EYES-T

26 mei 2014

Nu doet ie het weer ! Bedankt!

26 mei 2014

Hoi,

Mijn Nexus 7 verliest zijn wifi-connectie altijd wanneer hij "in rust"

is geweest. Bij instellingen kan ik de wifi niet terug opzetten(knopje grijs).

MAAR elke keer hij terug wordt opgestart is de wifi in orde. Als hij

maar eventjes inactief is, blijft de wifi soms ook werken.

Iemand enige oplossing?

Alvast bedankt voor elke reactie!

21 mei 2014

Zal ik proberen, laat binnen een paar dagen weten of het werkt!

20 mei 2014

Hoi,

De titel zegt het zelf al : de PC gaat niet meer in slaapstand.

Ik heb al geprobeerd om de tijdsduur met een minuutje te wijzigen

maar dit gaf geen effect.

Het scherm schakelt zich wél op de correcte manier uit.

Het probleem doet zich sinds enkele dagen voor.

Ik heb recentelijk geen nieuwe software geïnstalleerd.

Ook heb ik geen instellingen gewijzigd.

Iemand enig idee hoe ik dit kan oplossen?

Alvast bedankt voor jullie reacties!

30 januari 2014

Nee, alles is duidelijk, bedankt allebei!

30 januari 2014

De bestanden waren jpg en zijn nu allemaal jpeg

30 januari 2014

O ja, vergeten te vermelden : als ik rechts klik op de file en kies "openen met Windows Photo Gallery" doen ze het wel.

Maar als ik via "eigenschappen" dit wil wijzigen voor alle files van dit type blijft het vakje om dit aan te vinken "grijs"

en kan ik dit niet wijzigen.

- - - Updated - - -

Eggers, onze berichtjes hebben mekaar blijkbaar gekruist.

Maar jouw oplossing werkt, bedankt!

30 januari 2014

Hoi,

Ik heb zopas Office 2011 geïnstalleerd(ja, ik weet het, ik loop achter! ).

Nu blijken al mijn JPG-bestanden een Word-document geworden.

In een lijst staat het Word-icoontje ervoor en bij het openen krijg

ik uiteraard een foutmelding ivm bestandsconversie en codering.

Waarschijnlijk moet ik ergens terug gaan aanpassen met welk programma

ik JPG's standaard moet openen, maar ik weet niet hoe...

Iemand een oplossing?

Alvast bedankt voor alle reacties!

25 december 2013

Bedankt voor de tips!

Heb zopas een image gemaakt met die Macrium Reflect Free. Werkte perfect!

25 december 2013

Die Fbackup begint al goed : wil (na 3 keer proberen)gewoon niet installeren....

Dan ga ik maar voor Macrium Reflect Free, de nr1 in de CNet reviews :

Macrium Reflect Free - Free download and software reviews - CNET Download.com

Op hoop van zege(n)!

25 december 2013

Ja, ik was gisteren ook al eens gaan snuisteren tussen de verschillende BU-progaramma's die

worden aangeboden via Cnet en ik zal die FBackup eens proberen.

Blijft mijn vraag wel : waarom maakt ie die fout met de W7-BU?

Misschien is er hier nog een expert die hierover zijn licht kan doen schijnen?

Zalig Kerstfeest!

24 december 2013

Hoi,

Telkens wanneer ik een backup maak wordt de overgebleven ruimte op mijn externe schijf

steeds kleiner, soms tot 10gig. Tussen de backups zijn geen grote bestanden gedownload.

Ik gebruik het standaard backupprogramma van Windows7.

Iemand enig idee hoe dit komt? Wordt er misschien een gedeelte van de vorige backup

bijgehouden? Lijkt me niet erg waarschijnlijk en zeker niet met zo'n grote "hoeveelheden".

Alvast bedankt voor elke reactie en prettige feestdagen!

10 oktober 2013

't Heeft zich vanzelf opgelost, gisterenavond was 't even plots weer verdwenen als 't gekomen was...

Microsoft zal gezien hebben dat ik toch een brave jongen ben...

8 oktober 2013

Waarom krijg je die boodschap dan pas na 2 jaar?

8 oktober 2013

Hoi,

Heeft iemand dit al eens meegemaakt?

