Ga naar inhoud

HPc

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    142

  • Registratiedatum

  • Laatst bezocht

 Inhoudstype 

Alles dat geplaatst werd door HPc

  1. HPc
    Het is gelukt om het allergrootste gedeelte te verwijderen van McAfee in het register. Bij een tiental mappen is dit niet gelukt --> "erreur lors de la suppression de la clé" of "impossible de supprimer toutes les valeurs spécifiées" Maar er staat niets meer van McAfee onder programma's bij configuratiescherm.
  2. HPc
    Ik vind ze inderdaad nergens anders meer terug, maar ik kan ze daar niet verwijderen. Voor McAfee Agent krijg ik volgende melding: "Mc Afee kan niet worden verwijderd omdat het momenteel in gebruik is door andere producten." Voor VirusScan Enterprise: " Erreur irrécupérable lors de l'installation."
  3. HPc
    McAfee Agent en McAfee Virusscan Enterprise staan nog steeds bij programma's in configuratiescherm.
  4. HPc
    Het nieuw logje van ComboFix: ComboFix 12-03-29.02 - pela 30/03/2012 11:13:33.3.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.511.54 [GMT 2:00] Gestart vanuit: c:\documents and settings\pela\Bureau\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\pela\Bureau\CFScript.txt AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-30 )))))))))))))))))))))))))))))) . . 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\pela\Application Data\Malwarebytes 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-28 19:54 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-28 10:47 . 2012-03-28 10:47 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2012-03-28 10:47 . 2012-03-28 10:47 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-03-28 10:47 . 2012-03-28 10:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-03-28 10:47 . 2012-03-28 10:47 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-03-28 10:47 . 2012-03-28 10:47 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-03-28 10:47 . 2012-03-28 10:47 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-03-28 10:47 . 2012-03-28 10:47 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2012-03-28 10:47 . 2012-03-28 10:47 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-03-28 10:33 . 2012-03-28 10:33 388096 ----a-r- c:\documents and settings\pela\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-03-28 10:33 . 2012-03-28 10:33 -------- d-----w- c:\program files\Trend Micro 2012-03-27 22:30 . 2012-03-28 10:47 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2012-03-27 21:37 . 2008-09-29 06:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2012-03-27 21:35 . 2012-03-27 21:36 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2012-03-23 22:40 . 2012-03-23 22:40 73728 ----a-w- c:\windows\system32\javacpl.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2100-04-08 09:45 . 2001-02-26 15:10 69632 ----a-w- c:\windows\system32\Lxasmdm.dll 2012-03-28 10:47 . 2008-09-29 07:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll 2012-03-27 14:38 . 2011-09-22 11:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-23 22:40 . 2010-04-25 19:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-03 09:58 . 2006-04-10 01:39 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06 . 2012-02-20 13:14 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2006-04-10 14:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-01-04 09:26 . 2010-03-09 20:06 236576 ------w- c:\windows\system32\MpSigStub.exe 2009-12-21 21:06 . 2009-12-21 21:05 16871432 -c--a-w- c:\program files\gimp-2.6.7-i686-setup.exe 2007-09-21 16:54 . 2007-10-11 15:01 1283286 -c--a-w- c:\program files\wrar371nl.exe 2007-02-22 17:23 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe 2007-02-22 17:10 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe.bak 2001-06-20 14:19 . 2001-06-19 14:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe 2007-06-21 16:38 . 2007-06-21 16:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 17:38 . 2007-06-21 17:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 17:38 . 2007-06-21 17:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 16:38 . 2007-06-21 16:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 16:39 . 2007-06-21 16:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 16:39 . 2007-06-21 16:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 17:39 . 2007-06-21 17:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 16:39 . 2007-06-21 16:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 17:40 . 2007-06-21 17:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2008-09-29 06:07 . 2012-03-27 21:37 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-29_19.17.30 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-30 09:03 . 2012-03-30 09:03 16384 c:\windows\Temp\Perflib_Perfdata_778.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . c:\documents and settings\pela\Menu Démarrer\Programmes\Démarrage\ OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2009-10-31 1298432] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ 'autocheck autochk *' . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\EDQM\\European Pharmacopoeia 4th Edition 4.05\\LPLocal.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List\c:\windows\svcho.exe] "DeleteFlag"= 1 (0x1) "Start"= 4 (0x4) . R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [18/12/2009 0:32 497856] S1 MpKsl0a2f4e31;MpKsl0a2f4e31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys [?] S1 MpKsl0ef6b901;MpKsl0ef6b901;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys [?] S1 MpKsl20c34174;MpKsl20c34174;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys [?] S1 MpKsl467063f5;MpKsl467063f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys [?] S1 MpKsl5180a6e8;MpKsl5180a6e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys [?] S1 MpKsl61b8981d;MpKsl61b8981d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys [?] S1 MpKsl782276dd;MpKsl782276dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys [?] S1 MpKsla0cb60be;MpKsla0cb60be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys [?] S1 MpKslb1566c0a;MpKslb1566c0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys [?] S1 MpKslc4e04c54;MpKslc4e04c54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys [?] S1 MpKslcc0e42ec;MpKslcc0e42ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys [?] S1 MpKsld02ed186;MpKsld02ed186;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] . Inhoud van de 'Gedeelde Taken' map . 2011-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04] . 2011-12-26 c:\windows\Tasks\Nettoyage de disque.job - c:\windows\system32\cleanmgr.exe [2006-04-10 02:33] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.be/ mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*Yahoo! Nederland IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} - hxxp://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab FF - ProfilePath - c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-30 11:25 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(568) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3568) c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2012-03-30 11:30:02 ComboFix-quarantined-files.txt 2012-03-30 09:29 ComboFix2.txt 2012-03-29 20:03 ComboFix3.txt 2012-03-29 19:21 . Pre-Run: 134.114.217.984 octets libres Post-Run: 134.135.853.056 octets libres . - - End Of File - - 627CE92C60EA418CB6E3FA9C07FB9E77
  5. HPc
    Het nieuwe ComboFix logje: ComboFix 12-03-29.02 - pela 29/03/2012 21:45:19.2.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.511.127 [GMT 2:00] Gestart vanuit: c:\documents and settings\pela\Bureau\ComboFix.exe gebruikte Opdracht switches :: c:\documents and settings\pela\Bureau\CFScript.txt AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E} . FILE :: "c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome.manifest c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images\dealplyIcon32.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences\defaults.js c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\install.rdf c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\chrome.manifest c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\components\acplus-autocomplete.js c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\components\FFHst.xpt c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\babylon.css c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\babylon.xul c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\09.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\arwDwn.gif c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\bbyln.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\buy.gif c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ae.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\bg.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ch.