32\perfc009.dat - 2006-11-02 12:46 . 2011-07-24 10:43 137012 c:\windows\system32\perfc009.dat + 2011-02-15 11:45 . 2011-07-25 10:21 491832 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat - 2011-02-15 11:45 . 2011-07-24 10:35 491832 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat - 2011-07-17 14:45 . 2011-07-24 10:35 474808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-07-17 14:45 . 2011-07-25 10:21 474808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-07-23 12:34 . 2011-07-23 12:34 809552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3516149696-3862806164-1056994232-500-12288.dat + 2011-07-23 12:34 . 2011-07-24 12:56 809552 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3516149696-3862806164-1056994232-500-12288.dat - 2006-11-02 12:40 . 2011-07-17 14:22 143360 c:\windows\inf\infstrng.dat + 2006-11-02 12:40 . 2011-07-25 04:40 143360 c:\windows\inf\infstrng.dat + 2006-11-02 12:40 . 2011-07-25 04:40 143360 c:\windows\inf\infstor.dat - 2006-11-02 12:40 . 2011-07-17 14:22 143360 c:\windows\inf\infstor.dat + 2011-02-15 11:45 . 2011-07-25 10:21 1234953 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-3516149696-3862806164-1056994232-1000-8192.dat - 2011-02-15 11:45 . 2011-07-24 10:35 1234953 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-3516149696-3862806164-1056994232-1000-8192.dat + 2011-07-17 14:45 . 2011-07-25 10:21 1085580 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3516149696-3862806164-1056994232-1000-8192.dat - 2011-06-02 14:55 . 2011-07-24 10:35 10136392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-06-02 14:55 . 2011-07-25 10:21 10136392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-24 68856] "VistaStartMenu"="c:\program files (x86)\Vista Start Menu\VistaStartMenu.exe" [2008-04-26 2670296] "RoboForm"="e:\program files (x86)\Roboform gegevens\RoboTaskBarIcon.exe" [2011-02-06 107000] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "SandboxieControl"="i:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432] "TomTomHOME.exe"="e:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] "Network Drive Mapping Utility"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384] "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112] "RemoteControl"="e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe" [2007-03-14 54832] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 135664] R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] R3 ALSysIO;ALSysIO;i:\temp\ALSysIO64.sys [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x] R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776] R3 esihdrv;esihdrv;i:\temp\esihdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 135664] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] R3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] R3 PAC207;Trust Webcam Live;c:\windows\system32\DRIVERS\PFC027.SYS [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-29 28032] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 VD_FileDisk;VD_FileDisk; [x] S2 acthelper;Ashampoo CoreTuner Helper Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2010-02-15 902488] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-10-25 2475952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-13 24576] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352] S2 TomTomHOMEService;TomTomHOMEService;e:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2011-07-25 c:\windows\Tasks\AutoSmartDefrag.job - e:\program files (x86)\IObit SmartDefrag\IObit SmartDefrag.exe [2011-04-12 17:08] . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 08:08] . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 08:08] . 2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516149696-3862806164-1056994232-1000Core.job - c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 08:13] . 2011-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516149696-3862806164-1056994232-1000UA.job - c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 08:13] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF23172.cfxxe" [X] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2692008] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2009-08-11 319488] "EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2009-08-11 323584] "Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376] "eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304] "Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304] "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264] "Skytel"="Skytel.exe" [bU] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ig?brand=ACAW&bmod=ACEU mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=1010&m=aspire_m7720 mLocal Page = %SystemRoot%\system32\blank.htm IE: Formulieren opslaan - file://e:\program files (x86)\Roboform gegevens\RoboFormComSavePass.html IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Wil\AppData\Roaming\Mozilla\Firefox\Profiles\hkipwinx.