Plots staat er links onderaan mijn scherm:

“Windows 7

Build 7601

Dit exemplaar van Windows is niet legitiem.”

Mijn Windows 7 stond gewoon op mijn PC

toen ik hem kocht.(+/- 2 jaar geleden)

Verschenen terwijl de PC aan stond, niet bij

het opstarten. Voor de rest werkt alles perfect.

Ook na het heropstarten van de PC blijft het staan.

‘k Heb al wel even extra op virussen gescand,

ook hier alles positief.

Alvast bedankt voor jullie reacties!

12 augustus 2013

Ondertussen heb ik op Youtube verschillende filmpjes gevonden hoe je van je modemantenne een richtbare paraboolantenne kan maken,

met gebruik van aluminiumfolie, blijkbaar met erg goede resultaten.

Aangezien de Telenet-modem geen antenne heeft kan ik dit niet toepassen. Maar wat ik wel heb gedaan is : onder de modem(vloer), achter de modem(buitenmuur) en links van de modem(muur van de buren) folie bevestigd maar....geen positief effect te meten.....

12 augustus 2013

Hoi,

Mijn dochter gebruikt regelmatig draadloos internet op haar kamer op de 1e verdieping.

Het signaal dat ze krijgt van de modem(gelijkvloers) is zeer zwak of soms tijdelijk zelfs onbestaande.

Haar Laptop is nog geen jaar oud dus ik denk niet dat daar het probleem zit.

Bij het contactcenter van Telenet suggereerden ze om eerst eens de gebruikte kanalen te veranderen.

Ze hebben er meerdere en de nrs. 1,6 en 11 zouden de sterkste zijn. Het gebruikte kanaal was al nr. 6

maar ook het switchen naar 1 en 11 gaf geen verbetering.

Tweede suggestie : gebruik 2 powerline adapters. (die kosten bij Telenet wel eventjes 50 euro 't stuk)

Heeft iemand van jullie hier ervaring mee of kent iemand een oplossing voor dit probleem?

Alvast bedankt voor alle reacties!

8 maart 2013

Het blijkt volledig verdwenen. Bedankt!

4 maart 2013

Voorlopig ziet het er goed uit, zal het een paar dagen aankijken. Alvast bedankt!

4 maart 2013

Zoek.exe Version 4.0.0.2 Updated 02-March-2013

Tool run by Wim Van Loock on ma 04/03/2013 at 16:02:55,69.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

4/03/2013 16:04:47 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_20130403_1608.zip ======================

Process chrome.exe killed

Copied file C:\Users\Wim Van Loock\TatSet.exe to sample

sample\TatSet.exe renamed to A2A1BA6024BCF5E2B3B533E77C146619

C:\Users\Public\Desktop\sample_20130403_1608.zip created successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96146D96-9783-4982-878A-745B72327058} deleted successfully

HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Files \ Folders ======================

"C:\Users\Wim Van Loock\TatSet.exe" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

"C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69" deleted

"C:\Program Files (x86)\NCH_EN" deleted

"C:\Program Files (x86)\fbphotozoom" deleted

"C:\Users\Wim Van Loock\AppData\Roaming\Babylon" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

"C:\ProgramData\boost_interprocess" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Trymedia" deleted

"C:\Users\Wim Van Loock\AppData\Local\APN" deleted

"C:\Users\Wim Van Loock\AppData\LocalLow\DataMngr" deleted

"C:\Users\Wim Van Loock\AppData\LocalLow\PriceGong" deleted

"C:\Users\Wim Van Loock\AppData\LocalLow\Conduit" deleted

"C:\Users\Wim Van Loock\AppData\LocalLow\NCH_EN" deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

cjofdnhdkbflacojpfpkchgafjahijbb - No path found[]

mpieaakhacmfleokhjcjnpcnmnmpfkid - C:\Program Files (x86)\fbphotozoom\fbphotozoom.crx[]

nppllibpnmahfaklnpggkibhkapjkeob - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\Exts\Chrome.crx[14/02/2013 04:02]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[]