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cn.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\cz.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\de.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\eg.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\en.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\es.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\fr.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\gr.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\he.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\il.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\it.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ja.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\jp.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\nl.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\no.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pl.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\pt.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ro.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ru.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sa.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\se.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\sv.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\Thumbs.db c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\tr.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\ua.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\us.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\games.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\greenCard.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\help_16.gif c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\home.gif c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\icons.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\languages.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\logo.PNG c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\lottery.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mj.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\bg.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\chooseStation.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\lines.gif c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\pauseBtn.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\playBtn.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\rd_strp.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\Thumbs.db c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\privecy_16_hot.gif c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\radio.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\search.PNG c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\stat.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\tellafriend.gif c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbar_icons_games.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\toolbarIcons_casino.png c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\translate.PNG c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\imgs\vssver.scc c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\mtstart.js c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\server.js c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\content\tmplt.js c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\defaults\preferences\instlPref.js c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\extensions\ffxtlbr@babylon.com\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\install.rdf c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.js c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\content\ffjcext\ffjcext.xul c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext\ffjcext.dtd c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\install.rdf . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MFERKDET -------\Legacy_MFETDI2K -------\Legacy_MFEVTP -------\Service_mferkdet -------\Service_mfetdi2k -------\Service_mfevtp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))) . . 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\pela\Application Data\Malwarebytes 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-28 19:54 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-28 10:47 . 2012-03-28 10:47 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2012-03-28 10:47 . 2012-03-28 10:47 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-03-28 10:47 . 2012-03-28 10:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-03-28 10:47 . 2012-03-28 10:47 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-03-28 10:47 . 2012-03-28 10:47 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-03-28 10:47 . 2012-03-28 10:47 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-03-28 10:47 . 2012-03-28 10:47 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2012-03-28 10:47 . 2012-03-28 10:47 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-03-28 10:33 . 2012-03-28 10:33 388096 ----a-r- c:\documents and settings\pela\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-03-28 10:33 . 2012-03-28 10:33 -------- d-----w- c:\program files\Trend Micro 2012-03-27 22:30 . 2012-03-28 10:47 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2012-03-27 21:37 . 2008-09-29 06:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2012-03-27 21:35 . 2012-03-27 21:36 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2012-03-23 22:40 . 2012-03-23 22:40 73728 ----a-w- c:\windows\system32\javacpl.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2100-04-08 09:45 . 2001-02-26 15:10 69632 ----a-w- c:\windows\system32\Lxasmdm.dll 2012-03-28 10:47 . 2008-09-29 07:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll 2012-03-27 14:38 . 2011-09-22 11:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-23 22:40 . 2010-04-25 19:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-03 09:58 . 2006-04-10 01:39 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06 . 2012-02-20 13:14 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2006-04-10 14:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-01-04 09:26 . 2010-03-09 20:06 236576 ------w- c:\windows\system32\MpSigStub.exe 2009-12-21 21:06 . 2009-12-21 21:05 16871432 -c--a-w- c:\program files\gimp-2.6.7-i686-setup.exe 2007-09-21 16:54 . 2007-10-11 15:01 1283286 -c--a-w- c:\program files\wrar371nl.exe 2007-02-22 17:23 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe 2007-02-22 17:10 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe.bak 2001-06-20 14:19 . 2001-06-19 14:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe 2007-06-21 16:38 . 2007-06-21 16:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 17:38 . 2007-06-21 17:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 17:38 . 2007-06-21 17:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 16:38 . 2007-06-21 16:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 16:39 . 2007-06-21 16:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 16:39 . 2007-06-21 16:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 17:39 . 2007-06-21 17:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 16:39 . 2007-06-21 16:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 17:40 . 2007-06-21 17:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2008-09-29 06:07 . 2012-03-27 21:37 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-29_19.17.30 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-29 19:57 . 2012-03-29 19:57 16384 c:\windows\Temp\Perflib_Perfdata_3b8.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . c:\documents and settings\pela\Menu Démarrer\Programmes\Démarrage\ OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2009-10-31 1298432] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ 'autocheck autochk *' . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\EDQM\\European Pharmacopoeia 4th Edition 4.05\\LPLocal.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List\c:\windows\svcho.exe] "DeleteFlag"= 1 (0x1) "Start"= 4 (0x4) . R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [18/12/2009 0:32 497856] S1 MpKsl0a2f4e31;MpKsl0a2f4e31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys [?] S1 MpKsl0ef6b901;MpKsl0ef6b901;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys [?] S1 MpKsl20c34174;MpKsl20c34174;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys [?] S1 MpKsl467063f5;MpKsl467063f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys [?] S1 MpKsl5180a6e8;MpKsl5180a6e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys [?] S1 MpKsl61b8981d;MpKsl61b8981d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys [?] S1 MpKsl782276dd;MpKsl782276dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys [?] S1 MpKsla0cb60be;MpKsla0cb60be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys [?] S1 MpKslb1566c0a;MpKslb1566c0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys [?] S1 MpKslc4e04c54;MpKslc4e04c54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys [?] S1 MpKslcc0e42ec;MpKslcc0e42ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys [?] S1 MpKsld02ed186;MpKsld02ed186;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2011-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04] . 