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - h:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG12.00.00.01PROFESSIONAL"="55BFD9D9AF33430ABFE97A81D71A337A8F5842EBE267943ADAB0864644CD1C41F72B73813215D6C80F544BAD199B902781E065DAF2FAFEBB9D0F8D91DCABC3F3231AAA5D85C3C05495BA36DBE73D3218663C0569DC532561619EE155716D33F5F845F3A79698148D54BF75F71F8F83323A17425607FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D1407A6A0AC4980AC7933108C02E5AD7ADB82045EB23F1EE1F55BDEBE0B8826196CFACB74C6CA641AD6AE46ED7E8E49773FECA1A0063FE86E131D243CD6E1DD3790B82EA51099B833D3387BCE86F886616CCCE650622A6228FDEECB5DCEE296F07FB76804B526CE0CFA13DE3E8F5CDDEA67B53E50C1B30C290E6F997A0F5B7C648043B6FA94FE9D67A1D5485CD5A3AD9CB82B3416DF454CDC1A31F27FF4D09D045D9A790C4B67FA5CA310AD5FDA6EB6536DA9FAAD3F7A6E84033C64EA23FE6F1566F2B2493C552554E1C2AD10E2911E3C969E69B3A4242135278A1B4F7DD048B06DF30B5C1073BB0F3FE089CA7413EE5D486BF75C1946F4D7EE8B6BD531E8E245C83950033021429F2355A302DB2F948E9BE546EAE89A6128C222CB38AA9DDF9452D36F0A4D6F23ECF9FB083CABD5E079AD58943CA78CC1B88FA557469B77C1346B46FED8D825A9B032A7E10FB5A90B9F9D804A3EA73D52EB48E04C637BB3F00E738935660C3D86FA419B822B1282A9D410126FF18481387CE2140E0684C3B760D38A6DBEE0E64DAC9C11DE511E6C3CC02F3234EE98E0F6755770233B34CEC53CF5A72A829683777EC1358FD4F8A6A25EA779E8DF0898FA3AA49DB6A0CCAC2F87C7350D66B02BE17AAF2AD1A00824A4FDA8770480B61992FCCB3697E9D36C6B7CBC7BDE3275A6CAFEE98306B1F28D69C2E7AD9FA54C076EC8D24AB8DE944D54A84C370B41F0F4D73F784BB219253DFEA51D13F83538BAA678C35CB0D91DC62A6DEF972286714891C266FD7EFBCFC256728610F128ABC0B5BCAB643CCB3F829180264157830B88E4E2448C37156663C5C7E283918D99D8F81C1BCA37B5115C106C73CB0352154F21CE24DBCE2F21938699783F80083D79B3EDAA71A7B0EB67920F5B43A01EA9EA7B8A9F4658ADFC02B631100A0ECD92498BE0F02AB1676E69E699EB27D127285E8C6BD1178E84390DD5A8741D2AA75B260BF20E3B2299FC594292B1EC5743B460CE1C59104C3D59C74A70F7A6EBF51D1F21FAA0616619BAE7BAD13F7B9BD8B45A259CD9E59476A6795D4C6E490E2B20F9A020524B134F1374CB072CAE2AE4D56BD2BF7D420BDFAD1EBCD2B01A6C4BF02FBEE0C91A5EB5B31655B393D7B1F704E6002A6C43793F3D66F9719B230B71636A950DB4E6A25C10151B2D92B908B675" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe c:\program files (x86)\Common Files\Nero\Lib\NMIndexingService.exe c:\windows\SysWOW64\IoctlSvc.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE e:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\SysWOW64\vmnat.exe c:\program files (x86)\VMware\VMware Player\vmware-authd.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\program files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ct.exe c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\northstar\smartcopy\smartcopy.exe c:\program files (x86)\northstar\smartlauncher\smartlauncher.exe . ************************************************************************** . Voltooingstijd: 2011-07-25 12:30:40 - machine werd herstart ComboFix-quarantined-files.txt 2011-07-25 10:30 . Pre-Run: 67.186.151.424 bytes beschikbaar Post-Run: 66.429.501.440 bytes beschikbaar . - - End Of File - - DEBF4DCC1FA4AA2CEB5C3021281D6153

ComboFix 11-07-23.04 - Wil 24-07-2011 12:54:44.1.8 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.6134.3941 [GMT 2:00] Gestart vanuit: c:\users\Wil\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe c:\users\Wil\AppData\Roaming\chrtmp c:\users\Wil\AppData\Roaming\inst.exe c:\users\Wil\AppData\Roaming\Local c:\users\Wil\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr c:\users\Wil\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx c:\users\Wil\AppData\Roaming\QUAD Backups c:\users\Wil\AppData\Roaming\Secure-Soft Stealer c:\users\Wil\Documents\cc_20110704_122740.reg c:\users\Wil\Documents\Readiris.DUS c:\windows\Downloaded Program Files\tgctlsr.dll c:\windows\security\Database\tmp.edb c:\windows\XSxS . . (((((((((((((((((((( Bestanden Gemaakt van 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))) . . 2011-07-23 17:36 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-23 17:36 . 2011-07-23 17:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-07-23 17:36 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-23 14:56 . 2011-07-23 14:56 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} 2011-07-23 14:42 . 2011-07-23 14:42 -------- d-----w- c:\users\Wil\AppData\Roaming\TuneUp Software 2011-07-23 13:18 . 2011-07-23 13:18 388096 ----a-r- c:\users\Wil\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Administrator\AppData\Local\Ahead 2011-07-23 12:16 . 2011-07-23 12:20 -------- d-----w- c:\users\Administrator\AppData\Roaming\Vista Start Menu 2011-07-23 12:16 . 2011-07-23 12:16 -------- d-----w- c:\users\Administrator\AppData\Roaming\Codessentials 2011-07-21 21:07 . 2011-07-21 21:07 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2011-07-21 20:56 . 2011-07-21 20:56 -------- d-----w- C:\Rbackup 2011-07-21 20:27 . 2011-07-21 20:28 -------- d-----w- c:\program files\CCleaner 2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\users\Wil\AppData\Roaming\Big Fish Games 2011-07-21 11:47 . 2011-07-21 11:47 -------- d-----w- c:\programdata\Spotnet origineel 2011-07-21 06:59 . 2011-07-21 06:59 -------- d-----w- c:\users\Wil\AppData\Roaming\Media Player Classic 2011-07-20 14:39 . 2011-07-20 14:39 -------- d-----w- c:\users\Wil\AppData\Roaming\CattaleGames 2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\programdata\TomTom 2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\users\Wil\AppData\Roaming\TomTom 2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\users\Wil\AppData\Local\TomTom 2011-07-19 12:31 . 2011-07-19 12:31 -------- d-----w- c:\program files (x86)\TomTom International B.V 2011-07-19 11:21 . 2005-07-14 10:31 32256 ----a-w- c:\windows\SysWow64\AVSredirect.dll 2011-07-19 11:21 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\yv12vfw.dll 2011-07-19 11:21 . 2004-01-24 22:00 70656 ----a-w- c:\windows\SysWow64\i420vfw.dll 2011-07-17 14:42 . 2011-07-17 14:42 -------- d-----w- c:\windows\nl 2011-07-17 14:36 . 2011-05-13 13:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys 2011-07-17 14:36 . 