Tetris - Wim Van Loock - Default\Extensions\angmfbilgjakmniilgadoakegkjdcpja

Windows Media Player Extension for HTML5 - Wim Van Loock - Default\Extensions\hokdglbhghcebcopdbanieangmcamaak

DSL speedtest - Wim Van Loock - Default\Extensions\mibbfkdeofpfmkclkgjfnjppdblhpddj

FBPHOTOZOOM - Wim Van Loock - Default\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://internetradio.vrt.be/radiospeler/v2_prod/wmp.html?qsbrand=11"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://internetradio.vrt.be/radiospeler/v2_prod/wmp.html?qsbrand=11"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"

{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown Url="Not_Found"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{852E32AC-4B74-4EA0-A396-8B607175B3AE} Yahoo//search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=642886&p={searchTerms}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjofdnhdkbflacojpfpkchgafjahijbb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mpieaakhacmfleokhjcjnpcnmnmpfkid deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wim Van Loock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Wim Van Loock\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\Wim Van Loock\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

C:\users\Wim Van Loock\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\WIMVAN~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

*********************************************************

't Zit blijkbaar diep verstopt, nie?

4 maart 2013

ComboFix 13-03-04.01 - Wim Van Loock 04/03/2013 12:08:55.6.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4040.2892 [GMT 1:00]

Gestart vanuit: c:\users\Wim Van Loock\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Wim Van Loock\Desktop\CFScript.txt

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-04 to 2013-03-04 ))))))))))))))))))))))))))))))

.

2013-03-04 11:17 . 2013-03-04 11:17 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-03-04 11:17 . 2013-03-04 11:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-04 07:05 . 2013-03-04 07:05 -------- d-----w- c:\users\Wim Van Loock\AppData\Roaming\LavasoftStatistics

2013-03-04 07:05 . 2013-03-04 07:05 -------- d-----w- c:\programdata\Ad-Aware Antivirus

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\programdata\Lavasoft

2013-03-04 07:02 . 2013-03-04 07:05 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\programdata\Downloaded Installations

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\users\Wim Van Loock\AppData\Local\adawarebp

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\program files (x86)\adawaretb

2013-03-04 07:02 . 2013-03-04 07:02 -------- d-----w- c:\program files (x86)\Toolbar Cleaner

2013-03-04 07:01 . 2013-03-04 07:01 47496 ----a-w- c:\windows\system32\sbbd.exe

2013-03-04 07:01 . 2013-03-04 07:01 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-03-04 07:01 . 2013-03-04 07:05 -------- d-----w- c:\users\Wim Van Loock\AppData\Roaming\Ad-Aware Antivirus

2013-03-03 16:15 . 2013-03-03 16:15 -------- d-----w- c:\users\Wim Van Loock\AppData\Local\Programs

2013-02-27 05:45 . 2013-02-17 00:40 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-02-27 05:42 . 2013-02-27 05:43 -------- d-----w- c:\windows\system32\drivers\NAVx64\1403000.024

2013-02-27 05:38 . 2013-02-27 05:38 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-26 11:03 . 2013-02-26 11:03 -------- d-----w- c:\windows\SysWow64\searchplugins

2013-02-26 11:03 . 2013-02-26 11:03 -------- d-----w- c:\windows\SysWow64\Extensions

2013-02-26 07:48 . 2013-02-26 16:01 -------- d-s---w- c:\users\Wim Van Loock\Google Drive

2013-02-23 14:18 . 2013-02-23 14:18 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-02-23 14:13 . 2013-02-23 14:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-23 14:12 . 2013-02-23 14:12 -------- d-----w- c:\program files (x86)\Java

2013-02-21 15:41 . 2013-02-21 15:41 -------- d-----w- c:\program files\iPod

2013-02-21 15:41 . 2013-02-21 15:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-21 15:41 . 2013-02-21 15:41 -------- d-----w- c:\program files (x86)\iTunes

2013-02-21 15:41 . 2013-02-21 15:41 -------- d-----w- c:\program files\iTunes

2013-02-19 08:24 . 2013-02-19 08:24 -------- d-----w- c:\windows\system32\drivers\NSTx64\7DD03000.01A

2013-02-15 18:58 . 2013-02-15 18:58 106088 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-13 19:50 . 2013-02-13 19:50 -------- d-----w- c:\users\Wim Van Loock\AppData\Roaming\theBluCache