2011-12-26 c:\windows\Tasks\Nettoyage de disque.job - c:\windows\system32\cleanmgr.exe [2006-04-10 02:33] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.be/ mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*Yahoo! Nederland IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} - hxxp://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab FF - ProfilePath - c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-29 21:57 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(576) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(7788) c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe c:\windows\system32\Ati2evxx.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\windows\system32\WgaTray.exe . ************************************************************************** . Voltooingstijd: 2012-03-29 22:03:41 - machine werd herstart ComboFix-quarantined-files.txt 2012-03-29 20:03 ComboFix2.txt 2012-03-29 19:21 . Pre-Run: 134.278.684.672 octets libres Post-Run: 134.155.112.448 octets libres . - - End Of File - - 28C6F475FE3E84EFB070795031003040
  6. HPc
    De mappen zijn niet aanwezig in C: Program Files. Hier volgt het logje van ComboFix ComboFix 12-03-29.02 - pela 29/03/2012 21:05:07.1.2 - x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.32.1036.18.511.207 [GMT 2:00] Gestart vanuit: c:\documents and settings\pela\Bureau\ComboFix.exe . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\pela\Application Data\PriceGong c:\documents and settings\pela\Application Data\PriceGong\Data\1.xml c:\documents and settings\pela\Application Data\PriceGong\Data\a.xml c:\documents and settings\pela\Application Data\PriceGong\Data\b.xml c:\documents and settings\pela\Application Data\PriceGong\Data\c.xml c:\documents and settings\pela\Application Data\PriceGong\Data\d.xml c:\documents and settings\pela\Application Data\PriceGong\Data\e.xml c:\documents and settings\pela\Application Data\PriceGong\Data\f.xml c:\documents and settings\pela\Application Data\PriceGong\Data\g.xml c:\documents and settings\pela\Application Data\PriceGong\Data\h.xml c:\documents and settings\pela\Application Data\PriceGong\Data\i.xml c:\documents and settings\pela\Application Data\PriceGong\Data\J.xml c:\documents and settings\pela\Application Data\PriceGong\Data\k.xml c:\documents and settings\pela\Application Data\PriceGong\Data\l.xml c:\documents and settings\pela\Application Data\PriceGong\Data\m.xml c:\documents and settings\pela\Application Data\PriceGong\Data\mru.xml c:\documents and settings\pela\Application Data\PriceGong\Data\n.xml c:\documents and settings\pela\Application Data\PriceGong\Data\o.xml c:\documents and settings\pela\Application Data\PriceGong\Data\p.xml c:\documents and settings\pela\Application Data\PriceGong\Data\q.xml c:\documents and settings\pela\Application Data\PriceGong\Data\r.xml c:\documents and settings\pela\Application Data\PriceGong\Data\s.xml c:\documents and settings\pela\Application Data\PriceGong\Data\t.xml c:\documents and settings\pela\Application Data\PriceGong\Data\u.xml c:\documents and settings\pela\Application Data\PriceGong\Data\v.xml c:\documents and settings\pela\Application Data\PriceGong\Data\w.xml c:\documents and settings\pela\Application Data\PriceGong\Data\x.xml c:\documents and settings\pela\Application Data\PriceGong\Data\y.xml c:\documents and settings\pela\Application Data\PriceGong\Data\z.xml c:\documents and settings\pela\Recent\UitwegenPosters_infodag.pdf c:\documents and settings\pela\System c:\documents and settings\pela\System\win_qs8.jqx c:\documents and settings\pela\WINDOWS c:\windows\bwUnin-7.2.0.157-8876480SL.exe c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\IsUn0413.exe c:\windows\system32\%SYSTE~1 c:\windows\system32\%SYSTE~1\Documents and Settings\pela\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD c:\windows\system32\%SYSTE~1\Documents and Settings\pela\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SETE0.tmp c:\windows\system32\SETEC.tmp c:\windows\system32\setting.ini c:\windows\unin0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-29 )))))))))))))))))))))))))))))) . . 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\pela\Application Data\Malwarebytes 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-03-28 19:54 . 2012-03-28 19:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-03-28 19:54 . 2011-12-10 13:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-28 10:47 . 2012-03-28 10:47 28504 ----a-w- c:\program files\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2012-03-28 10:47 . 2012-03-28 10:47 87808 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-03-28 10:47 . 2012-03-28 10:47 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-03-28 10:47 . 2012-03-28 10:47 59288 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-03-28 10:47 . 2012-03-28 10:47 119968 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-03-28 10:47 . 2012-03-28 10:47 180072 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-03-28 10:47 . 2012-03-28 10:47 89624 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2012-03-28 10:47 . 2012-03-28 10:47 461864 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-03-28 10:33 . 2012-03-28 10:33 388096 ----a-r- c:\documents and settings\pela\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-03-28 10:33 . 2012-03-28 10:33 -------- d-----w- c:\program files\Trend Micro 2012-03-27 22:30 . 2012-03-28 10:47 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2012-03-27 21:37 . 2008-09-29 06:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2012-03-27 21:35 . 2012-03-27 21:36 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2012-03-23 22:40 . 2012-03-23 22:40 73728 ----a-w- c:\windows\system32\javacpl.cpl . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2100-04-08 09:45 . 2001-02-26 15:10 69632 ----a-w- c:\windows\system32\Lxasmdm.dll 2012-03-28 10:47 . 2008-09-29 07:07 22816 ----a-w- c:\windows\system32\MFEOtlk.dll 2012-03-27 14:38 . 2011-09-22 11:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-23 22:40 . 2010-04-25 19:50 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-03 09:58 . 2006-04-10 01:39 1860224 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06 . 2012-02-20 13:14 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2006-04-10 14:35 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-01-04 09:26 . 2010-03-09 20:06 236576 ------w- c:\windows\system32\MpSigStub.exe 2009-12-21 21:06 . 2009-12-21 21:05 16871432 -c--a-w- c:\program files\gimp-2.6.7-i686-setup.exe 2007-09-21 16:54 . 2007-10-11 15:01 1283286 -c--a-w- c:\program files\wrar371nl.exe 2007-02-22 17:23 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe 2007-02-22 17:10 . 2007-02-22 17:05 173406898 -c--a-w- c:\program files\so-8-pp5-bin-windows-en-US_nl.exe.bak 2001-06-20 14:19 . 2001-06-19 14:34 40960 -c--a-w- c:\program files\ACMonitor_X83.exe 2007-06-21 16:38 . 2007-06-21 16:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2007-06-21 17:38 . 2007-06-21 17:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2007-06-21 17:38 . 2007-06-21 17:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2007-06-21 16:38 . 2007-06-21 16:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2007-06-21 16:39 . 2007-06-21 16:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2007-06-21 16:39 . 2007-06-21 16:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2007-06-21 17:39 . 2007-06-21 17:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll 2007-06-21 16:39 . 2007-06-21 16:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2007-06-21 17:40 . 2007-06-21 17:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2008-09-29 06:07 . 2012-03-27 21:37 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296] "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . c:\documents and settings\pela\Menu Démarrer\Programmes\Démarrage\ OpenOffice.org 3.2 .lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ TL-WN321G Wireless Utility.lnk - c:\program files\TP-LINK\TL-WN321G\COMMON\TWCU.exe [2009-10-31 1298432] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ 'autocheck autochk *' . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\EDQM\\European Pharmacopoeia 4th Edition 4.05\\LPLocal.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List\c:\windows\svcho.exe] "DeleteFlag"= 1 (0x1) "Start"= 4 (0x4) . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [28/03/2012 12:47 89624] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [18/12/2009 0:32 497856] S1 MpKsl0a2f4e31;MpKsl0a2f4e31;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6B0E55F4-17C0-4734-8FF1-D126C111BBDF}\MpKsl0a2f4e31.sys [?] S1 MpKsl0ef6b901;MpKsl0ef6b901;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AB3E437-81CE-4B4C-8472-98CD914A0C01}\MpKsl0ef6b901.sys [?] S1 MpKsl20c34174;MpKsl20c34174;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{433B7D01-0B9D-4BB9-92CE-9DC8E7B3A171}\MpKsl20c34174.sys [?] S1 MpKsl467063f5;MpKsl467063f5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9F1D6397-8B62-4995-89F4-7646F9F5ADE9}\MpKsl467063f5.sys [?] S1 MpKsl5180a6e8;MpKsl5180a6e8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9082D861-3587-4F50-96DA-7614D2A3C0A6}\MpKsl5180a6e8.sys [?] S1 MpKsl61b8981d;MpKsl61b8981d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6CBE278C-C8F4-4E62-8EEA-B09606EC86B7}\MpKsl61b8981d.sys [?] S1 MpKsl782276dd;MpKsl782276dd;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7914F28F-E89E-4D7C-B90E-58FFF986C44F}\MpKsl782276dd.sys [?] S1 MpKsla0cb60be;MpKsla0cb60be;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D28BC52C-8578-401A-A3A6-13EB39982665}\MpKsla0cb60be.sys [?] S1 MpKslb1566c0a;MpKslb1566c0a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A6DC85C-9931-4FDE-A22F-0B2A2DD5DBA4}\MpKslb1566c0a.sys [?] S1 MpKslc4e04c54;MpKslc4e04c54;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C2D71603-6759-4F39-B785-8489AF1EA18F}\MpKslc4e04c54.sys [?] S1 MpKslcc0e42ec;MpKslcc0e42ec;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{80D9CA13-7BDB-4400-9499-91BC859C82EE}\MpKslcc0e42ec.sys [?] S1 MpKsld02ed186;MpKsld02ed186;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B67973D3-7068-4F69-80BB-E8253E922E1D}\MpKsld02ed186.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176] S2 mfevtp;McAfee Validation Trust Protection Service;"c:\windows\system32\mfevtps.exe" --> c:\windows\system32\mfevtps.exe [?] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20/10/2010 2:04 136176] S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [28/03/2012 12:47 87808] . Inhoud van de 'Gedeelde Taken' map . 2011-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04] . 2012-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 00:04] . 2011-12-26 c:\windows\Tasks\Nettoyage de disque.job - c:\windows\system32\cleanmgr.exe [2006-04-10 02:33] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.google.be/ mStart Page = hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/fuji/defaults/su/*Yahoo! Nederland IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} - hxxp://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab FF - ProfilePath - c:\documents and settings\pela\Application Data\Mozilla\Firefox\Profiles\4eec446g.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://dutch.ilsc.org/nl/index.php?rvs=hompag/ FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=toolbar2&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) HKLM-Run-ShStatEXE - c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE AddRemove-European Pharmacopoeia 4th Edition 4.05 - c:\windows\IsUn0413.exe AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-03-29 21:17 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" "C040211900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(584) c:\windows\system32\Ati2evxx.dll . Voltooingstijd: 2012-03-29 21:21:44 ComboFix-quarantined-files.txt 2012-03-29 19:21 . Pre-Run: 133.005.803.520 octets libres Post-Run: 134.260.322.304 octets libres . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect . - - End Of File - - D3D8EDE3C938D83ECB17ED5C7B470089
  7. HPc
    hijackthis.logmbam-log-2012-03-29 (11-54-41).txt
  8. HPc
    Malwarebytes Anti-Malware 1.60.1.1000www.malwarebytes.orgDatabaseversie: v2012.03.28.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702pela :: PC [administrator]29/03/2012 11:54:41mbam-log-2012-03-29 (11-54-41).txtScantype: Snelle scanIngeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUMUitgeschakelde scanopties: P2PObjecten gescand: 193651Verstreken tijd: 10 minuut/minuten, 10 seconde(n)Geheugenprocessen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)Geheugenmodulen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)Registersleutels gedetecteerd: 8HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.Registerwaarden gedetecteerd: 2HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»äG\Ê -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.Registerdata gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)Mappen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)Bestanden gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)(einde) ---------- Post toegevoegd om 18:49 ---------- Vorige post was om 18:48 ---------- Het lukt niet om ze op de gewone manier te posten, ik doe nochtans hetzelfde (Alles selecteren, Ctrl C, Ctrl V) ---------- Post toegevoegd om 18:56 ---------- Vorige post was om 18:49 ---------- Als ik het logje in het venster plak, is het goed (met spaties) na versturen vallen de spaties weg.
  9. HPc
    Het icoontje van McAfee is verwijderd van mijn desktop maar onder programma's (bij configuratiescherm) staan nog steeds:- Mc afee Agent en Mc afee virus scan enterprise. Mag ik deze manueel verwijderen.Hieronder het logje van Malwarebytes:Malwarebytes Anti-Malware 1.60.1.1000www.malwarebytes.orgDatabaseversie: v2012.03.28.06Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702pela :: PC [administrator]29/03/2012 11:54:41mbam-log-2012-03-29 (11-54-41).txtScantype: Snelle scanIngeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUMUitgeschakelde scanopties: P2PObjecten gescand: 193651Verstreken tijd: 10 minuut/minuten, 10 seconde(n)Geheugenprocessen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)Geheugenmodulen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)Registersleutels gedetecteerd: 8HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.Registerwaarden gedetecteerd: 2HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶»äG\Ê -> Succesvol in quarantaine geplaatst en verwijderd.HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.Registerdata gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)Mappen gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)Bestanden gedetecteerd: 0(Geen kwaadaardige objecten gedetecteerd)(einde) ---------- Post toegevoegd om 12:17 ---------- Vorige post was om 12:09 ---------- Het HijackThis logje:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:15:30, on 29/03/2012Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exeC:\WINDOWS\system32\spoolsv.exec:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\WgaTray.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exeC:\Program Files\Fichiers communs\Java\Java Update\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exeC:\Program Files\OpenOffice.org 3\program\soffice.exeC:\Program Files\OpenOffice.org 3\program\soffice.binC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Trend Micro\HiJackThis\HiJackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search Microsoft.com - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dllO4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logonO4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logonO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONEO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /backgroundO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exeO4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exeO8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.htmlO9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dllO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} (HtmlCtl2 Class) - http://online6.edqm.eu/ep602/NetisUtils/install/safeview.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203773523640O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cabO16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cabO16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cabO16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cabO16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SP3O17 - HKLM\Software\..\Telephony: DomainName = SP3O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLLO22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exeO23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exeO23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exeO23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exeO23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (file missing)O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe (file missing)O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing)O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\WINDOWS\system32\mfevtps.exe (file missing)O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exeO23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exeO23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exeO23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exeO23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exeO23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (file missing)O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exeO23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exeO23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exeO23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe--End of file - 13070 bytes
