ceeszu
-
Items
12 -
Registratiedatum
-
Laatst bezocht
ceeszu's prestaties
-
Tot op heden meer dan 150 processen en zeker zo'n, even tellen, 92 rndll32.exe processen................. hier het log bestand: ComboFix 11-10-19.03 - Cees 19-10-2011 16:53:11.5.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2036 [GMT 2:00] Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Cees\Desktop\CFScript.txt AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\SysWow64\ConduitEngine.tmp" "c:\windows\Tasks\!PC Unleashed Registration3.job" "c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\SFT_Netherlands c:\program files (x86)\SFT_Netherlands\GottenAppsContextMenu.xml c:\program files (x86)\SFT_Netherlands\ldrtbSFT_.dll c:\program files (x86)\SFT_Netherlands\OtherAppsContextMenu.xml c:\program files (x86)\SFT_Netherlands\prxtbSFT_.dll c:\program files (x86)\SFT_Netherlands\SFT_NetherlandsToolbarHelper.exe c:\program files (x86)\SFT_Netherlands\SharedAppsContextMenu.xml c:\program files (x86)\SFT_Netherlands\tbSFT_.dll c:\program files (x86)\SFT_Netherlands\toolbar.cfg c:\program files (x86)\SFT_Netherlands\ToolbarContextMenu.xml c:\program files (x86)\SFT_Netherlands\uninstall.exe c:\programdata\PC Unleashed Online c:\users\Cees\AppData\Roaming\PC Unleashed Online c:\users\Cees\AppData\Roaming\PC Unleashed Online\PC Unleashed\Client.txt c:\users\Cees\AppData\Roaming\PC Unleashed Online\PC Unleashed\Server.txt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))) . . 2011-10-19 15:37 . 2011-10-19 15:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\offreg.dll 2011-10-19 15:32 . 2011-10-19 15:32 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-19 15:32 . 2011-10-19 15:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-18 07:11 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\mpengine.dll 2011-10-17 11:48 . 2011-10-17 16:53 -------- d-----w- C:\Aanvraag activiteiten TOP 2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro 2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack 2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files 2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp 2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue 2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer 2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer 2011-10-11 08:44 . 2011-10-19 16:43 -------- d-----w- c:\users\Cees\AppData\Local\Temp 2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org 2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed 2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software 2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics 2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll 2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM 2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM 2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail 2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly 2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter 2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure 2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1 2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA 2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-10-18_11.10.12 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-10-18 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-10-18 14:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-10-18 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-18 14:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-27 14:29 . 2011-10-18 16:14 84140 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-19 14:38 33942 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-27 20:39 . 2011-10-19 14:38 24704 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398009579-1224830499-2648912689-1000_UserData.bin + 2010-09-27 12:23 . 2011-10-18 17:25 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-27 12:23 . 2011-10-18 07:10 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-27 12:23 . 2011-10-18 17:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-27 12:23 . 2011-10-18 07:10 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-10-18 17:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-10-18 07:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-10-18 10:52 . 2011-10-18 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-19 15:35 . 2011-10-19 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-19 15:35 . 2011-10-19 15:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-10-18 10:52 . 2011-10-18 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 04:54 . 2011-10-18 10:52 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-10-18 14:41 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-27 19:29 . 2011-10-18 22:34 334272 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 09:16 . 2011-10-18 17:14 704504 c:\windows\system32\perfh013.dat + 2009-07-14 02:36 . 2011-10-18 17:14 618936 c:\windows\system32\perfh009.dat + 2009-07-14 09:16 . 2011-10-18 17:14 134626 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2011-10-18 17:14 107256 c:\windows\system32\perfc009.dat - 2010-09-28 07:08 . 2011-10-18 10:51 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-09-28 07:08 . 2011-10-19 15:33 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2011-10-19 15:33 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-10-18 10:51 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-09 09:45 . 2011-10-19 15:33 15723553 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398009579-1224830499-2648912689-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296] "SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072] R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328] R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x] R4 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152] R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848] S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-10-17 c:\windows\Tasks\!PC Unleashed Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-10-16 c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-10-19 c:\windows\Tasks\DriverScanner.job - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20] . 2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-18 c:\windows\Tasks\PTSchedule.job - c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02] . 2011-10-19 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29] . 2011-10-19 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23] . 2011-10-19 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\ FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMH&o=2420&locale=nl_NL&apn_uid=45c5971b-ca01-439c-8931-de6650852d1b&apn_ptnrs=^A31&apn_sauid=B2FE4502-421E-4AB8-BF1A-1D77593E86B4&apn_dtid=^YYYYYY^YY^NL&atb=sysid%3D1%3Aappid%3D315%3Auc76012506&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-SFT_Netherlands Toolbar - c:\program files (x86)\SFT_Netherlands\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2011-10-19 18:46:01 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-19 16:46 ComboFix2.txt 2011-10-18 16:15 ComboFix3.txt 2011-10-18 11:12 ComboFix4.txt 2011-10-17 15:26 ComboFix5.txt 2011-10-19 14:52 . Pre-Run: 673.828.417.536 bytes beschikbaar Post-Run: 673.471.614.976 bytes beschikbaar . Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 79E6ED36CB8410C8090C6B1139AA3BA3
-
inmiddels alweer 140 processen met daaronder weer veeeel rundll32.exe. PC underleashed verwijderd van het systeem en zoveel mogelijk andere programma's niet laten starten, maar wellicht moet ik alle non microsoft pakketten verwijderen???? Hier weer het bestand: ComboFix 11-10-18.02 - Cees 18-10-2011 17:22:42.4.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2175 [GMT 2:00] Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))) . . 2011-10-18 15:56 . 2011-10-18 15:56 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\offreg.dll 2011-10-18 15:52 . 2011-10-18 15:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-18 15:52 . 2011-10-18 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-18 07:11 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\mpengine.dll 2011-10-17 11:48 . 2011-10-17 16:53 -------- d-----w- C:\Aanvraag activiteiten TOP 2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\SFT_Netherlands 2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro 2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack 2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files 2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp 2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue 2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer 2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer 2011-10-11 08:44 . 