2013-02-13 08:14 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 08:14 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 08:14 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 08:14 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 08:14 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 08:14 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 08:14 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 08:14 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 08:14 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 08:14 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 08:14 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 08:14 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-02 07:12 . 2012-04-01 06:58 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-02 07:12 . 2011-11-29 07:04 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-23 14:12 . 2012-06-26 13:47 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-02-23 14:12 . 2011-12-04 16:41 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-13 11:08 . 2011-08-02 05:07 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-01-04 04:43 . 2013-02-13 08:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-16 17:11 . 2012-12-21 11:01 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 11:01 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 11:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 11:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 15:49 . 2012-12-11 07:58 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 13:20 . 2013-01-09 11:12 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 11:12 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 11:12 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 11:12 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 11:12 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 11:12 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 11:12 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 11:12 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 11:12 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 11:12 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 11:12 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 11:12 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 11:12 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 11:12 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 11:12 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 11:12 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 11:12 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 11:12 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 11:12 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 11:12 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 11:12 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 11:12 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 11:12 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 11:12 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 11:12 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 11:12 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 11:12 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 11:12 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 11:12 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 11:12 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 11:12 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 11:12 51712 ----a-w- c:\windows\SysWow64\esrb.rs

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"IAStorIcon"=c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

"Hotkey Utility"=c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"RIMBBLaunchAgent.exe"=c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2000-01-01 246376]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-07 147288]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-31 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-03-04 14456]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]

S1 ccSet_MCLIENT;Norton Management Settings Manager;c:\windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 168096]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402010.016\ccSetx64.sys [2012-08-20 168096]

S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2012-11-16 168096]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130301.002\IDSvia64.sys [2013-01-05 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1402010.016\Ironx64.SYS [2012-09-07 224416]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]

S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-21 1236336]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-01-17 164520]

S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]

S2 MCLIENT;Norton Management;c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 143928]

S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]

S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [2012-12-24 144520]

S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 3677000]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 138912]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - GFIBTO

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

start [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-25 05:45 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 15:13]

.

2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 15:13]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 11580520]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://internetradio.vrt.be/radiospeler/v2_prod/wmp.html?qsbrand=11

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MCLIENT]

"ImagePath"="\"c:\program files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe\" /s \"MCLIENT\" /m \"c:\program files (x86)\Norton Management\Engine\3.2.0.19\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NCO]

"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.3.0.26\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.bmp.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.bmp.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.ico.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.jpg.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.jpg.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.jpg.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.jpg.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.png.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.tif.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (S-1-5-21-3977435860-3031932681-990377046-1001)

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.tif.15.4"

.

[HKEY_USERS\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLive.PhotoGallery.wdp.15.4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-03-04 12:24:33

ComboFix-quarantined-files.txt 2013-03-04 11:24

ComboFix2.txt 2013-02-08 22:29

.

Pre-Run: 389.253.595.136 bytes beschikbaar

Post-Run: 388.942.745.600 bytes beschikbaar

.

- - End Of File - - DDCC2C00291F75DCC23F77F74C5E3023

4 maart 2013

In geen van beide gevallen staat CouponDropDown bij de extensies...

4 maart 2013

Hoi,

Sinds enige tijd heb ik last van CouponDropDown met de vervelende advertenties verborgen onder onderlijnde woorden op bijna elke website.

Wat ik al heb ondernomen :

1/ Eerst en vooral : Norton Anti Virus vindt er niks van terug.

2/ Malwarebytes Ant-Malware geeft ook een volledig positief rapportje.