  10. HPc
    Het is niet gelukt om McAfee te verwijderen. Het manueel verwijderen van de 2 mappen is ook niet gelukt. Ik kreeg resp. volgende berichten: "impossible de supprimer -condl.dll -AgentRes.Dll : Accès refusé. Vérifiez que le disque n'est pas plein ou protégé en écriture, et que le fichier n'est pas utilisé actuellement." Hier volgen de 2 logjes: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.03.28.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 pela :: PC [administrator] 28/03/2012 21:55:42 mbam-log-2012-03-28 (21-55-42).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 193536 Verstreken tijd: 13 minuut/minuten, 48 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 17 HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Geen actie ondernomen. HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\AvScan (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\NetPumper (Adware.NetPumper) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{056738E1-E15C-11D6-B876-0050BF5D85C7} (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{056738ED-E15C-11D6-B876-0050BF5D85C7} (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AntiLeech.ALIE.1 (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AntiLeech.ALIE (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{056738EE-E15C-11D6-B876-0050BF5D85C7} (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶» äG\Ê -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Geen actie ondernomen. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 2 C:\Program Files\Anti-Leech (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3 (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 5 C:\Documents and Settings\pela\Local Settings\Temp\ie1B.tmp (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3\alhlp.exe (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3\alie.dll (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3\alie.inf (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:29:50, on 28/03/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo'>http://www.yahoo.com]Yahoo! Nederland R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\McAfee\SystemCore\ScriptSn.20120328124744.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} (HtmlCtl2 Class) - http://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203773523640 O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SP3 O17 - HKLM\Software\..\Telephony: DomainName = SP3 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 13536 bytes ---------- Post toegevoegd om 22:37 ---------- Vorige post was om 22:36 ---------- Het is niet gelukt om McAfee te verwijderen. Het manueel verwijderen van de 2 mappen is ook niet gelukt. Ik kreeg resp. volgende berichten: "impossible de supprimer -condl.dll -AgentRes.Dll : Accès refusé. Vérifiez que le disque n'est pas plein ou protégé en écriture, et que le fichier n'est pas utilisé actuellement." Hier volgen de 2 logjes: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Databaseversie: v2012.03.28.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 pela :: PC [administrator] 28/03/2012 21:55:42 mbam-log-2012-03-28 (21-55-42).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 193536 Verstreken tijd: 13 minuut/minuten, 48 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 17 HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Geen actie ondernomen. HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Geen actie ondernomen. HKCU\SOFTWARE\AvScan (Trojan.FakeAlert) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\NetPumper (Adware.NetPumper) -> Succesvol in quarantaine geplaatst en verwijderd. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-Leech ALIE (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\CLSID\{056738EE-E15C-11D6-B876-0050BF5D85C7} (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\TypeLib\{056738E1-E15C-11D6-B876-0050BF5D85C7} (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\Interface\{056738ED-E15C-11D6-B876-0050BF5D85C7} (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AntiLeech.ALIE.1 (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCR\AntiLeech.ALIE (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{056738EE-E15C-11D6-B876-0050BF5D85C7} (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. Registerwaarden gedetecteerd: 2 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: ©Ž±#¥aI¶» äG\Ê -> Geen actie ondernomen. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Data: -> Geen actie ondernomen. Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 2 C:\Program Files\Anti-Leech (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3 (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 5 C:\Documents and Settings\pela\Local Settings\Temp\ie1B.tmp (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3\alhlp.exe (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3\alie.dll (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3\alie.inf (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Program Files\Anti-Leech\ALIE_1.0.2.3\iesetup2.exe (Trojan.AntiLeechPlugin) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:29:50, on 28/03/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo'>http://www.yahoo.com]Yahoo! Nederland R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\McAfee\SystemCore\ScriptSn.20120328124744.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} (HtmlCtl2 Class) - http://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203773523640 O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SP3 O17 - HKLM\Software\..\Telephony: DomainName = SP3 O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 13536 bytes
  11. HPc
    Het is niet gelukt om mc afee te verwijderen. Ik kreeg volgend bericht: "Incomplete Uninstallation Enterprise software detected See log file for more details" Hier volgt het HijackThis logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:34:53, on 28/03/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\Program Files\Network Associates\Common Framework\udaterui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Network Associates\Common Framework\McTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dutch.ilsc.org/nl/index.php?rvs=hompag/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Nederland R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user') O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G\COMMON\TWCU.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/PopularScreenSaversInitialSetup1.0.1.1.cab O16 - DPF: {3743E8B0-BE34-4652-9F11-7C4EB22F39B9} (HtmlCtl2 Class) - http://online6.edqm.eu/ep602/NetisUtils/install/safeview.cab O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpnua1.ua.ac.be/CACHE/stc/1/binaries/vpnweb.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203773523640 O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SP3 O17 - HKLM\Software\..\Telephony: DomainName = SP3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vub.ac.be O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing) O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Unknown owner - C:\Program Files\TP-LINK\TL-WN321G\COMMON\RegistryWriter.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing) O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing) O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe (file missing) O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 14314 bytes
  12. HPc
    Hallo, Het lukt me niet om McAfee volledig te verwijderen. Pc is ook enorm traag. Kan iemand mij hierbij helpen. Alvast bedankt.
  13. HPc
    De 2e afbeelding is van "zoeken naar programma's die worden beïnvloed".
  14. HPc
  15. HPc
  16. HPc
  17. HPc
    Er zijn geen problemen meer:-) . Ik denk dat ik nu combofix moet verwijderen en CCleaner mag starten. En dan terug systeemherstel mag uitvoeren (zie opdracht 73) Klopt dit? Maar dat van systeemhersyel had ik niet gevonden.
  18. HPc
    OK Dit is allemaal gelukt.
  19. HPc
    Firefox 7.0.1
  20. HPc
    Ik heb de map kunnen verwijderen. Er zijn geen extensies van babylon in firefox. ---------- Post toegevoegd om 11:28 ---------- Vorige post was om 11:14 ---------- In internet explorer zit onder "zoeken" (vergrootglas) in de adresbalk ook "search the web babylon" . Ik weet niet hoe ik deze kan verwijderen.