2011-07-17 14:43 -------- d-----w- c:\program files (x86)\Windows Live 2011-07-17 14:35 . 2011-07-17 14:36 -------- d-----w- c:\program files\Windows Live 2011-07-17 14:34 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll 2011-07-17 14:34 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2011-07-17 14:33 . 2009-09-04 15:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll 2011-07-17 14:33 . 2009-09-04 15:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll 2011-07-17 14:33 . 2009-09-04 15:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll 2011-07-17 14:33 . 2009-09-04 15:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll 2011-07-17 14:32 . 2009-08-04 08:12 1103872 ----a-w- c:\windows\system32\webservices.dll 2011-07-17 14:32 . 2009-08-04 08:02 754688 ----a-w- c:\windows\SysWow64\webservices.dll 2011-07-17 14:30 . 2011-07-17 14:30 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\15ea452a1cc448e06\bingbarsetup.exe 2011-07-17 14:30 . 2011-07-17 14:30 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\481a2ba1cc448e05\MeshBetaRemover.exe 2011-07-17 14:29 . 2011-07-17 14:29 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\DSETUP.dll 2011-07-17 14:29 . 2011-07-17 14:29 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\DXSETUP.exe 2011-07-17 14:29 . 2011-07-17 14:29 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\19e7ffa1cc448e04\dsetup32.dll 2011-07-17 14:29 . 2011-07-17 14:29 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\DSETUP.dll 2011-07-17 14:29 . 2011-07-17 14:29 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\DXSETUP.exe 2011-07-17 14:29 . 2011-07-17 14:29 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\fde855ca1cc448d03\dsetup32.dll 2011-07-17 14:29 . 2011-07-21 03:57 -------- d-----w- c:\users\Wil\AppData\Local\Windows Live 2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\windows\SysWow64\spool 2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\program files\Windows Portable Devices 2011-07-17 14:22 . 2011-07-17 14:22 -------- d-----w- c:\program files (x86)\Windows Portable Devices 2011-07-17 14:17 . 2009-10-01 01:02 30208 ----a-w- c:\windows\SysWow64\WPDShextAutoplay.exe 2011-07-17 14:14 . 2009-09-10 02:07 3815424 ----a-w- c:\windows\system32\UIRibbon.dll 2011-07-17 14:13 . 2011-02-22 14:47 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-07-17 14:13 . 2011-02-22 13:53 1555968 ----a-w- c:\windows\system32\DWrite.dll 2011-07-17 14:13 . 2011-02-22 13:53 1149440 ----a-w- c:\windows\system32\FntCache.dll 2011-07-17 14:13 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-07-17 14:13 . 2010-05-04 19:40 316928 ----a-w- c:\windows\system32\msshsq.dll 2011-07-17 14:13 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll 2011-07-17 14:13 . 2011-04-21 14:17 695296 ----a-w- c:\windows\system32\drivers\bthport.sys 2011-07-17 14:13 . 2009-06-17 10:37 35328 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS 2011-07-17 13:50 . 2011-07-17 13:51 -------- d-----w- c:\program files (x86)\Windows Mail 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\ca-ES 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\eu-ES 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\SysWow64\vi-VN 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\ca-ES 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\eu-ES 2011-07-17 13:50 . 2011-07-17 13:50 -------- d-----w- c:\windows\system32\vi-VN 2011-07-17 13:45 . 2011-07-17 13:45 -------- d-----w- c:\windows\system32\SPReview 2011-07-17 13:32 . 2009-04-10 22:11 946688 ----a-w- c:\windows\system32\scavenge.dll 2011-07-17 13:32 . 2009-04-10 22:10 56320 ----a-w- c:\windows\system32\compcln.exe 2011-07-17 13:31 . 2009-04-28 11:14 3584 ----a-w- c:\windows\system32\drivers\nl-NL\hdaudbus.sys.mui 2011-07-17 13:31 . 2009-04-28 11:12 8704 ----a-w- c:\windows\system32\drivers\nl-NL\bthport.sys.mui 2011-07-17 13:27 . 2009-04-10 22:15 73176 ----a-w- c:\windows\system32\drivers\partmgr.sys 2011-07-17 13:26 . 2009-04-10 22:15 164328 ----a-w- c:\windows\system32\drivers\Storport.sys 2011-07-17 13:23 . 2011-07-17 13:23 -------- d-----w- c:\windows\system32\EventProviders 2011-07-17 12:19 . 2011-07-17 12:53 -------- d-----w- c:\users\Wil\AppData\Roaming\GetRightToGo 2011-07-17 12:12 . 2011-07-23 14:56 -------- d-sh--w- c:\windows\Installer 2011-07-16 21:32 . 2011-07-16 21:32 -------- d-----w- c:\users\Wil\AppData\Roaming\AnvSoft 2011-07-16 21:18 . 2011-07-16 21:18 -------- d-----w- c:\program files (x86)\OJOsoft 2011-07-16 21:07 . 2011-07-16 21:07 -------- d-----w- c:\program files (x86)\Common Files\Common Share 2011-07-16 21:07 . 2008-12-18 11:38 719872 ----a-w- c:\windows\SysWow64\devil.dll 2011-07-16 21:07 . 2009-09-27 07:39 369152 ----a-w- c:\windows\SysWow64\avisynth.dll 2011-07-15 04:29 . 2011-07-15 04:29 -------- d-----w- c:\windows\Installer orig in H gezet 2011-07-14 18:44 . 2011-07-14 18:44 -------- d-----r- C:\Sandbox 2011-07-13 10:52 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll 2011-07-13 10:52 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-13 10:52 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys 2011-07-12 15:09 . 2011-07-12 15:09 -------- d-----w- c:\program files\Soluto 2011-07-09 17:18 . 2008-12-18 11:38 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2011-07-09 17:18 . 2008-12-18 11:38 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2011-07-09 17:18 . 