2011-10-18 16:13 -------- d-----w- c:\users\Cees\AppData\Local\Temp 2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org 2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed 2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software 2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics 2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll 2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM 2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM 2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail 2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly 2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter 2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\PC Unleashed Online 2011-10-03 11:47 . 2011-10-18 14:33 -------- d-----w- c:\programdata\PC Unleashed Online 2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1 2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA 2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe . . ((((((((((((((((((((((((((((( SnapShot@2011-10-18_11.10.12 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-10-18 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-10-18 14:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-10-18 10:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-18 14:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-27 14:29 . 2011-10-18 15:03 83864 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-18 15:03 33942 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-27 20:39 . 2011-10-18 15:03 24672 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398009579-1224830499-2648912689-1000_UserData.bin + 2011-10-18 15:54 . 2011-10-18 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-18 10:52 . 2011-10-18 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-18 15:54 . 2011-10-18 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-10-18 10:52 . 2011-10-18 10:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2011-10-18 14:41 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-10-18 10:52 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-28 07:08 . 2011-10-18 15:52 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-09-28 07:08 . 2011-10-18 10:51 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 05:01 . 2011-10-18 15:52 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-10-18 10:51 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-09 09:45 . 2011-10-18 15:52 15563960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398009579-1224830499-2648912689-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296] "SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072] R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328] R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480] R4 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x] R4 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152] R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848] S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-10-17 c:\windows\Tasks\!PC Unleashed Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-10-16 c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-10-18 c:\windows\Tasks\DriverScanner.job - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20] . 2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-17 c:\windows\Tasks\PTSchedule.job - c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02] . 2011-10-18 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29] . 2011-10-18 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23] . 2011-10-18 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031769&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - SFT_Netherlands Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3031769&SearchSource=13 FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMH&o=2420&locale=nl_NL&apn_uid=45c5971b-ca01-439c-8931-de6650852d1b&apn_ptnrs=^A31&apn_sauid=B2FE4502-421E-4AB8-BF1A-1D77593E86B4&apn_dtid=^YYYYYY^YY^NL&atb=sysid%3D1%3Aappid%3D315%3Auc76012506&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2011-10-18 18:15:49 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-18 16:15 ComboFix2.txt 2011-10-18 11:12 ComboFix3.txt 2011-10-17 15:26 ComboFix4.txt 2011-10-17 09:02 . Pre-Run: 672.947.888.128 bytes beschikbaar Post-Run: 672.773.271.552 bytes beschikbaar . Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - E0B2FAF39A49866F7524F0AD32BF5524
-
Hier weer de Combofix van vanmorgen, zit toc ook nu weer aan 190 x Rundll32.exe. ComboFix 11-10-18.01 - Cees 18-10-2011 12:19:53.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.2072 [GMT 2:00] Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Cees\Desktop\CFScript.txt AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\programfiles\BEARSHARE\MediaBar\Datamngr\x64\IEBHO.dll" "c:\windows\system32\dlumd10.dll" "c:\windows\system32\dlumd11.dll" "c:\windows\system32\dlumd9.dll" "c:\windows\SysWow64\ConduitEngine.tmp" "c:\windows\Tasks\PC Unleashed Registration3.job" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ConduitEngine c:\program files (x86)\ConduitEngine\appContextMenu.xml c:\program files (x86)\ConduitEngine\ConduitEngin.dll c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe c:\program files (x86)\ConduitEngine\engineContextMenu.xml c:\program files (x86)\ConduitEngine\EngineSettings.json c:\program files (x86)\ConduitEngine\ldrConduitEngin.dll c:\program files (x86)\ConduitEngine\prxConduitEngin.dll c:\program files (x86)\ConduitEngine\toolbar.cfg c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll c:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll c:\programdata\PCDr\5830\Downloads\ca1d3e50-4692-4c3f-877c-4f9917ab37a5.dll c:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-18 to 2011-10-18 )))))))))))))))))))))))))))))) . . 2011-10-18 10:55 . 2011-10-18 10:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\offreg.dll 2011-10-18 10:51 . 2011-10-18 10:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-18 10:51 . 2011-10-18 10:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-18 07:11 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9FDB300A-AA53-46C3-8612-DE5AF5710DC7}\mpengine.dll 2011-10-17 11:48 . 2011-10-17 16:53 -------- d-----w- C:\Aanvraag activiteiten TOP 2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\SFT_Netherlands 2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro 2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack 2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files 2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp 2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue 2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer 2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer 2011-10-11 08:44 . 2011-10-18 11:10 -------- d-----w- c:\users\Cees\AppData\Local\Temp 2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org 2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed 2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software 2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics 2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll 2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM 2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM 2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail 2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly 2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter 2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\Common Files\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\programdata\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\PC Unleashed Online 2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1 2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA 2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296] "SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-02-16 112608] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480] R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072] R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328] R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848] S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-10-03 c:\windows\Tasks\!.job - c:\program files (x86)\Common Files\PC Unleashed Online\UUS3\Update3.exe [2011-09-06 18:27] . 2011-10-03 c:\windows\Tasks\!PC Unleashed Defrag.job - c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27] . 2011-10-17 c:\windows\Tasks\!PC Unleashed Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-10-03 c:\windows\Tasks\!PC Unleashed.job - c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27] . 2011-10-16 c:\windows\Tasks\!PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-10-18 c:\windows\Tasks\DriverScanner.job - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20] . 2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-18 c:\windows\Tasks\PC Unleashed Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-10-17 c:\windows\Tasks\PTSchedule.job - c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02] . 2011-10-18 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29] . 2011-10-18 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23] . 2011-10-18 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208] . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\ FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb68?u=92823106547538112 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Fighters\SPAMfighter\sfus.exe c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2011-10-18 13:12:34 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-18 11:12 ComboFix2.txt 2011-10-17 15:26 ComboFix3.txt 2011-10-17 09:02 . Pre-Run: 674.216.394.752 bytes beschikbaar Post-Run: 673.752.104.960 bytes beschikbaar . Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - EB39DB832310B4B8C8DC7121CF6ACBA5