  21. HPc
    ComboFix 12-03-13.01 - Pela 17/03/2012 11:35:15.8.4 - x86 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.1911.991 [GMT 1:00] Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . FILE :: "c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP" . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-17 to 2012-03-17 )))))))))))))))))))))))))))))) . . 2012-03-17 10:40 . 2012-03-17 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-16 13:36 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC1C82E0-B5D9-48A4-97C3-13EDC9C52770}\mpengine.dll 2012-03-14 15:56 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 15:56 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 13:28 . 2012-03-14 13:28 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2012-03-14 12:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 12:15 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 12:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 12:14 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 12:14 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 12:14 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 12:14 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 12:14 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-12 15:38 . 2012-03-12 15:38 -------- d-----w- c:\windows\system32\SPReview 2012-03-11 22:43 . 2012-03-15 14:48 -------- d-----w- C:\QUARANTINE 2012-03-11 22:29 . 2008-09-29 07:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2012-03-11 22:29 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-03-11 22:29 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-03-11 22:29 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-11 22:29 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-03-11 22:29 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-03-11 22:29 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-03-11 22:29 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-03-11 22:28 . 2012-03-11 22:28 -------- d-----w- c:\program files\Common Files\McAfee 2012-03-11 22:18 . 2012-03-11 22:28 -------- d-----w- c:\program files\McAfee 2012-03-11 22:18 . 2012-03-11 22:18 -------- d-----w- c:\program files\Common Files\Cisco Systems 2012-03-10 21:14 . 2012-03-10 21:14 -------- d-----w- c:\program files\CCleaner 2012-03-08 23:05 . 2012-03-17 10:40 -------- d-----w- c:\users\Pela\AppData\Local\temp 2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur 2012-03-06 12:26 . 2010-11-20 03:30 53120 ----a-w- c:\windows\system32\drivers\termdd.sys 2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java 2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders 2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe 2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp 2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro 2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems 2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations 2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software 2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-12 15:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-04 08:58 . 2012-02-14 21:29 442880 ----a-w- c:\windows\system32\ntshrui.dll 2011-12-30 05:27 . 2012-02-14 21:29 478720 ----a-w- c:\windows\system32\timedate.cpl 2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-09-29 07:07 . 2012-03-11 22:29 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-14_13.10.32 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-14 12:14 . 2012-01-25 13:49 58880 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpwsx.dll + 2012-03-14 12:14 . 2012-01-25 05:32 58880 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpwsx.dll + 2012-03-14 12:14 . 2012-01-25 05:38 57856 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpwsx.dll + 2012-03-14 12:14 . 2012-01-25 05:44 57856 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpwsx.dll + 2012-03-14 12:14 . 2012-02-17 04:09 24576 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_de3273e8bc1f0f12\tdtcp.sys + 2012-03-14 12:14 . 2012-02-17 04:13 24576 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_dd77c70da3257c89\tdtcp.sys + 2012-03-14 12:14 . 2012-02-17 04:16 24064 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.21151_none_dc287c7cbf13e10f\tdtcp.sys + 2012-03-14 12:14 . 2012-02-15 04:22 24064 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16963_none_db963837a5fc5ca2\tdtcp.sys + 2010-09-05 13:43 . 2012-03-16 18:09 61530 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 04:55 . 2012-03-14 12:11 38828 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2012-03-17 10:24 38828 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-10-06 18:36 . 2012-03-15 21:15 18288 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2062663584-2361553994-830336109-1000_UserData.bin + 2009-07-14 04:50 . 2012-03-17 10:23 86016 c:\windows\System32\DriverStore\infpub.dat - 2009-07-14 04:50 . 2012-03-14 12:11 86016 c:\windows\System32\DriverStore\infpub.dat + 2012-03-17 10:32 . 2012-03-17 10:32 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2012-03-13 23:28 . 2012-03-13 23:28 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - 2010-09-30 09:59 . 2012-03-14 12:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-09-30 09:59 . 2012-03-17 10:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-30 09:59 . 2012-03-14 12:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-30 09:59 . 2012-03-17 10:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:41 . 2012-03-14 12:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:41 . 2012-03-17 10:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:34 . 2012-03-17 10:26 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-03-14 13:28 . 2012-03-14 13:28 61457 c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP\WiseCustomCalla.dll + 2012-03-14 12:14 . 2012-01-25 13:42 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726\rdrmemptylst.exe + 2012-03-14 12:14 . 2012-01-25 05:27 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db\rdrmemptylst.exe + 2012-03-14 12:14 . 2012-01-25 05:33 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1\rdrmemptylst.exe + 2012-03-14 12:14 . 2012-01-25 05:40 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b\rdrmemptylst.exe + 2012-03-17 10:33 . 2012-03-17 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-14 12:09 . 2012-03-14 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-03-14 12:09 . 2012-03-14 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-17 10:33 . 2012-03-17 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-14 12:14 . 2012-02-17 04:16 152064 c:\windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4\rdpdd.dll + 2012-03-14 12:14 . 2012-01-25 13:49 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpcorekmts.dll + 2012-03-14 12:14 . 2012-01-25 05:32 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpcorekmts.dll + 2012-03-14 12:14 . 2012-01-25 05:38 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpcorekmts.dll + 2012-03-14 12:14 . 2012-01-25 05:44 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpcorekmts.dll + 2012-03-14 12:14 . 2012-02-17 04:09 183808 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys + 2012-03-14 12:14 . 2012-02-17 04:14 183808 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys + 2012-03-14 12:14 . 2012-02-17 04:16 178176 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692\rdpwd.sys + 2012-03-14 12:14 . 2012-02-15 04:22 177152 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225\rdpwd.sys + 2012-03-14 12:14 . 2012-02-17 05:30 826880 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7601.21924_none_bd9532d96d928465\rdpcore.dll + 2012-03-14 12:14 . 2012-02-17 05:34 826880 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7601.17779_none_bcda85fe5498f1dc\rdpcore.dll + 2012-03-14 12:14 . 2012-02-17 05:43 827904 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7600.21151_none_bb8b3b6d70875662\rdpcore.dll + 2012-03-14 12:14 . 2012-02-15 05:44 826368 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7600.16963_none_baf8f728576fd1f5\rdpcore.dll + 2012-03-14 12:14 . 2012-02-17 05:30 919040 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21924_none_321467207f36f8cc\rdpcorets.dll + 2012-03-14 12:14 . 2012-02-17 05:34 919040 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17779_none_3159ba45663d6643\rdpcorets.dll + 2012-03-14 12:15 . 2012-02-10 05:35 218624 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.21148_none_50b7946823e04aa2\d3d10_1core.dll + 2012-03-14 12:15 . 2012-02-10 05:35 161792 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.21148_none_50b7946823e04aa2\d3d10_1.dll + 2012-03-14 12:15 . 2012-02-10 05:41 218624 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16961_none_50117d9d0ad8fe17\d3d10_1core.dll + 2012-03-14 12:15 . 2012-02-10 05:41 161792 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16961_none_50117d9d0ad8fe17\d3d10_1.dll + 2012-03-14 12:15 . 2012-02-10 05:35 739840 c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_6.1.7600.21148_none_a82afdc6d63f2cda\d2d1.dll + 2012-03-14 12:15 . 2012-02-10 05:41 739840 c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_6.1.7600.16961_none_a784e6fbbd37e04f\d2d1.dll + 2010-10-11 18:14 . 2012-03-16 21:04 343674 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 08:27 . 2012-03-14 14:04 723522 c:\windows\System32\perfh013.dat - 2009-07-14 08:27 . 2012-03-12 18:54 723522 c:\windows\System32\perfh013.dat - 2009-07-14 08:27 . 2012-03-12 18:54 142422 c:\windows\System32\perfc013.dat + 2009-07-14 08:27 . 2012-03-14 14:04 142422 c:\windows\System32\perfc013.dat + 2009-07-14 04:33 . 2012-03-14 16:33 293456 c:\windows\System32\FNTCACHE.DAT - 2009-07-14 04:33 . 2012-03-12 16:18 293456 c:\windows\System32\FNTCACHE.DAT - 2009-07-14 04:50 . 2012-03-14 12:11 143360 c:\windows\System32\DriverStore\infstrng.dat + 2009-07-14 04:50 . 2012-03-17 10:23 143360 c:\windows\System32\DriverStore\infstrng.dat + 2009-07-14 04:50 . 2012-03-17 10:23 143360 c:\windows\System32\DriverStore\infstor.dat - 2009-07-14 04:50 . 2012-03-14 12:11 143360 c:\windows\System32\DriverStore\infstor.dat + 2009-07-14 04:47 . 2012-03-17 10:32 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:47 . 2012-03-13 23:28 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-14 12:15 . 2012-02-03 04:13 2351104 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a\win32k.sys + 2012-03-14 12:15 . 2012-02-03 03:54 2343424 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211\win32k.sys + 2012-03-14 12:15 . 2012-02-03 03:53 2350592 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5\win32k.sys + 2012-03-14 12:15 . 2012-02-03 04:01 2341376 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6\win32k.sys + 2012-03-14 15:56 . 