3/ AdwCleaner vindt ook niks terug.(2e logbestand)

4/ Combofix laten lopen = logje onderaan

4/ HiJackThis geeft volgend logbestand :

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:43:09, on 4/03/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16521)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe

C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe

C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files (x86)\adawaretb\ffHelper.exe

C:\PROGRA~2\AD-AWA~1\AdAware.exe

C:\Users\Wim Van Loock\Downloads\adwcleaner.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Wim Van Loock\Downloads\HijackThis (2).exe

C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = VRT Radiospeler

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\coIEPlg.dll

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run

O4 - HKCU\..\RunOnce: [adawarebp] reg.exe delete "HKCU\Software\AppDataLow\Software\adawarebp" /f

O4 - HKCU\..\RunOnce: [adawarebp_XP] reg.exe delete "HKCU\Software\adawarebp" /f

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Norton Management (MCLIENT) - Symantec Corporation - C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe

O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10894 bytes

********************************************************************

ADWCleaner geeft volgend logje:

# AdwCleaner v2.113 - Verslag gemaakt op 04/03/2013 om 08:34:04

# Geactualiseerd op 23/02/2013 door Xplode

# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Gebruiker : Wim Van Loock - DESKTOP

# Opstarten Modus : Normale modus

# Gelanceerd vanaf : C:\Users\Wim Van Loock\Downloads\adwcleaner.exe

# Optie [Zoeken]

***** [Diensten] *****

***** [Files / Mappen] *****

Map Aanwezig : C:\Program Files (x86)\adawaretb

Map Aanwezig : C:\Program Files (x86)\fbphotozoom

Map Aanwezig : C:\Program Files (x86)\NCH_EN

Map Aanwezig : C:\ProgramData\Babylon

Map Aanwezig : C:\ProgramData\blekko toolbars

Map Aanwezig : C:\ProgramData\boost_interprocess

Map Aanwezig : C:\ProgramData\InstallMate

Map Aanwezig : C:\ProgramData\Tarma Installer

Map Aanwezig : C:\ProgramData\Trymedia

Map Aanwezig : C:\Users\Wim Van Loock\AppData\Local\APN

Map Aanwezig : C:\Users\Wim Van Loock\AppData\LocalLow\adawaretb

Map Aanwezig : C:\Users\Wim Van Loock\AppData\LocalLow\Conduit

Map Aanwezig : C:\Users\Wim Van Loock\AppData\LocalLow\NCH_EN

Map Aanwezig : C:\Users\Wim Van Loock\AppData\LocalLow\PriceGong

Map Aanwezig : C:\Users\Wim Van Loock\AppData\Roaming\Babylon

Map Aanwezig : C:\Users\Wim Van Loock\AppData\Roaming\pdfforge

***** [Register] *****

Sleutel Aanwezig : HKCU\Software\1ClickDownload

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Conduit

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\NCH_EN

Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\PriceGong

Sleutel Aanwezig : HKCU\Software\Conduit

Sleutel Aanwezig : HKCU\Software\DataMngr

Sleutel Aanwezig : HKCU\Software\DataMngr_Toolbar

Sleutel Aanwezig : HKCU\Software\InstallCore

Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Sleutel Aanwezig : HKCU\Software\Softonic

Sleutel Aanwezig : HKCU\Software\5855d8dbb639ed10

Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Sleutel Aanwezig : HKLM\Software\Babylon

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Prod.cap

Sleutel Aanwezig : HKLM\Software\Conduit

Sleutel Aanwezig : HKLM\Software\DataMngr

Sleutel Aanwezig : HKLM\Software\Iminent

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Sleutel Aanwezig : HKLM\Software\NCH_EN

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\5855d8dbb639ed10

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{90901388-E660-4EF5-82B0-31632F1CC75D}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1A9BA14-5FB3-4209-9F7E-6DBA0511AD36}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Sleutel Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload

Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Sleutel Aanwezig : HKU\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Sleutel Aanwezig : HKU\S-1-5-21-3977435860-3031932681-990377046-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}

Waarde Aanwezig : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]

Waarde Aanwezig : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

Waarde Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]

Waarde Aanwezig : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

***** [browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Wim Van Loock\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] De file bevat geen enkele ongeoorloofde invoer.