2008-12-18 11:38 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2011-07-09 08:37 . 2011-07-09 08:37 -------- d-----w- c:\programdata\FirmTools 2011-07-09 07:53 . 2011-07-09 08:16 -------- d-----w- c:\users\Wil\AppData\Roaming\calibre 2011-07-09 07:52 . 2011-07-09 07:52 -------- d-----w- c:\program files (x86)\Calibre2 2011-07-09 07:44 . 2003-06-05 15:15 57436 ----a-w- c:\windows\DASShp.dll 2011-07-09 07:44 . 2003-05-22 22:15 217174 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ClearType\ctras.dll 2011-07-09 07:44 . 2000-10-05 13:55 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2011-07-09 07:44 . 2000-10-05 13:55 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll 2011-07-09 07:44 . 2000-10-05 13:50 221184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2011-07-09 07:44 . 2000-10-05 13:49 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2011-07-09 07:44 . 2000-10-05 06:01 602244 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2011-07-08 20:05 . 2011-07-08 20:06 -------- d-----w- c:\users\Wil\AppData\Roaming\MovieSpot 2011-07-08 08:53 . 2009-06-30 08:37 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys 2011-07-08 08:53 . 2011-07-08 08:53 -------- d-----w- c:\program files (x86)\Panda Security 2011-07-08 08:00 . 2011-07-08 08:00 -------- d-----w- c:\program files\Microsoft Synchronization Services 2011-07-08 08:00 . 2011-07-08 08:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2011-07-08 07:59 . 2011-07-08 07:59 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2011-07-08 07:56 . 2011-07-08 08:00 -------- d-----w- c:\programdata\SpotGrit 2011-07-07 16:05 . 2011-07-07 16:05 8 ----a-w- c:\users\Wil\AppData\Roaming\rat.exe 2011-07-07 06:41 . 2011-07-07 06:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2011-07-05 11:30 . 2011-07-05 11:30 -------- d-----w- c:\programdata\TERMINAL Studio 2011-07-04 10:39 . 2011-07-04 10:39 -------- d-----w- c:\users\Wil\AppData\Roaming\GlarySoft 2011-07-04 08:55 . 2004-07-09 07:43 226304 ----a-w- c:\windows\system32\TwnLib4.dll 2011-07-04 08:55 . 2003-03-18 21:14 303616 ----a-w- c:\windows\system32\msvcp71.dll 2011-07-04 08:55 . 2003-03-18 19:12 451584 ----a-w- c:\windows\system32\mfc71u.dll 2011-07-04 08:55 . 2003-02-21 03:42 165888 ----a-w- c:\windows\system32\msvcr71.dll 2011-07-04 08:55 . 2004-07-26 15:16 928768 ----a-w- c:\windows\system32\imagX7.dll 2011-07-04 08:55 . 2004-07-26 15:16 476320 ----a-w- c:\windows\system32\imagXpr7.dll 2011-07-04 08:55 . 2004-07-26 15:16 364032 ----a-w- c:\windows\system32\imagXRA7.dll 2011-07-04 08:55 . 2004-07-26 15:16 224256 ----a-w- c:\windows\system32\imagXR7.dll 2011-07-04 08:55 . 2003-03-19 05:20 454144 ----a-w- c:\windows\system32\mfc71.dll 2011-07-03 04:36 . 2011-07-03 04:36 59839 --sh--w- c:\windows\dtmn.exe 2011-07-03 04:36 . 2011-07-03 04:36 66046 --sh--w- c:\windows\kdhr.exe 2011-07-02 19:18 . 2004-12-02 16:20 1843200 ----a-w- c:\windows\SysWow64\NCTAudioFile2.dll 2011-07-02 19:18 . 2004-12-02 16:11 315392 ----a-w- c:\windows\SysWow64\NCTAudioPlayer2.dll 2011-07-02 19:18 . 2004-05-20 13:24 196608 ----a-w- c:\windows\SysWow64\NCTWMAFile2.dll 2011-07-02 19:02 . 2011-07-02 19:03 -------- d-----w- c:\users\Wil\AppData\Roaming\MP3 Quality Modifier 2011-07-02 13:48 . 2011-07-02 13:48 -------- d-----w- C:\iSiteLogs . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-17 14:35 . 2011-03-28 16:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-07 06:34 . 2011-05-22 19:03 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2011-06-30 06:41 . 2011-05-23 19:57 319488 ----a-w- c:\windows\HideWin.exe 2011-06-30 06:12 . 2009-02-07 02:17 525792 ----a-w- c:\windows\DIFxAPI.dll 2011-06-25 10:25 . 2011-05-20 17:54 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-05-24 17:14 . 2010-11-28 09:12 270720 ------w- c:\windows\system32\MpSigStub.exe 2011-05-13 14:03 . 2011-05-13 14:03 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2011-05-13 13:42 . 2011-05-13 13:42 302448 ----a-w- c:\windows\WLXPGSS.SCR 2011-05-04 02:52 . 2011-01-07 13:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-05-02 17:16 . 2011-06-15 07:32 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-05-02 17:13 . 2011-06-15 07:32 975360 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 13:41 . 2011-06-15 07:32 176128 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 13:40 . 2011-06-15 07:32 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-29 13:39 . 2011-06-15 07:32 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-29 13:39 . 2011-06-15 07:32 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-29 13:39 . 2011-06-15 07:32 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:52 121392 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-24 68856] "VistaStartMenu"="c:\program files (x86)\Vista Start Menu\VistaStartMenu.exe" [2008-04-26 2670296] "RoboForm"="e:\program files (x86)\Roboform gegevens\RoboTaskBarIcon.exe" [2011-02-06 107000] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408] "Yadis"="c:\program files (x86)\codessentials\yadis\yadis.exe" [2011-01-14 1758208] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424] "SandboxieControl"="i:\program files\Sandboxie\SbieCtrl.exe" [2011-06-17 604432] "TomTomHOME.exe"="e:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384] "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112] "RemoteControl"="e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe" [2007-03-14 71216] "LanguageShortcut"="e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe" [2007-03-14 