2011-11-19 11:11 3916656 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe + 2012-03-14 15:56 . 2011-11-19 11:11 3971440 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe + 2012-03-14 15:56 . 2011-11-19 14:50 3913584 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe + 2012-03-14 15:56 . 2011-11-19 14:50 3968368 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe + 2012-03-14 15:56 . 2011-11-19 11:24 3915632 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntoskrnl.exe + 2012-03-14 15:56 . 2011-11-19 11:24 3971440 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe + 2012-03-14 15:56 . 2011-11-19 14:25 3902320 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntoskrnl.exe + 2012-03-14 15:56 . 2011-11-19 14:25 3957616 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe + 2012-03-14 12:15 . 2012-02-10 05:35 1170944 c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229\d3d10warp.dll + 2012-03-14 12:15 . 2012-02-10 05:41 1170944 c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e\d3d10warp.dll + 2012-03-14 12:15 . 2012-02-10 05:27 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693\DWrite.dll + 2012-03-14 12:15 . 2012-02-10 05:38 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61\DWrite.dll + 2012-03-14 12:15 . 2012-02-10 05:35 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c\DWrite.dll + 2012-03-14 12:15 . 2012-02-10 05:41 1074176 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1\DWrite.dll - 2009-07-14 04:34 . 2012-03-13 14:37 7113772 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:34 . 2012-03-14 16:36 7113772 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2011-09-12 19:58 . 2012-03-14 15:58 6116196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-12288.dat + 2010-11-15 16:38 . 2012-03-14 15:57 54215544 c:\windows\System32\MRT.exe + 2010-10-19 19:47 . 2012-03-17 10:32 32306807 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-8192.dat + 2011-11-02 01:11 . 2012-03-17 10:33 47497476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat + 2011-05-18 20:04 . 2012-03-14 15:56 150572603 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . 2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1 FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-17 11:41:11 ComboFix-quarantined-files.txt 2012-03-17 10:41 ComboFix2.txt 2012-03-15 15:01 ComboFix3.txt 2012-03-14 15:46 ComboFix4.txt 2012-03-14 13:17 ComboFix5.txt 2012-03-17 10:34 . Pre-Run: 182.754.869.248 bytes beschikbaar Post-Run: 182.615.654.400 bytes beschikbaar . - - End Of File - - 6E28546B36A54A6009FB3A67E08AA310
  22. HPc
    Ja ik heb ACDSee inderdaad verwijderd. Bovenstaande opdracht is niet gelukt, omdat de antivirusscan op stand. Mag ik deze herhalen? Log inhoud: ComboFix 12-03-13.01 - Pela 15/03/2012 15:48:57.7.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.1911.798 [GMT 1:00] Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Aanwezig AV is actief . . FILE :: "c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP" . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))) . . 2012-03-15 14:58 . 2012-03-15 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-14 15:56 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-14 15:56 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-14 13:28 . 2012-03-14 13:28 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2012-03-14 12:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 12:15 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 12:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 12:14 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 12:14 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 12:14 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 12:14 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-14 12:14 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-13 09:01 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BA3B933-7B70-4D3E-A24E-049E3BD621FD}\mpengine.dll 2012-03-12 15:38 . 2012-03-12 15:38 -------- d-----w- c:\windows\system32\SPReview 2012-03-11 22:43 . 2012-03-15 14:48 -------- d-----w- C:\QUARANTINE 2012-03-11 22:29 . 2008-09-29 07:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2012-03-11 22:29 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-03-11 22:29 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-03-11 22:29 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-11 22:29 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-03-11 22:29 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-03-11 22:29 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-03-11 22:29 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-03-11 22:28 . 2012-03-11 22:28 -------- d-----w- c:\program files\Common Files\McAfee 2012-03-11 22:18 . 2012-03-11 22:28 -------- d-----w- c:\program files\McAfee 2012-03-11 22:18 . 2012-03-11 22:18 -------- d-----w- c:\program files\Common Files\Cisco Systems 2012-03-10 21:14 . 2012-03-10 21:14 -------- d-----w- c:\program files\CCleaner 2012-03-08 23:05 . 2012-03-15 14:58 -------- d-----w- c:\users\Pela\AppData\Local\temp 2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur 2012-03-06 12:26 . 2010-11-20 03:30 53120 ----a-w- c:\windows\system32\drivers\termdd.sys 2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java 2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders 2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe 2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp 2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro 2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems 2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations 2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software 2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent 2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-14 21:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-14 21:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-14 21:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-12 15:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-09-29 07:07 . 2012-03-11 22:29 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1 FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.bmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.dib" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djvu" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jfif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpe" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpeg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.png" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tiff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-15 16:01:15 ComboFix-quarantined-files.txt 2012-03-15 15:01 ComboFix2.txt 2012-03-14 15:46 ComboFix3.txt 2012-03-14 13:17 ComboFix4.txt 2012-03-09 20:23 . Pre-Run: 183.316.680.704 bytes beschikbaar Post-Run: 183.037.063.168 bytes beschikbaar . - - End Of File - - DD0D802C08228149643D48DAA1E90838
  23. HPc
    ComboFix 12-03-13.01 - Pela 14/03/2012 16:31:25.6.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.1911.912 [GMT 1:00] Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\sho4EBC.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\sho4EBC.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))) . . 2012-03-14 15:39 . 2012-03-14 15:39 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-14 13:28 . 2012-03-14 13:28 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP 2012-03-13 09:30 . 2012-03-14 13:35 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BA3B933-7B70-4D3E-A24E-049E3BD621FD}\offreg.dll 2012-03-13 09:01 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BA3B933-7B70-4D3E-A24E-049E3BD621FD}\mpengine.dll 2012-03-12 15:38 . 2012-03-12 15:38 -------- d-----w- c:\windows\system32\SPReview 2012-03-11 22:43 . 2012-03-11 22:43 -------- d-----w- C:\QUARANTINE 2012-03-11 22:29 . 2008-09-29 07:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2012-03-11 22:29 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-03-11 22:29 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-03-11 22:29 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-11 22:29 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-03-11 22:29 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-03-11 22:29 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-03-11 22:29 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-03-11 22:28 . 2012-03-11 22:28 -------- d-----w- c:\program files\Common Files\McAfee 2012-03-11 22:18 . 2012-03-11 22:28 -------- d-----w- c:\program files\McAfee 2012-03-11 22:18 . 2012-03-11 22:18 -------- d-----w- c:\program files\Common Files\Cisco Systems 2012-03-10 21:14 . 2012-03-10 21:14 -------- d-----w- c:\program files\CCleaner 2012-03-08 23:05 . 2012-03-14 15:39 -------- d-----w- c:\users\Pela\AppData\Local\temp 2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur 2012-03-06 12:26 . 2010-11-20 03:30 53120 ----a-w- c:\windows\system32\drivers\termdd.sys 2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java 2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders 2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe 2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp 2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro 2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems 2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations 2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software 2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent 2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-14 21:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-14 21:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-14 21:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-14 21:29 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-12 15:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-09-29 07:07 . 2012-03-11 22:29 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-03-14_13.10.32 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:50 . 2012-03-14 14:02 86016 c:\windows\System32\DriverStore\infpub.dat - 2009-07-14 04:50 . 2012-03-14 12:11 86016 c:\windows\System32\DriverStore\infpub.dat + 2010-09-30 09:59 . 2012-03-14 13:56 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-30 09:59 . 2012-03-14 12:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-09-30 09:59 . 2012-03-14 12:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-09-30 09:59 . 2012-03-14 13:56 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:41 . 2012-03-14 12:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:41 . 2012-03-14 13:56 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-03-14 13:28 . 2012-03-14 13:28 61457 c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP\WiseCustomCalla.dll - 2009-07-14 08:27 . 