-
Hai Kape, Wellicht is dat de oplossing. Hoe kan ik PC Unleashed en wellicht andere pakketten tijdelijk uitschakelen , dus niet mee laten doen in de opstart, kan het via de Systeemconfiguratie niet vinden. Cees
-
Hoi Kape, denk erover na, maar kan eigelijk niet bepalen. Heb 14 dagen terug wel PC UNleashes Suite aangeschaft, maar dat heb ik gedaan omdat ik toen ook al "last" had van heel veel Rundll32.exe processen. Ook Speedup my pc en wellicht ook nohg wel Performance Toolkit van PC tools.Was, ben een beetje "wanhopig" kan wel vanalles aanschaffen, maar langzaamaan krijg ik de indruk dat al die pakketten TOCH niet doen waar ze zeggen dat ze voor staan. mvgr Cees
-
Hai, het blijft teleurstellend, weer zo'n 190-200 processen en het overgrote deel dus rundll32.exe.Ik moet zeggen de strijdlustigheid van u kent geen grenzen, bravo. Hier dan weer de Combofix.txt, succes...... ComboFix 11-10-16.03 - Cees 17-10-2011 16:20:04.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.1484 [GMT 2:00] Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Cees\Desktop\CFScript.txt AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\SysWow64\ConduitEngine.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\8be34f6062bcac1fa9f472b1 c:\8be34f6062bcac1fa9f472b1\$shtdwn$.req c:\8be34f6062bcac1fa9f472b1\mrt.exe._p c:\8be34f6062bcac1fa9f472b1\mrtstub.exe c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA} c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\{1D0AB230-E7BC-41CB-A50C-F282273E897B} c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA} c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\48AD9CFF\2550D3FE\sfse_update.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\4C082224\2550D3FE\prep.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\4F68E0B0\2550D3FE\sfabook.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\53A1CE10\2550D3FE\uninstall.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\5866AD46\7F936AD3\FighterSuiteService.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\632C6714\7F936AD3\MsgSys.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\65AF38B5\2550D3FE\SFImport.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\6CBD2928\2550D3FE\lazymail.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\794E02E3\2550D3FE\sfsg.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_BG.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_CS.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_DA.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_DE.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_EL.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_EN.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_ES.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_FI.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_FR.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_HU.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_IT.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_JA.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_NL.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_NO.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_PL.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_PT.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_RU.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_SV.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_TH.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_TR.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_TW.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_VI.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\7D5481A\82E15348\Language_ZH.xml c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\add.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\addgrey.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\change.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\changegrey.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\checked.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\checked_off.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\delete.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\deletegrey.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\filter_blacklist.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\filter_language.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\filter_settings.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\filter_whitelist.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\import.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\importgrey.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\12A8F369\unchecked.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\am.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\br.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\cn.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\cz.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\de.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\dk.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\es.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\et.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\fi.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\fr.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\gb.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\gr.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\hu.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\il.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\it.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\jp.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\kr.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\nl.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\no.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\pl.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\pt.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\ru.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\sa.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\se.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\sy.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\th.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\Thumbs.db c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\tr.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\tw.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1601BAB5\vn.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_exchange.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_express.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_localexchange.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_move_express.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_move_mozilla.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_outlook.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\178AFE7C\clients_thunderbird.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\about.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\arrow.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\arrow_up.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\bg_gradient_stretch.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\bg_stretch.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\check.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\connect_server.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\download.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\error.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\feature.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\help.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\help.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\id_card.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\lightbox_pro.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\lightbox_trial.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\logo.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\pro.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\support.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\support.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_bg.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_ch.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_cs.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_da.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_de.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_el.