54832] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376] "NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352] "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-13 5075776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService] @="Service" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" . R0 rseb;rseb; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 135664] R3 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] R3 ALSysIO;ALSysIO;i:\temp\ALSysIO64.sys [x] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560] R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776] R3 esihdrv;esihdrv;i:\temp\esihdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 135664] R3 PAC207;Trust Webcam Live;c:\windows\system32\DRIVERS\PFC027.SYS [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [x] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 tdrpman255;Acronis Try&Decide and Restore Points filter (build 255);c:\windows\system32\DRIVERS\tdrpm255.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-29 28032] S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x] S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x] S1 VD_FileDisk;VD_FileDisk; [x] S2 acthelper;Ashampoo CoreTuner Helper Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2010-02-15 902488] S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-10-25 2475952] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-08-13 24576] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2011-07-07 376352] S2 TomTomHOMEService;TomTomHOMEService;e:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248] S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424] S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{BBE2A330-76AD-1E64-FF0C-BFCDE34B5E8A}] 2011-07-07 16:05 8 ----a-w- c:\users\Wil\AppData\Roaming\rat.exe . Inhoud van de 'Gedeelde Taken' map . 2011-07-24 c:\windows\Tasks\AutoSmartDefrag.job - e:\program files (x86)\IObit SmartDefrag\IObit SmartDefrag.exe [2011-04-12 17:08] . 2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 08:08] . 2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-25 08:08] . 2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516149696-3862806164-1056994232-1000Core.job - c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 08:13] . 2011-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3516149696-3862806164-1056994232-1000UA.job - c:\users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-30 08:13] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2008-07-29 16:53 50736 ----a-w- c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2692008] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2009-08-11 319488] "EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2009-08-11 323584] "Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376] "eDataSecurity Loader"="c:\program files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe" [2008-07-29 561200] "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304] "Acronis Scheduler2Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-13 357304] "RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ig?brand=ACAW&bmod=ACEU mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=1010&m=aspire_m7720 mLocal Page = %SystemRoot%\system32\blank.htm IE: Formulieren opslaan - file://e:\program files (x86)\Roboform gegevens\RoboFormComSavePass.html IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Wil\AppData\Roaming\Mozilla\Firefox\Profiles\hkipwinx.default\ FF - prefs.js: browser.search.selectedEngine - iMesh Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/ FF - prefs.js: keyword.URL - hxxp://search.imesh.com/web?src=ffb&systemid=1&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - h:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) Wow6432Node-HKCU-Run-Network Drive Mapping Utility - (no file) Wow6432Node-HKLM-Run-HDD Regenerator - c:\program files (x86)\HDD Regenerator\HDD Regenerator.exe Toolbar-10 - (no file) WebBrowser-{F4E6547E-325B-403C-A3BB-AD29ED37A92F} - (no file) WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{B80F591E-FE9A-46CF-A13E-180377240586} - (no file) HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe HKLM-Run-Skytel - Skytel.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\e:\program files (x86)\CyberLink\PowerDVD v7.3 ultra\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG12.00.00.01PROFESSIONAL"="55BFD9D9AF33430ABFE97A81D71A337A8F5842EBE267943ADAB0864644CD1C41F72B73813215D6C80F544BAD199B902781E065DAF2FAFEBB9D0F8D91DCABC3F3231AAA5D85C3C05495BA36DBE73D3218663C0569DC532561619EE155716D33F5F845F3A79698148D54BF75F71F8F83323A17425607FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA9C6AECB7A5D1407A6A0AC4980AC7933108C02E5AD7ADB82045EB23F1EE1F55BDEBE0B8826196CFACB74C6CA641AD6AE46ED7E8E49773FECA1A0063FE86E131D243CD6E1DD3790B82EA51099B833D3387BCE86F886616CCCE650622A6228FDEECB5DCEE296F07FB76804B526CE0CFA13DE3E8F5CDDEA67B53E50C1B30C290E6F997A0F5B7C648043B6FA94FE9D67A1D5485CD5A3AD9CB82B3416DF454CDC1A31F27FF4D09D045D9A790C4B67FA5CA310AD5FDA6EB6536DA9FAAD3F7A6E84033C64EA23FE6F1566F2B2493C552554E1C2AD10E2911E3C969E69B3A4242135278A1B4F7DD048B06DF30B5C1073BB0F3FE089CA7413EE5D486BF75C1946F4D7EE8B6BD531E8E245C83950033021429F2355A302DB2F948E9BE546EAE89A6128C222CB38AA9DDF9452D36F0A4D6F23ECF9FB083CABD5E079AD58943CA78CC1B88FA557469B77C1346B46FED8D825A9B032A7E10FB5A90B9F9D804A3EA73D52EB48E04C637BB3F00E738935660C3D86FA419B822B1282A9D410126FF18481387CE2140E0684C3B760D38A6DBEE0E64DAC9C11DE511E6C3CC02F3234EE98E0F6755770233B34CEC53CF5A72A829683777EC1358FD4F8A6A25EA779E8DF0898FA3AA49DB6A0CCAC2F87C7350D66B02BE17AAF2AD1A00824A4FDA8770480B61992FCCB3697E9D36C6B7CBC7BDE3275A6CAFEE98306B1F28D69C2E7AD9FA54C076EC8D24AB8DE944D54A84C370B41F0F4D73F784BB219253DFEA51D13F83538BAA678C35CB0D91DC62A6DEF972286714891C266FD7EFBCFC256728610F128ABC0B5BCAB643CCB3F829180264157830B88E4E2448C37156663C5C7E283918D99D8F81C1BCA37B5115C106C73CB0352154F21CE24DBCE2F21938699783F80083D79B3EDAA71A7B0EB67920F5B43A01EA9EA7B8A9F4658ADFC02B631100A0ECD92498BE0F02AB1676E69E699EB27D127285E8C6BD1178E84390DD5A8741D2AA75B260BF20E3B2299FC594292B1EC5743B460CE1C59104C3D59C74A70F7A6EBF51D1F21FAA0616619BAE7BAD13F7B9BD8B45A259CD9E59476A6795D4C6E490E2B20F9A020524B134F1374CB072CAE2AE4D56BD2BF7D420BDFAD1EBCD2B01A6C4BF02FBEE0C91A5EB5B31655B393D7B1F704E6002A6C43793F3D66F9719B230B71636A950DB4E6A25C10151B2D92B908B675" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2011-07-24 13:10:33 ComboFix-quarantined-files.txt 2011-07-24 11:10 . Pre-Run: 58.409.648.128 bytes beschikbaar Post-Run: 58.209.771.520 bytes beschikbaar . - - End Of File - - 2A86F8752CAB583F95720BCA2A1F5E45 ---------- Post toegevoegd om 14:18 ---------- Vorige post was om 14:17 ---------- hebnu ook iconcache hersteld. Vergroten 2X en verkleinen icons op bureaublad. Nog steeds geen result

Tot mijn grote spijt heeft dit wel wat snelheid opgeleverd maar de iconen blijven bedekt met het vierkantje. Helaas.

opgestart, in veilige modus en vandaar als administrator gestart. ---------- Post toegevoegd om 22:27 ---------- Vorige post was om 22:16 ---------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:27:18, on 23-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe E:\Program Files (x86)\IObit SmartDefrag\IObit SmartDefrag.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe E:\Program Files (x86)\Roboform gegevens\robotaskbaricon.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe E:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\VMware\VMware Player\hqtray.exe E:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\northstar\smartcopy\smartcopy.exe c:\program files (x86)\northstar\smartlauncher\smartlauncher.exe E:\Program Files (x86)\TC UP v5.2a\TC UP.exe E:\Program Files (x86)\TC UP v5.2a\totalcmd.exe C:\Program Files (x86)\Internet Explorer\IEUser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE H:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [RemoteControl] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Ashampoo Core Tuner] "C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" O4 - HKLM\..\Run: [HDD Regenerator] "C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [RoboForm] "E:\Program Files (x86)\Roboform gegevens\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Yadis] c:\program files (x86)\codessentials\yadis\yadis.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [sandboxieControl] "i:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "e:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Formulieren opslaan - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ashampoo CoreTuner Helper Service (acthelper) - Ashampoo Development GmbH & Co. KG - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - i:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: TomTomHOMEService - TomTom - e:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15667 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:50:15, on 23-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Safe mode Running processes: H:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wiki kijkert 8.0 O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [RemoteControl] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Ashampoo Core Tuner] "C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" O4 - HKLM\..\Run: [HDD Regenerator] "C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [RoboForm] "E:\Program Files (x86)\Roboform gegevens\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Yadis] c:\program files (x86)\codessentials\yadis\yadis.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [sandboxieControl] "i:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "e:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKLM\..\Policies\Explorer\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Formulieren opslaan - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O8 - Extra context menu item: Invul Formulieren - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan) - http://ax.emsisoft.com/emsisoft_webscan.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: WLControl.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ashampoo CoreTuner Helper Service (acthelper) - Ashampoo Development GmbH & Co. KG - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - i:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: TomTomHOMEService - TomTom - e:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16639 bytes