*************************

AdwCleaner[R1].txt - [5933 octets] - [04/03/2013 08:34:04]

########## EOF - C:\AdwCleaner[R1].txt - [5993 octets] ##########

*********************************************************************

Combofix logbestand :

ComboFix 13-03-04.01 - Wim Van Loock 04/03/2013 8:55:08.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4040.2114 [GMT 1:00]

Gestart vanuit: C:\Users\Wim Van Loock\Downloads\ComboFix.exe

AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}

SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-04 to 2013-03-04 ))))))))))))))))))))))))))))))

2013-03-04 08:04:56 . 2013-03-04 08:04:56 -------- d-----w- C:\Users\Public\AppData\Local\temp

2013-03-04 08:04:56 . 2013-03-04 08:04:56 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-03-04 07:05:12 . 2013-03-04 07:05:12 -------- d-----w- C:\Users\Wim Van Loock\AppData\Roaming\LavasoftStatistics

2013-03-04 07:05:12 . 2013-03-04 07:05:12 -------- d-----w- C:\ProgramData\Ad-Aware Antivirus

2013-03-04 07:02:58 . 2013-03-04 07:02:58 -------- d-----w- C:\ProgramData\Lavasoft

2013-03-04 07:02:57 . 2013-03-04 07:05:16 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus

2013-03-04 07:02:37 . 2013-03-04 07:02:37 -------- d-----w- C:\ProgramData\Downloaded Installations

2013-03-04 07:02:35 . 2013-03-04 07:02:36 -------- d-----w- C:\Users\Wim Van Loock\AppData\Local\adawarebp

2013-03-04 07:02:33 . 2013-03-04 07:02:34 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection

2013-03-04 07:02:25 . 2013-03-04 07:02:35 -------- d-----w- C:\Program Files (x86)\adawaretb

2013-03-04 07:02:24 . 2013-03-04 07:02:24 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner

2013-03-04 07:01:07 . 2013-03-04 07:01:07 47496 ----a-w- C:\Windows\system32\sbbd.exe

2013-03-04 07:01:07 . 2013-03-04 07:01:07 14456 ----a-w- C:\Windows\system32\drivers\gfibto.sys

2013-03-04 07:01:06 . 2013-03-04 07:05:20 -------- d-----w- C:\Users\Wim Van Loock\AppData\Roaming\Ad-Aware Antivirus

2013-03-03 16:15:54 . 2013-03-03 16:15:54 -------- d-----w- C:\Users\Wim Van Loock\AppData\Local\Programs

2013-02-27 05:45:43 . 2013-02-17 00:40:40 28672 ----a-w- C:\Windows\system32\IEUDINIT.EXE

2013-02-27 05:42:46 . 2013-02-27 05:43:02 -------- d-----w- C:\Windows\system32\drivers\NAVx64\1403000.024

2013-02-27 05:38:45 . 2013-02-27 05:38:45 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-02-26 11:03:54 . 2013-02-26 11:03:54 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-02-26 11:03:54 . 2013-02-26 11:03:54 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-02-26 07:48:03 . 2013-02-26 16:01:38 -------- d-s---w- C:\Users\Wim Van Loock\Google Drive

2013-02-23 14:18:47 . 2013-02-23 14:18:47 -------- d-----w- C:\Program Files (x86)\Common Files\Java

2013-02-23 14:13:09 . 2013-02-23 14:12:58 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-23 14:12:56 . 2013-02-23 14:12:56 -------- d-----w- C:\Program Files (x86)\Java

2013-02-21 15:41:09 . 2013-02-21 15:41:09 -------- d-----w- C:\Program Files\iPod

2013-02-21 15:41:08 . 2013-02-21 15:41:35 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-21 15:41:08 . 2013-02-21 15:41:34 -------- d-----w- C:\Program Files (x86)\iTunes

2013-02-21 15:41:05 . 2013-02-21 15:41:35 -------- d-----w- C:\Program Files\iTunes

2013-02-19 08:24:12 . 2013-02-19 08:24:16 -------- d-----w- C:\Windows\system32\drivers\NSTx64\7DD03000.01A

2013-02-15 18:58:12 . 2013-02-15 18:58:12 106088 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2013-02-13 19:50:01 . 2013-02-13 19:50:01 -------- d-----w- C:\Users\Wim Van Loock\AppData\Roaming\theBluCache

2013-02-13 08:14:54 . 2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\system32\ntoskrnl.exe

2013-02-13 08:14:54 . 2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 08:14:53 . 2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 08:14:49 . 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\system32\win32k.sys

2013-02-13 08:14:48 . 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\system32\winsrv.dll