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_en.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_es.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_fi.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_fr.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_it.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_ja.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_nl.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_no.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_pl.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_pt.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_ru.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_se.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_th.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_tw.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_buy_vi.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_pro_da.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\top_pro_en.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\topshadow.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\trial.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\unipb.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\unipb.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\1CD7C793\update.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\01.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\02.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\03.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\04.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\05.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\06.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\navbg.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\navbg_current.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\30FB3753\navbg_disable.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_connection.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_language.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_tabicon_general.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_tray.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\settings_update.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\38B9805F\Thumbs.db c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\Config.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\EmptyFolder.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\productkey.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\Recheck.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\TellFriend.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\toolbar.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\41E213B6\Unblock.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5AE03A8D\ext_01.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5AE03A8D\ext_02.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5AE03A8D\ext_03.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5AE03A8D\ext_04.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\5DB9F531\logo.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_community.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_details.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_pro.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_productkey.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_productkeyhistory.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_renew.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\account_tabicon_licensesettings.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\80AFFD47\buyfullversion.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\btn_buy_now.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\btn_buy_now_down.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\legend_overview_01.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\legend_overview_01_active.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\overview_status.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_blocked.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_blocked_by_user.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_processed.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_spam_ratio.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\statistics_time_saved.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\tip_overview.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\tip_overview.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\valid_check.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\8A6B6CF1\valid_expired.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\B18E0ACD\arrow.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\B18E0ACD\congrats.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\B18E0ACD\logo.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\B18E0ACD\microsoft.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\about_lightbox.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\account.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\account.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\bwl.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\bwl.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\clients.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\filter.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\filter.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\framework.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\global.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\layout.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\msg_lightbox.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\msg_lightbox_single_btn.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\outlook.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\outlook.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\overview.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\overview.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\settings.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\settings.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\showmsg.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\showmsg.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\splash.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\splash.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\trial_lightbox.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\update_lightbox.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\waiting.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\whitelist.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8277B240\E163B30F\whitelist.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\8851A40E\2550D3FE\core.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_01.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_01s.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_02.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_02s.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_03.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_03s.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_04.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_04s.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_05.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\ext_05s.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\programlist.css c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\programlist.html c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\A868BE47\48E26F98\smallarrow.png c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\B795D5F\2550D3FE\spamcfg.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\BE7ED5EA\7F936AD3\FighterLauncher.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\C9979B15\2550D3FE\sfhtml.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\d_\temp\builds\5\Sources\INSTAL~1\Input\Binaries\sfus.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\D0140EE4\2550D3FE\sfagent.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\D1D102C4\2550D3FE\SPAMfighterCfg.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\DCB7B8D6\2550D3FE\sfaccounts.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\F1FF8008\2550D3FE\sfse.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\common\FEF6F376\7F936AD3\sfhtml.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA} c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\3D592B89\1CF56704\license.russian.rtf c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\661D9F4\1CF56704\license.english.rtf c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\accountsettings.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\blacklistdomain.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\blacklistemail.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\block.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\config.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\emptyfolder.