2012-03-12 18:54 723522 c:\windows\System32\perfh013.dat + 2009-07-14 08:27 . 2012-03-14 14:04 723522 c:\windows\System32\perfh013.dat + 2009-07-14 02:05 . 2012-03-14 14:04 636632 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2012-03-12 18:54 636632 c:\windows\System32\perfh009.dat + 2009-07-14 08:27 . 2012-03-14 14:04 142422 c:\windows\System32\perfc013.dat - 2009-07-14 08:27 . 2012-03-12 18:54 142422 c:\windows\System32\perfc013.dat - 2009-07-14 02:05 . 2012-03-12 18:54 114352 c:\windows\System32\perfc009.dat + 2009-07-14 02:05 . 2012-03-14 14:04 114352 c:\windows\System32\perfc009.dat - 2009-07-14 04:50 . 2012-03-14 12:11 143360 c:\windows\System32\DriverStore\infstrng.dat + 2009-07-14 04:50 . 2012-03-14 14:02 143360 c:\windows\System32\DriverStore\infstrng.dat - 2009-07-14 04:50 . 2012-03-14 12:11 143360 c:\windows\System32\DriverStore\infstor.dat + 2009-07-14 04:50 . 2012-03-14 14:02 143360 c:\windows\System32\DriverStore\infstor.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1 FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.bmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.dib" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djvu" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jfif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpe" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpeg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.png" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tiff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-14 16:46:26 ComboFix-quarantined-files.txt 2012-03-14 15:46 ComboFix2.txt 2012-03-14 13:17 ComboFix3.txt 2012-03-09 20:23 . Pre-Run: 183.686.569.984 bytes beschikbaar Post-Run: 183.794.933.760 bytes beschikbaar . - - End Of File - - 6899D43B142001F7909A50BC3AF433A5 Hoe kan ik de vergrendelde registersleutels van ACDSee verwijderen ?
  24. HPc
    Hier volgt het logbestand van combofix: ComboFix 12-03-13.01 - Pela 14/03/2012 14:02:18.5.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.1911.750 [GMT 1:00] Gestart vanuit: c:\users\Pela\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\security\Database\tmp.edb . . (((((((((((((((((((( Bestanden Gemaakt van 2012-02-14 to 2012-03-14 )))))))))))))))))))))))))))))) . . 2012-03-14 13:10 . 2012-03-14 13:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-13 09:30 . 2012-03-13 09:30 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BA3B933-7B70-4D3E-A24E-049E3BD621FD}\offreg.dll 2012-03-13 09:01 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BA3B933-7B70-4D3E-A24E-049E3BD621FD}\mpengine.dll 2012-03-12 17:32 . 2012-03-12 17:32 0 ----a-w- c:\windows\system32\sho4EBC.tmp 2012-03-12 15:38 . 2012-03-12 15:38 -------- d-----w- c:\windows\system32\SPReview 2012-03-11 22:43 . 2012-03-11 22:43 -------- d-----w- C:\QUARANTINE 2012-03-11 22:29 . 2008-09-29 07:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2012-03-11 22:29 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-03-11 22:29 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-03-11 22:29 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-11 22:29 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-03-11 22:29 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys 2012-03-11 22:29 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-03-11 22:29 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-03-11 22:28 . 2012-03-11 22:28 -------- d-----w- c:\program files\Common Files\McAfee 2012-03-11 22:18 . 2012-03-11 22:28 -------- d-----w- c:\program files\McAfee 2012-03-11 22:18 . 2012-03-11 22:18 -------- d-----w- c:\program files\Common Files\Cisco Systems 2012-03-10 21:14 . 2012-03-10 21:14 -------- d-----w- c:\program files\CCleaner 2012-03-08 23:05 . 2012-03-14 13:10 -------- d-----w- c:\users\Pela\AppData\Local\temp 2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur 2012-03-06 12:26 . 2010-11-20 03:30 53120 ----a-w- c:\windows\system32\drivers\termdd.sys 2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java 2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders 2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe 2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp 2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro 2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems 2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems 2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems 2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations 2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software 2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software 2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent 2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll 2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll 2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-14 21:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl 2012-02-14 21:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll 2012-02-14 21:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-02-14 21:29 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-12 15:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll 2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe 2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2008-09-29 07:07 . 2012-03-11 22:29 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496] "FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024] "Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] . . Inhoud van de 'Gedeelde Taken' map . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . 2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.bing.com/ TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1 FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\ FF - prefs.js: browser.search.selectedEngine - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.032" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.abr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ani" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.apd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.arw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bay" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.bmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.bw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.crw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cs1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.cur" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.dib" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djv" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.djvu" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.dng" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.emf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.eps" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.erf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.fpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.gif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.hdr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.icn" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ilbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.int" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.inta" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.iw4" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2c" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.j2k" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jfif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jp2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpe" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpeg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.jpg" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpk" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.jpx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.kdc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.lbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mos" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.mrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.nrw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.orf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pbr" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pct" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pcx" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pef" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pgm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pic" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pict" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pix" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.png" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ppm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psd" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.psp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspbrush" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.pspimage" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ras" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.raw" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rgba" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rle" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rsb" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rw2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.rwl" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sgi" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.sr2" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.srf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.tga" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.thm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000) "Progid"="ACDSee Pro 3.tiff" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttc" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.ttf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wbmp" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.wmf" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xbm" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xif" . [HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 3.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-03-14 14:17:03 ComboFix-quarantined-files.txt 2012-03-14 13:17 ComboFix2.txt 2012-03-09 20:23 . Pre-Run: 183.746.916.352 bytes beschikbaar Post-Run: 183.803.809.792 bytes beschikbaar . - - End Of File - - 30BEB525792FA360E46911C8EC244750
  25. HPc
    Babylon verschijnt weer zomaar ineens als ik een internetadres intyp . Hieronder volgt het nieuw hijack this logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:34:48, on 13/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\dell\DBRM\Reminder\DbrmTrayicon.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- End of file - 7764 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.