2013-02-13 08:14:48 . 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 08:14:48 . 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 08:14:48 . 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 08:14:48 . 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 08:14:47 . 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 08:14:46 . 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-02-13 08:14:45 . 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-03-02 07:12:38 . 2012-04-01 06:58:07 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-03-02 07:12:38 . 2011-11-29 07:04:36 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-23 14:12:58 . 2012-06-26 13:47:28 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-02-23 14:12:58 . 2011-12-04 16:41:34 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-13 11:08:03 . 2011-08-02 05:07:14 70004024 ----a-w- C:\Windows\system32\MRT.exe

2013-01-04 04:43:21 . 2013-02-13 08:14:48 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 . 2012-12-21 11:01:29 46080 ----a-w- C:\Windows\system32\atmlib.dll

2012-12-16 14:45:03 . 2012-12-21 11:01:29 367616 ----a-w- C:\Windows\system32\atmfd.dll

2012-12-16 14:13:28 . 2012-12-21 11:01:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 . 2012-12-21 11:01:29 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 15:49:28 . 2012-12-11 07:58:36 24176 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-12-07 13:20:16 . 2013-01-09 11:12:19 441856 ----a-w- C:\Windows\system32\Wpc.dll

2012-12-07 13:15:31 . 2013-01-09 11:12:19 2746368 ----a-w- C:\Windows\system32\gameux.dll

2012-12-07 12:26:17 . 2013-01-09 11:12:18 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 . 2013-01-09 11:12:19 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 . 2013-01-09 11:12:19 30720 ----a-w- C:\Windows\system32\usk.rs

2012-12-07 11:20:03 . 2013-01-09 11:12:19 43520 ----a-w- C:\Windows\system32\csrr.rs

2012-12-07 11:20:03 . 2013-01-09 11:12:18 23552 ----a-w- C:\Windows\system32\oflc.rs

2012-12-07 11:20:01 . 2013-01-09 11:12:19 45568 ----a-w- C:\Windows\system32\oflc-nz.rs

2012-12-07 11:20:01 . 2013-01-09 11:12:19 44544 ----a-w- C:\Windows\system32\pegibbfc.rs

2012-12-07 11:20:01 . 2013-01-09 11:12:18 20480 ----a-w- C:\Windows\system32\pegi-fi.rs

2012-12-07 11:20:00 . 2013-01-09 11:12:19 20480 ----a-w- C:\Windows\system32\pegi-pt.rs

2012-12-07 11:19:59 . 2013-01-09 11:12:19 20480 ----a-w- C:\Windows\system32\pegi.rs

2012-12-07 11:19:58 . 2013-01-09 11:12:19 46592 ----a-w- C:\Windows\system32\fpb.rs

2012-12-07 11:19:57 . 2013-01-09 11:12:19 40960 ----a-w- C:\Windows\system32\cob-au.rs

2012-12-07 11:19:57 . 2013-01-09 11:12:19 21504 ----a-w- C:\Windows\system32\grb.rs

2012-12-07 11:19:57 . 2013-01-09 11:12:19 15360 ----a-w- C:\Windows\system32\djctq.rs

2012-12-07 11:19:56 . 2013-01-09 11:12:18 55296 ----a-w- C:\Windows\system32\cero.rs

2012-12-07 11:19:55 . 2013-01-09 11:12:18 51712 ----a-w- C:\Windows\system32\esrb.rs

2012-12-07 10:46:42 . 2013-01-09 11:12:19 43520 ----a-w- C:\Windows\SysWow64\csrr.rs

2012-12-07 10:46:42 . 2013-01-09 11:12:19 30720 ----a-w- C:\Windows\SysWow64\usk.rs

2012-12-07 10:46:41 . 2013-01-09 11:12:19 45568 ----a-w- C:\Windows\SysWow64\oflc-nz.rs

2012-12-07 10:46:41 . 2013-01-09 11:12:19 44544 ----a-w- C:\Windows\SysWow64\pegibbfc.rs

2012-12-07 10:46:41 . 2013-01-09 11:12:19 20480 ----a-w- C:\Windows\SysWow64\pegi-pt.rs

2012-12-07 10:46:41 . 2013-01-09 11:12:18 23552 ----a-w- C:\Windows\SysWow64\oflc.rs