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\logosmall.bmp c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\recheck.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\tellfriend.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\unblock.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\whitelistdomain.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\7ADC4C4E\whitelistemail.dib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\aim.ico c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\aim_new.ico c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\buy.ico c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\logo.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\name.gif c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\8F70647E\uninstall.ico c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\BG.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\DA.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\DE.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\EL.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\EN.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\ES.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\FI.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\FR.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\IT.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\JA.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\NL.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\NO.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\PL.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\PT.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\RU.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\SV.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\7E17B875\9924EC87\ZH.HTM c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\99A306F\1CF56704\license.danish.rtf c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\B8386780\1CF56704\license.german.rtf c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\mIDEFunc.dll\mEXEFunc.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\customization\mMSI.dll\mMSIExec.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\instance.dat c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\live_mail\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA} c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\live_mail\69AF52FB\2550D3FE\LiveMailToolbar.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\live_mail\C2CC5F6B\2550D3FE\LiveKit.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\mia.lib c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\OFFLINE\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA} c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\OFFLINE\mMSI.dll\mMSIExec.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA} c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\20D20DEC\AC2BCC48\sfol0000.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\5210E975\AE0A5FB5\sfsg.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\77024C1A\2E56BF77\sfoltool.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\9C2AE21E\AE0A5FB5\SFImport.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\A8A75B0B\AE0A5FB5\core.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\B3898E4F\AE0A5FB5\SFABook.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\BADB837F\AC2BCC48\sfoltool.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\BE801A91\AE0A5FB5\sfse_update.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\C0D228ED\AE0A5FB5\sfse.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook\F8C78E2F\2E56BF77\sfol0000.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook_express\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA} c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\outlook_express\A642F876\B123ACF5\sfoe0001.dll c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.dat c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.exe c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.lan c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.lnk c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.msi c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.res c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E} c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.dat c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.exe c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.lnk c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.msi c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.par c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.res c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\instance.dat c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\mia.lib c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\OFFLINE\{71C01C2D-E157-4490-AEA7-088A4E791A2E} c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\OFFLINE\mDown.dll\mDownExec.dll c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\OFFLINE\mIDEFunc.dll\mEXEFunc.dll c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\OFFLINE\mMSI.dll\mMSIExec.dll c:\programdata\251FF c:\programdata\251FF\{7D6FEDE7-56B4-43DF-872D-59E8C7BA4571}.swf c:\programdata\iMesh c:\programdata\iMesh\Creatives.xml c:\programdata\iMesh\CreativesFiles\1.gif c:\programdata\iMesh\CreativesFiles\10.gif c:\programdata\iMesh\CreativesFiles\1040.gif c:\programdata\iMesh\CreativesFiles\1043.gif c:\programdata\iMesh\CreativesFiles\1044.gif c:\programdata\iMesh\CreativesFiles\1050.gif c:\programdata\iMesh\CreativesFiles\1054.gif c:\programdata\iMesh\CreativesFiles\1055.gif c:\programdata\iMesh\CreativesFiles\1057.gif c:\programdata\iMesh\CreativesFiles\1058.gif c:\programdata\iMesh\CreativesFiles\1060.gif c:\programdata\iMesh\CreativesFiles\1062.gif c:\programdata\iMesh\CreativesFiles\1063.gif c:\programdata\iMesh\CreativesFiles\1070.gif c:\programdata\iMesh\CreativesFiles\11.gif c:\programdata\iMesh\CreativesFiles\12.gif c:\programdata\iMesh\CreativesFiles\13.gif c:\programdata\iMesh\CreativesFiles\14.gif c:\programdata\iMesh\CreativesFiles\15.gif c:\programdata\iMesh\CreativesFiles\16.gif c:\programdata\iMesh\CreativesFiles\17.gif c:\programdata\iMesh\CreativesFiles\18.gif c:\programdata\iMesh\CreativesFiles\19.gif c:\programdata\iMesh\CreativesFiles\2.gif c:\programdata\iMesh\CreativesFiles\20.gif c:\programdata\iMesh\CreativesFiles\21.gif c:\programdata\iMesh\CreativesFiles\22.gif c:\programdata\iMesh\CreativesFiles\23.gif c:\programdata\iMesh\CreativesFiles\24.gif c:\programdata\iMesh\CreativesFiles\25.gif c:\programdata\iMesh\CreativesFiles\26.gif c:\programdata\iMesh\CreativesFiles\27.gif c:\programdata\iMesh\CreativesFiles\28.gif c:\programdata\iMesh\CreativesFiles\29.gif c:\programdata\iMesh\CreativesFiles\3.gif c:\programdata\iMesh\CreativesFiles\30.gif c:\programdata\iMesh\CreativesFiles\31.gif c:\programdata\iMesh\CreativesFiles\32.gif c:\programdata\iMesh\CreativesFiles\33.gif c:\programdata\iMesh\CreativesFiles\34.gif c:\programdata\iMesh\CreativesFiles\35.gif c:\programdata\iMesh\CreativesFiles\36.gif c:\programdata\iMesh\CreativesFiles\37.gif c:\programdata\iMesh\CreativesFiles\38.gif c:\programdata\iMesh\CreativesFiles\4.gif c:\programdata\iMesh\CreativesFiles\5.gif c:\programdata\iMesh\CreativesFiles\6.gif c:\programdata\iMesh\CreativesFiles\7.gif c:\programdata\iMesh\CreativesFiles\8.gif c:\programdata\iMesh\CreativesFiles\9.gif c:\programdata\iMesh\CreativesFiles\Thumbs.db c:\programdata\iMesh\Player.swf c:\users\Cees\AppData\Local\Conduit c:\users\Cees\AppData\Local\Conduit\CT2724386\IncrediMail_MediaBar_2AutoUpdaterHelper.exe c:\users\Cees\AppData\Local\Conduit\CT3031769\SFT_NetherlandsAutoUpdateHelper.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))) . . 2011-10-17 14:59 . 2011-10-17 14:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04F7F782-9D4E-4A17-B4B0-047019BFB601}\offreg.dll 2011-10-17 14:54 . 2011-10-17 14:54 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2011-10-17 14:54 . 2011-10-17 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-10-17 11:48 . 2011-10-17 11:51 -------- d-----w- C:\Aanvraag activiteiten TOP 2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\ConduitEngine 2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\SFT_Netherlands 2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-14 09:46 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04F7F782-9D4E-4A17-B4B0-047019BFB601}\mpengine.dll 2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro 2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack 2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files 2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp 2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue 2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer 2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer 2011-10-11 08:44 . 