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:48:12, on 23-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe E:\Program Files (x86)\Roboform gegevens\robotaskbaricon.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe E:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\VMware\VMware Player\hqtray.exe E:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe C:\Program Files (x86)\Internet Explorer\ieuser.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe H:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wiki kijkert 8.0 O1 - Hosts: ::1 localhost #[iPv6] O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [RemoteControl] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Ashampoo Core Tuner] "C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" O4 - HKLM\..\Run: [HDD Regenerator] "C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [RoboForm] "E:\Program Files (x86)\Roboform gegevens\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Yadis] c:\program files (x86)\codessentials\yadis\yadis.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [sandboxieControl] "i:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "e:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKLM\..\Policies\Explorer\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe O8 - Extra context menu item: Formulieren opslaan - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O8 - Extra context menu item: Invul Formulieren - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan) - http://ax.emsisoft.com/emsisoft_webscan.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: WLControl.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ashampoo CoreTuner Helper Service (acthelper) - Ashampoo Development GmbH & Co. KG - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - i:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: TomTomHOMEService - TomTom - e:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 17743 bytes ------------------------------------------- Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Databaseversie: 7253 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 23-7-2011 19:41:03 mbam-log-2011-07-23 (19-41-03).txt Scantype: Snelle scan Objecten gescand: 191405 Verstreken tijd: 2 minuut/minuten, 41 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 3 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 8 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 (Adware.QUADRegClean) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: c:\Windows\System32\Patch.EXE (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully. c:\Windows\SysWOW64\Patch.EXE (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully. c:\Windows\pdwa.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\uhcd.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Windows\wtsx.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Wil\AppData\Roaming\secure-soft stealer\Update.exe (Trojan.P2P.Worm) -> Quarantined and deleted successfully. c:\Users\Wil\AppData\Roaming\cglogs.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Wil\AppData\Roaming\install\Svchost.exe (Backdoor.SpyNet) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:19:11, on 23-7-2011 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\PixArt\Pac207\Monitor.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe E:\Program Files (x86)\Roboform gegevens\robotaskbaricon.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe E:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\VMware\VMware Player\hqtray.exe E:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe c:\program files (x86)\northstar\smartcopy\smartcopy.exe c:\program files (x86)\northstar\smartlauncher\smartlauncher.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE E:\Program Files (x86)\TC UP v5.2a\TC UP.exe E:\Program Files (x86)\TC UP v5.2a\totalcmd.exe C:\Program Files (x86)\Internet Explorer\IEUser.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe H:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wiki kijkert 8.0 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {b80f591e-fe9a-46cf-a13e-180377240586} - (no file) O1 - Hosts: ::1 localhost O1 - Hosts: 204.9.178.11 typepad.com O1 - Hosts: 74.13.12.32 istockphoto.com O1 - Hosts: 208.914.0.38 yfrog.com O1 - Hosts: 123.125.5.22 126.com O1 - Hosts: 174.36.28.11 SlideShare.com O1 - Hosts: 213.238.60.19 xing.com O1 - Hosts: 59.16.98.139 seesaa.net O1 - Hosts: 184.72.23.170 hootsuite.com O1 - Hosts: 211.151.160.16 soku.com O1 - Hosts: 72.321.12.222 metacafe.com O1 - Hosts: 204.11.19.13 tribalfusion.com O1 - Hosts: 207.154.104.31 tripadvisor.com O1 - Hosts: 216.52.240.133 ustream.tv O1 - Hosts: 174.36.244.132 linkwithin.com O1 - Hosts: 121.67.23.61 scan.novirusthanks.org O1 - Hosts: 209.172.34.139 imagevenue.com O1 - Hosts: 91.206.212.220 booking.com O1 - Hosts: 118.69.21.6 vnexpress.net O1 - Hosts: 208.85.40.80 pandora.com O1 - Hosts: 194.16.21.157 softonic.com O1 - Hosts: 208.83.23.15 match.com O1 - Hosts: 202.57.69.84 nwt.com O1 - Hosts: 65.11.53.80 nttnavi.com O1 - Hosts: 72.51.41.235 nrk.no O1 - Hosts: 110.16.19.157 nozonedata.com O1 - Hosts: 76.16.3.21 nachtagenten.com O1 - Hosts: 195.82.240.124 musicmatch.com O1 - Hosts: 70.52.56.13 moscowtimes.com O1 - Hosts: 124.217.235.76 gsn.com O1 - Hosts: 61.178.63.198 mgd.com O1 - Hosts: 174.142.214.25 mediastorm.hu O1 - Hosts: 38.113.207.59 media-servers.com O1 - Hosts: 116.66.206.161 m5prod.com O1 - Hosts: 74.175.65.66 lupa.com O1 - Hosts: 207.20.66.53 liveintercom.com O1 - Hosts: 71.96.135.201 keenspace.com O1 - Hosts: 202.51.17.37 jetsoftware.com O1 - Hosts: 60.21.54.08 jamba.com O1 - Hosts: 222.161.3.13 ir.com O1 - Hosts: 200.24.22.70 investopedia.com O1 - Hosts: 202.149.24.216 choiceradio.com O1 - Hosts: 91.206.23.22 booking.com O1 - Hosts: 118.69.251.6 vnexpress.net O1 - Hosts: 141.76.5.18 chip.com O1 - Hosts: 128.06.192.15 redv.net O1 - Hosts: 194.42.170.124 cgi.com O1 - Hosts: 199.26.24.66 