2012-12-07 10:46:40 . 2013-01-09 11:12:18 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs

2012-12-07 10:46:39 . 2013-01-09 11:12:19 46592 ----a-w- C:\Windows\SysWow64\fpb.rs

2012-12-07 10:46:39 . 2013-01-09 11:12:19 20480 ----a-w- C:\Windows\SysWow64\pegi.rs

2012-12-07 10:46:38 . 2013-01-09 11:12:19 21504 ----a-w- C:\Windows\SysWow64\grb.rs

2012-12-07 10:46:37 . 2013-01-09 11:12:19 40960 ----a-w- C:\Windows\SysWow64\cob-au.rs

2012-12-07 10:46:37 . 2013-01-09 11:12:19 15360 ----a-w- C:\Windows\SysWow64\djctq.rs

2012-12-07 10:46:36 . 2013-01-09 11:12:18 55296 ----a-w- C:\Windows\SysWow64\cero.rs

2012-12-07 10:46:36 . 2013-01-09 11:12:18 51712 ----a-w- C:\Windows\SysWow64\esrb.rs

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Ad-Aware Antivirus"="C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 14:39:05 41208]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 12:08:14 59720]

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 11:35:28 152392]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 08:04:54 252848]

"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 15:11:58 542632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

"Hotkey Utility"=C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"RIMBBLaunchAgent.exe"=C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

R0 gfibto;gfibto;C:\Windows\system32\drivers\gfibto.sys [2013-03-04 07:01:07 14456]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2000-01-01 00:00:00 246376]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-09-07 15:38:22 147288]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-07-31 21:20:55 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]

S0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 16:02:18 17720]

S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1402010.016\SYMDS64.SYS [2012-10-04 01:40:20 493216]

S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1402010.016\SYMEFA64.SYS [2012-10-04 01:40:35 1133216]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 02:51:11 1388120]

S1 ccSet_MCLIENT;Norton Management Settings Manager;C:\Windows\system32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2012-10-04 01:19:14 168096]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\system32\drivers\NAVx64\1402010.016\ccSetx64.sys [2012-08-20 19:50:10 168096]

S1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\system32\drivers\NSTx64\7DD03000.01A\ccSetx64.sys [2012-11-16 02:18:04 168096]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130301.002\IDSvia64.sys [2013-01-05 06:18:02 513184]

S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1402010.016\Ironx64.SYS [2012-09-07 01:48:08 224416]

S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\Drivers\NAVx64\1402010.016\SYMNETS.SYS [2012-09-07 02:05:14 432800]

S2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-02-21 04:37:06 1236336]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 01:32:32 13336]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe [2011-01-17 14:00:50 164520]

S2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 20:55:14 244624]

S2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2012-10-11 02:29:13 143928]

S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 01:40:03 143928]

S2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe [2012-12-24 03:33:29 144520]

S2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-09-20 04:39:12 3677000]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 05:24:42 2656280]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-18 01:00:00 138912]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 16:28:16 317440]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-02-25 05:45:06 1629648 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe

Inhoud van de 'Gedeelde Taken' map

2013-03-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 15:13:47 . 2011-10-26 15:13:43]

2013-03-04 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-26 15:13:47 . 2011-10-26 15:13:43]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-11 00:20:42 11580520]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-03-19 21:44:20 398616]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = hxxp://internetradio.vrt.be/radiospeler/v2_prod/wmp.html?qsbrand=11

mLocal Page = C:\WINDOWS\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 195.130.131.132 195.130.130.4

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)

Toolbar-10 - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

*********************************************************************

Hebben jullie enig idee hoe ik dit kan verhelpen?

Alvast bedankt voor alle reacties!

14 februari 2013

Combofix is verwijderd en het probleem lijkt opgelost.

Allen bedankt voor de goede raad!

4 februari 2013

Dit zal ik uitvoeren wanneer ik nog eens bij dat familielid op bezoek ben.

Maar zal dit dan niet het probleem dat nu opgelost is doen terugkeren?

Inloggen

Profielen

Forums

Store

Berichten die geplaatst zijn door EYES-T

OVER ONS

SITEMAP

Belangrijke informatie