2011-10-17 15:24 -------- d-----w- c:\users\Cees\AppData\Local\Temp 2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org 2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed 2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software 2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics 2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll 2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM 2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM 2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail 2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly 2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter 2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\Common Files\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\programdata\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\PC Unleashed Online 2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1 2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA 2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-07-19 16:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-07-19 16:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-17_08.59.42 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2011-10-17 14:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-10-17 08:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2011-10-17 08:42 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-10-17 14:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-09-27 14:29 . 2011-10-17 11:28 83190 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-10-17 11:28 33732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2011-10-17 08:08 33732 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-27 20:39 . 2011-10-17 11:28 24560 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2398009579-1224830499-2648912689-1000_UserData.bin - 2010-09-27 12:23 . 2011-10-13 15:38 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-27 12:23 . 2011-10-17 11:27 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-27 12:23 . 2011-10-17 11:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-09-27 12:23 . 2011-10-13 15:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-10-17 11:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2011-10-13 15:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-10-17 14:57 . 2011-10-17 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-10-17 08:42 . 2011-10-17 08:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-10-17 14:57 . 2011-10-17 14:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-10-17 08:42 . 2011-10-17 08:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 04:54 . 2011-10-17 08:42 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2011-10-17 14:57 163840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:46 . 2011-10-17 15:00 104672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-07-14 04:46 . 2011-10-14 14:33 104672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2010-09-28 07:08 . 2011-10-17 08:40 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-09-28 07:08 . 2011-10-17 14:55 890736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2011-10-17 08:40 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2011-10-17 14:55 432436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-09 09:45 . 2011-10-17 14:55 15528956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398009579-1224830499-2648912689-1000-12288.dat - 2010-11-09 09:45 . 2011-10-17 08:40 15528956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2398009579-1224830499-2648912689-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-15 5500800] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296] "SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-02-16 112608] "Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-06-21 225280] "sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2011-09-16 1197192] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] . c:\users\Cees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ regwiz.lnk - c:\program files (x86)\eSupport.com\RegistryWizard\regwiz.exe [2010-11-24 3422240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480] R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072] R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328] R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848] S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-10-17 c:\windows\Tasks\DriverScanner.job - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-03 c:\windows\Tasks\PC Unleashed Defrag.job - c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27] . 2011-10-13 c:\windows\Tasks\PC Unleashed Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-10-03 c:\windows\Tasks\PC Unleashed Update Version3.job - c:\program files (x86)\Common Files\PC Unleashed Online\UUS3\Update3.exe [2011-09-06 18:27] . 2011-10-03 c:\windows\Tasks\PC Unleashed.job - c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27] . 2011-10-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-10-13 c:\windows\Tasks\PTSchedule.job - c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02] . 2011-10-17 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29] . 2011-10-17 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23] . 2011-10-17 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2011-02-08 17:22 1057712 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\ FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb68?u=92823106547538112 FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-iMesh - c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.exe AddRemove-SPAMfighter - c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.exe AddRemove-{1D0AB230-E7BC-41CB-A50C-F282273E897B} - c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA}\SPAMfighter_Client.exe AddRemove-{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763} - c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E}\iMesh_V11_en_Setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Fighters\SPAMfighter\sfus.exe c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2011-10-17 17:26:35 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-17 15:26 ComboFix2.txt 2011-10-17 09:02 . Pre-Run: 673.602.629.632 bytes beschikbaar Post-Run: 673.270.345.728 bytes beschikbaar . Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - EAB8553C60D5A9ABBBC5FD9E82A7BDDA
-
bijdeze....... excuus ComboFix 11-10-16.03 - Cees 17-10-2011 10:31:08.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1043.18.4095.1713 [GMT 2:00] Gestart vanuit: c:\users\Cees\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2} SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\program files (x86)\facemoods.com c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoods.crx c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoods.png c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsApp.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsEng.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\uninstall.exe c:\program files (x86)\facemoods.com\sqlite3.dll c:\programdata\PCDr\5830\Downloads\0fc909b5-f105-4459-82f3-583c6ea5d734.dll c:\programdata\PCDr\5830\Downloads\482517d4-aaa6-47f8-a7ad-de5cf6021ac2.dll c:\programdata\PCDr\5830\Downloads\ca1d3e50-4692-4c3f-877c-4f9917ab37a5.dll c:\programdata\PCDr\5830\Downloads\f9dc840b-c6f7-42a5-acec-50cc7a2827fd.dll c:\users\Public\Firefox Setup 6.0.2.exe c:\users\Public\IE9-Windows7-x86-nld.exe c:\windows\assembly\GAC_MSIL\Toolbar c:\windows\assembly\GAC_MSIL\Toolbar\1.0.0.0__f2e11770db40f5b0\Toolbar.dll c:\windows\security\Database\tmp.edb c:\windows\SysWow64\dlumd10.dll c:\windows\SysWow64\dlumd11.dll c:\windows\SysWow64\dlumd9.dll I:\autorun.inf . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-17 to 2011-10-17 )))))))))))))))))))))))))))))) . . 2011-10-17 08:45 . 2011-10-17 08:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04F7F782-9D4E-4A17-B4B0-047019BFB601}\offreg.dll 2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\Conduit 2011-10-17 08:20 . 2011-10-17 08:20 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp 2011-10-17 08:20 . 2011-10-17 08:20 -------- d-----w- c:\program files (x86)\SFT_Netherlands 2011-10-16 10:27 . 2011-10-16 10:27 -------- d-----w- c:\users\Cees\AppData\Roaming\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\programdata\Malwarebytes 2011-10-16 10:26 . 2011-10-16 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-10-16 10:26 . 2011-08-31 15:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files (x86)\iTunes 2011-10-15 10:22 . 2011-10-15 10:22 -------- d-----w- c:\program files\iPod 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files\Bonjour 2011-10-15 10:20 . 