centcomm.com O1 - Hosts: 202.19.241.26 digitalnook.com O1 - Hosts: 60.251.19.134 domainfactory.com O1 - Hosts: 222.161.5.103 dvdfocomm.nu O1 - Hosts: 157.95.58.15 e-kolay.com O1 - Hosts: 85.29.213.15 eurosport.com O1 - Hosts: 189.104.19.61 f1cd.com O1 - Hosts: 125.162.912.234 free6.com O1 - Hosts: 80.81.19.20 cdsoftware.com O1 - Hosts: 85.29.23.115 adware-delete.com O1 - Hosts: 69.89.221.135 hbv.com O1 - Hosts: 92.48.210.39 protectorsuite.com O1 - Hosts: 128.31.3.16 howstuffworks.com O1 - Hosts: 85.249.23.17 hyena.com O1 - Hosts: 219.19.18.59 zinfo.com204.9.178.11 typepad.com O1 - Hosts: 74.13.12.32 istockphoto.com O1 - Hosts: 208.914.0.38 yfrog.com O1 - Hosts: 123.125.5.22 126.com O1 - Hosts: 174.36.28.11 SlideShare.com O1 - Hosts: 213.238.60.19 xing.com O1 - Hosts: 59.16.98.139 seesaa.net O1 - Hosts: 184.72.23.170 hootsuite.com O1 - Hosts: 211.151.160.16 soku.com O1 - Hosts: 72.321.12.222 metacafe.com O1 - Hosts: 204.11.19.13 tribalfusion.com O1 - Hosts: 207.154.104.31 tripadvisor.com O1 - Hosts: 216.52.240.133 ustream.tv O1 - Hosts: 174.36.244.132 linkwithin.com O1 - Hosts: 121.67.23.61 scan.novirusthanks.org O1 - Hosts: 209.172.34.139 imagevenue.com O1 - Hosts: 91.206.212.220 booking.com O1 - Hosts: 118.69.21.6 vnexpress.net O1 - Hosts: 208.85.40.80 pandora.com O1 - Hosts: 194.16.21.157 softonic.com O1 - Hosts: 208.83.23.15 match.com O1 - Hosts: 202.57.69.84 nwt.com O1 - Hosts: 65.11.53.80 nttnavi.com O1 - Hosts: 72.51.41.235 nrk.no O1 - Hosts: 110.16.19.157 nozonedata.com O1 - Hosts: 76.16.3.21 nachtagenten.com O1 - Hosts: 195.82.240.124 musicmatch.com O1 - Hosts: 70.52.56.13 moscowtimes.com O1 - Hosts: 124.217.235.76 gsn.com O1 - Hosts: 61.178.63.198 mgd.com O1 - Hosts: 174.142.214.25 mediastorm.hu O1 - Hosts: 38.113.207.59 media-servers.com O1 - Hosts: 116.66.206.161 m5prod.com O1 - Hosts: 74.175.65.66 lupa.com O1 - Hosts: 207.20.66.53 liveintercom.com O1 - Hosts: 71.96.135.201 keenspace.com O1 - Hosts: 202.51.17.37 jetsoftware.com O1 - Hosts: 60.21.54.08 jamba.com O1 - Hosts: 222.161.3.13 ir.com O1 - Hosts: 200.24.22.70 investopedia.com O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files (x86)\Roboform gegevens\roboform.dll O3 - Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - (no file) O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file) O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe" O4 - HKLM\..\Run: [RemoteControl] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "e:\Program Files (x86)\CyberLink\PowerDVD v7.3 ultra\Language\Language.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [switchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Ashampoo Core Tuner] "C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" O4 - HKLM\..\Run: [HDD Regenerator] "C:\Program Files (x86)\HDD Regenerator\HDD Regenerator.exe" O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files (x86)\Vista Start Menu\VistaStartMenu.exe" O4 - HKCU\..\Run: [RoboForm] "E:\Program Files (x86)\Roboform gegevens\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [HKCU] C:\Users\Wil\AppData\Roaming\install\Svchost.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [Google Update] "C:\Users\Wil\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Yadis] c:\program files (x86)\codessentials\yadis\yadis.exe O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe O4 - HKCU\..\Run: [sandboxieControl] "i:\Program Files\Sandboxie\SbieCtrl.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "e:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKLM\..\Policies\Explorer\Run: [Googler] C:\Users\Wil\AppData\Roaming\rat.exe O8 - Extra context menu item: Formulieren opslaan - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html O8 - Extra context menu item: Invul Formulieren - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O8 - Extra context menu item: Menu aanpassen - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RoboForm Werkbalk - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Invul Formulieren - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComFillForms.html O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files (x86)\Roboform gegevens\RoboFormComShowToolbar.html O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files (x86)\PDFill\DownloadPDF.exe O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (Emsisoft Web Malware Scan) - http://ax.emsisoft.com/emsisoft_webscan.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: WLControl.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Acronis Scheduler2Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ashampoo CoreTuner Helper Service (acthelper) - Ashampoo Development GmbH & Co. KG - C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - i:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - e:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: TomTomHOMEService - TomTom - e:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 21895 bytes

Hallo forum. Sinds kort is er op de plaats waar er een snelkoppeling staat deze bedekt. Op de plaats waar de foto hoort te zijn een wit vierkant te zien met gekleurde bolletje en vierkantje erin. (een soort enveloppe). Als ik op eigenschappen zie ik de originele foto. Klik dan op toepassen staat op het bureaublad weer die witte envelop er over heen. Zogezegd sinds kort maar ik weet niet welk programma hiervoor verantwoordelijk is geweest. Iemand een idee voor mij? De onderste is de originele de bovenste zo staat het op mijn bureaublad.