2011-10-15 10:20 -------- d-----w- c:\program files (x86)\Bonjour 2011-10-14 09:46 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04F7F782-9D4E-4A17-B4B0-047019BFB601}\mpengine.dll 2011-10-13 22:03 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys 2011-10-13 22:03 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax 2011-10-13 22:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll 2011-10-13 22:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax 2011-10-13 22:03 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2011-10-13 22:03 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2011-10-13 22:03 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2011-10-13 22:03 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2011-10-13 10:07 . 2011-10-13 10:07 388096 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-13 10:07 . 2011-10-13 10:07 -------- d-----w- c:\program files (x86)\Trend Micro 2011-10-13 10:04 . 2011-10-13 10:15 -------- d-----w- C:\HiJack 2011-10-12 19:33 . 2011-10-12 19:33 -------- d-----w- c:\windows\Downloaded Program Files 2011-10-12 19:29 . 2011-10-12 19:30 -------- d-----w- C:\procexp 2011-10-12 13:53 . 2011-10-12 13:53 -------- d-----w- c:\programdata\Uniblue 2011-10-12 13:27 . 2011-10-12 13:27 -------- d-----w- c:\users\Cees\AppData\Roaming\TeamViewer 2011-10-12 13:25 . 2011-10-12 13:25 -------- d-----w- c:\program files (x86)\TeamViewer 2011-10-11 08:44 . 2011-10-17 08:59 -------- d-----w- c:\users\Cees\AppData\Local\Temp 2011-10-09 09:26 . 2011-10-09 09:26 -------- d-----w- c:\users\Cees\AppData\Roaming\OpenOffice.org 2011-10-09 09:24 . 2011-10-09 09:46 -------- d-----w- c:\program files (x86)\OpenOffice.org 3 2011-10-09 09:05 . 2011-10-09 09:05 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-10-07 09:42 . 2011-10-07 09:42 -------- d-----w- c:\windows\system32\Macromed 2011-10-06 14:08 . 2011-10-06 14:08 -------- d-----w- c:\program files\DisplayLink iPad Software 2011-10-06 12:31 . 2011-10-06 12:32 -------- d-----w- c:\program files\DisplayLink Graphics 2011-10-06 12:30 . 2011-10-06 12:31 -------- d-----w- c:\program files\DisplayLink Core Software 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd9.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd11.dll 2011-10-06 12:29 . 2011-10-06 12:29 0 ----a-w- c:\windows\system32\dlumd10.dll 2011-10-06 11:42 . 2011-10-17 08:20 -------- d-----w- c:\users\Cees\AppData\Local\Conduit 2011-10-06 11:33 . 2011-10-06 12:34 -------- d-----w- c:\users\Cees\AppData\Local\IM 2011-10-06 11:32 . 2011-10-06 11:41 -------- d-----w- c:\programdata\IM 2011-10-06 11:32 . 2011-10-06 11:32 -------- d-----w- c:\programdata\IncrediMail 2011-10-06 11:31 . 2011-10-06 11:38 -------- d-----w- c:\program files (x86)\DealPly 2011-10-06 11:31 . 2011-10-06 11:31 -------- d-----w- c:\program files (x86)\FoxTabMusicConverter 2011-10-04 06:47 . 2011-10-04 06:47 -------- d-----w- C:\TOP Algemeen 2011-10-04 06:36 . 2011-10-04 06:38 -------- dc-h--w- c:\programdata\{0CD22FA8-3496-4871-99A9-D17B50F6ACAA} 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\DriverCure 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\users\Cees\AppData\Roaming\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\Common Files\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\programdata\PC Unleashed Online 2011-10-03 11:47 . 2011-10-03 11:47 -------- d-----w- c:\program files (x86)\PC Unleashed Online 2011-09-30 07:05 . 2011-10-09 09:44 -------- d-----w- C:\TOP A1 2011-09-28 14:57 . 2011-09-28 14:57 -------- d-----w- c:\users\Cees\AppData\Local\G DATA 2011-09-28 14:55 . 2011-09-28 14:55 106488 ----a-w- c:\windows\system32\drivers\GRD.sys 2011-09-28 13:34 . 2011-09-28 13:34 58584 ----a-w- c:\windows\system32\drivers\PktIcpt.sys 2011-09-28 11:02 . 2011-09-28 11:02 -------- d-----w- C:\8be34f6062bcac1fa9f472b1 2011-09-21 22:47 . 2011-09-21 22:47 -------- d-----w- c:\programdata\251FF 2011-09-19 13:58 . 2011-09-19 13:58 -------- d-----w- c:\programdata\iMesh 2011-09-19 13:57 . 2011-09-19 14:01 -------- dc-h--w- c:\programdata\{71C01C2D-E157-4490-AEA7-088A4E791A2E} . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-07 09:42 . 2011-09-07 09:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2011-09-28 13:32 . 2011-06-05 19:31 47320 ----a-w- c:\windows\system32\drivers\GDBehave.sys 2011-09-28 13:32 . 2011-06-05 19:30 102616 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys 2011-09-28 13:32 . 2011-06-05 19:30 63704 ----a-w- c:\windows\system32\drivers\gdwfpcd64.sys 2011-08-30 21:05 . 2011-08-30 21:05 96104 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 85864 ----a-w- c:\windows\system32\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 212840 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-30 21:05 . 2011-08-30 21:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe 2011-08-30 21:05 . 2011-08-30 21:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll 2011-08-30 21:05 . 2011-08-30 21:05 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll 2011-08-30 21:05 . 2011-08-30 21:05 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll 2011-07-23 09:54 . 2011-07-23 09:54 53248 ----a-r- c:\users\Cees\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2011-07-19 16:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-07-19 16:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1c94aa0d-7416-4289-b2ba-834282060870}"= "c:\program files (x86)\SFT_Netherlands\prxtbSFT_.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{1c94aa0d-7416-4289-b2ba-834282060870}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1c94aa0d-7416-4289-b2ba-834282060870}] 2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\SFT_Netherlands\prxtbSFT_.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{1c94aa0d-7416-4289-b2ba-834282060870}"= "c:\program files (x86)\SFT_Netherlands\prxtbSFT_.dll" [2011-03-28 176936] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936] . [HKEY_CLASSES_ROOT\clsid\{1c94aa0d-7416-4289-b2ba-834282060870}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-15 5500800] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "DriverScanner"="c:\progra~2\Uniblue\DRIVER~1\launcher.exe" [2011-09-05 338296] "SpeedUpMyPC"="c:\program files (x86)\Uniblue\SpeedUpMyPC\launcher.exe" [2011-09-09 67960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-03-01 190808] "ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-10-25 1287120] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696] "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-02-16 112608] "Family Tree Builder Update"="c:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-06-21 225280] "sfagent"="c:\program files (x86)\Fighters\SPAMfighter\sfagent.exe" [2011-09-16 1197192] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] . c:\users\Cees\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ regwiz.lnk - c:\program files (x86)\eSupport.com\RegistryWizard\regwiz.exe [2010-11-24 3422240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /r \??\H:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 GFI_ReportCenter35;GFI ReportCenter 3.5;c:\program files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe [2009-06-16 111912] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 Common Toolkit Tools;Common Toolkit Tools;c:\program files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [2011-02-02 121480] R3 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2011-02-16 1034208] R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-11-24 21712] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-02 13088] R3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [x] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 135664] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2011-05-12 25072] R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2011-02-04 162328] R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [x] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-24 140672] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-04-10 9663848] S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2011-02-16 1050592] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336] S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-02-16 632800] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472] S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files (x86)\Fighters\SPAMfighter\sfus.exe service [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S2 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2011-09-16 1302152] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2011-10-17 c:\windows\Tasks\DriverScanner.job - c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-10-12 14:20] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-27 20:33] . 2011-10-03 c:\windows\Tasks\PC Unleashed Defrag.job - c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27] . 2011-10-13 c:\windows\Tasks\PC Unleashed Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2011-10-03 c:\windows\Tasks\PC Unleashed Update Version3.job - c:\program files (x86)\Common Files\PC Unleashed Online\UUS3\Update3.exe [2011-09-06 18:27] . 2011-10-03 c:\windows\Tasks\PC Unleashed.job - c:\program files (x86)\PC Unleashed Online\Suite\pcu.exe [2011-09-06 18:27] . 2011-10-16 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . 2011-10-13 c:\windows\Tasks\PTSchedule.job - c:\program files (x86)\PC Tools Utilities\pt.exe [2011-06-06 07:02] . 2011-10-17 c:\windows\Tasks\RegistryBooster.job - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29] . 2011-10-17 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23] . 2011-10-17 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2011-02-08 17:22 1057712 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb68?u=92823106547538112 FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMH&o=2420&locale=nl_NL&apn_uid=45c5971b-ca01-439c-8931-de6650852d1b&apn_ptnrs=^A31&apn_sauid=B2FE4502-421E-4AB8-BF1A-1D77593E86B4&apn_dtid=^YYYYYY^YY^NL&atb=sysid%3D1%3Aappid%3D315%3Auc76012506&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Fighters\SPAMfighter\sfus.exe c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2011-10-17 11:02:42 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-17 09:02 . Pre-Run: 673.851.301.888 bytes beschikbaar Post-Run: 673.459.593.216 bytes beschikbaar . Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 6AEACF9C6869E98A81AD5B2C7BA75BD6
-
Helaas moet ik mconstateren dat de Rundll32.exe weer welig tieren in Windows Taakbeheer. Het aantal processen is 188-190 Ceeszu - c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-03-14 13:29] . 2011-10-17 c:\windows\Tasks\SpeedUpMyPC.job - c:\program files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2011-10-12 07:23] . 2011-10-17 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2011-06-21 18:09] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2011-02-08 17:22 1057712 ----a-w- c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Cees\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-20 8306208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\BEARSH~1\MediaBar\Datamngr\x64\IEBHO.dll . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.kpnvandaag.nl/ uInternet Settings,ProxyOverride = *.local IE: &Verzenden naar OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Cees\AppData\Roaming\Mozilla\Firefox\Profiles\qbpvl446.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/mb68?u=92823106547538112 FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMH&o=2420&locale=nl_NL&apn_uid=45c5971b-ca01-439c-8931-de6650852d1b&apn_ptnrs=^A31&apn_sauid=B2FE4502-421E-4AB8-BF1A-1D77593E86B4&apn_dtid=^YYYYYY^YY^NL&atb=sysid%3D1%3Aappid%3D315%3Auc76012506&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file) AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\uninstall.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Fighters\SPAMfighter\sfus.exe c:\program files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe c:\progra~2\Uniblue\DRIVER~1\driverscanner.exe c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe . ************************************************************************** . Voltooingstijd: 2011-10-17 11:02:42 - machine werd herstart ComboFix-quarantined-files.txt 2011-10-17 09:02 . Pre-Run: 673.851.301.888 bytes beschikbaar Post-Run: 673.459.593.216 bytes beschikbaar . Current=3 Default=3 Failed=2 LastKnownGood=4 Sets=1,2,3,4 - - End Of File - - 6AEACF9C6869E98A81AD5B2C7BA75BD6
-
Helaas, hjet aantal rundll32.exe processen loopt weer gestaag op het zijn er nu al meer dan 70, Heb alleen de pc opgestart, microsoft office, internet explorer en taskmanager om te zien hoe het gaat zit nu alaan een 160 processsen. Helaas begrijp ik het niet........ wel heel erg bedankt voor de snelle reactie en om te zien of je het kunt oplossen..... mvgr Ceeszu
-
Beste Kweezie Wabbit, hier het logbestand van M Bam Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 7957 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 16-10-2011 12:33:02 mbam-log-2011-10-16 (12-33-02).txt Scantype: Snelle scan Objecten gescand: 202537 Verstreken tijd: 4 minuut/minuten, 40 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) en het logbestand van HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:34:12, on 16-10-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\PROGRA~2\Uniblue\DRIVER~1\driverscanner.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\Spyware Doctor\pctsTray.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\PROGRA~2\Uniblue\SPEEDU~1\sump.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Windows\sysWow64\SearchProtocolHost.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = KPN Vandaag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe O4 - HKLM\..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 O4 - HKCU\..\Run: [speedUpMyPC] "C:\PROGRA~2\Uniblue\SPEEDU~1\launcher.exe" -d 20000 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2398009579-1224830499-2648912689-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2398009579-1224830499-2648912689-1004\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2398009579-1224830499-2648912689-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: regwiz.lnk = C:\Program Files (x86)\eSupport.com\RegistryWizard\regwiz.exe O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.euro.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Common Toolkit Tools - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe O23 - Service: Performance Toolkit Disk Defrag Service (DMDefragService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe O23 - Service: Performance Toolkit Disk Repair Service (DMRepairService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GFI ReportCenter 3.5 (GFI_ReportCenter35) - GFI Software Ltd. - C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 16769 bytes mvgr Ceeszu
-
Beste ProMind, bij deze de logfile: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:15:21, on 13-10-2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\PROGRA~2\Uniblue\DRIVER~1\driverscanner.exe C:\Program Files (x86)\Spyware Doctor\pctsTray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\PROGRA~2\Uniblue\SPEEDU~1\sump.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Windows\sysWow64\SearchProtocolHost.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell | MSN R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = KPN Vandaag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll R3 - URLSearchHook: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll O2 - BHO: softonic-de3 - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O2 - BHO: IncrediMail MediaBar 2 - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll O3 - Toolbar: hooeey webprint - {b5b9461e-6a80-4f94-91aa-b9c1ae2710b3} - mscoree.dll (file missing) O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll O3 - Toolbar: (no name) - {0DFC36E8-EAE8-484F-A89C-F565849A210F} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: MediaBar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll O3 - Toolbar: IncrediMail MediaBar 2 Toolbar - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\prxtbInc0.dll O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe" /md I O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" O4 - HKLM\..\Run: [sfagent] C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 O4 - HKCU\..\Run: [speedUpMyPC] "C:\PROGRA~2\Uniblue\SPEEDU~1\launcher.exe" -d 20000 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2398009579-1224830499-2648912689-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2398009579-1224830499-2648912689-1004\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2398009579-1224830499-2648912689-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Startup: regwiz.lnk = C:\Program Files (x86)\eSupport.com\RegistryWizard\regwiz.exe O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Casino Classic - >#ypçÁæ{NÕ÷>òn’þ=ìB½[!#ìù - (no file) (HKCU) O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.euro.dell.com/systemprofiler/SysProExe.CAB O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.euro.dell.com/systemprofiler/DellSystemLite.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Common Toolkit Tools - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe O23 - Service: Performance Toolkit Disk Defrag Service (DMDefragService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe O23 - Service: Performance Toolkit Disk Repair Service (DMRepairService) - PC Tools - C:\Program Files (x86)\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GFI ReportCenter 3.5 (GFI_ReportCenter35) - GFI Software Ltd. - C:\Program Files (x86)\Common Files\GFI\ReportCenter\Framework v3.5\gfireporterservice.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Suite Service - SPAMfighter ApS - C:\Program Files (x86)\Fighters\FighterSuiteService.exe O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 20621 bytes
-
Wanneer ik mijn taakbeheer opstart en kijk naar de Processen dan zie tot mijn verbazing dat er 202 processen zijn gestarten meer dan 180 rundll32.exe Imagenamen staan met een hegeugen zo rond de 5000 kb???? Wat is hier aan de hand???? Cees
