Inhoud van HPc - Pagina 5

13 maart 2012

in "systeembeveiliging" zijn er geen vinkjes om weg te halen. Ik zie wel het volgende:

- systeemherstel

- beveiligingsinstellingen

-beschikbare stations

-RECOVERY

- OS(C:)systeem

- herstelinstellingen configureren,schijfruimte beheren en herstelpunten verwijderen

- nu een herstelpunt maken voor de stations waarvoor de systeembeveiliging is ingeschakeld

13 maart 2012

Ik heb de lijnen kunnen verwijderen, dit is pas in veilige modus gelukt. Voor het verwijderen was het icoontje van CCleaner veranderd op mijn desktop, nu is dit weer hersteld.

Mag ik CCleaner nog gebruiken?

13 maart 2012

Nee ik heb geen last meer van bitvertiser.

--> Hier volgt de log van hijackt this:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:24:53, on 13/03/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Windows\system32\wuauclt.exe

C:\dell\DBRM\Reminder\DbrmTrayicon.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer wordt aangeboden door MSN and Bing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)

O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

--

End of file - 8078 bytes

--> Log van malwarebytes:

Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000

www.malwarebytes.org

Databaseversie: v2012.03.13.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Pela :: PELA-PC [administrator]

Realtime bescherming: Uitgeschakeld

13/03/2012 10:40:18

mbam-log-2012-03-13 (10-40-18).txt

Scantype: Snelle scan

Uitgeschakelde scanopties: P2P

Objecten gescand: 179247

Verstreken tijd: 7 minuut/minuten, 28 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

12 maart 2012

Ik heb de pc laten scannen door mc affee virusscanner. Deze heeft volgende trojaanse paarden gedetecteerd en verwijderd:

XCPT-HOOK1 TDSS.e!rootkit (Paard van Troje)

ODS(Volledige scan) IRP_MJ_INTERNAL_DEVICE_CONTROL TDSS.f!rootkit (Paard van Troje)

ODS(Volledige scan) c:\Documents and Settings\All Users\d1g8eWjHhWVw40 FakeAlert!grb (Paard van Troje)

ODS(Volledige scan) c:\Documents and Settings\All Users\~d1g8eWjHhWVw40 FakeAlert!grb (Paard van Troje)

ODS(Volledige scan) c:\Documents and Settings\All Users\~d1g8eWjHhWVw40r FakeAlert!grb (Paard van Troje)

Hierna is het wel gelukt om SP1 te installeren .

11 maart 2012

De installatie van SP1 is niet gelukt. Ik heb de instructies gevolgd van Fout bij de installatie van Windows 7 en Windows Server 2008 R2 Service Pack 1 (SP1): 0x800F0A12

[h=4]-->Fout luidt: "Opslag van opstartconfiguratiegegevens kon niet worden geopend. Het systeem kan het opgegeven bestand niet vinden."[/h]Deze fout kan optreden als de systeempartitie tijdens het opstarten niet wordt gekoppeld of niet toegankelijk is voor Windows.

...

[h=4]--> Na intypen van mountvol/ E in opdrachtprompt en heropstarten is het weer niet gelukt. Moet ik het in veilige modus proberen?[/h]

10 maart 2012

De scan met CC cleaner is gelukt

Kan ik nu windows service pack 1 installeren?

Is het beter om in het vervolg nooit meer gebruik te maken van "babylon" ?

10 maart 2012

Omdat Combofix niet van het bureaublad werd verwijderd na intypen van ComboFix /Uninstall, heb ik dit manueel verwijderd. Als ik nu Combofix /Uninstall intyp gebeurt er niets. Moet ik terug Combofix downloaden en daarna terug Combofix /Uninstall intypen?

Of mag ik verder doen met opdracht 60.

10 maart 2012

Na intypen van ComboFix /Uninstall verschijnt er na een tijdje weer zo'n blauw venster met "even geduld combofix wordt opgestart." Is dit de bedoeling of is er iets misgelopen?

9 maart 2012

De nieuwe inhoud van combofix:

ComboFix 12-03-09.05 - Pela 09/03/2012 20:33:34.4.4 - x86 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.1118 [GMT 1:00]

Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-09 to 2012-03-09 ))))))))))))))))))))))))))))))

.

2012-03-09 20:07 . 2012-03-09 20:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-09 10:16 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE9A39F4-9775-4B94-A07E-6D59BFB66419}\mpengine.dll

2012-03-08 23:05 . 2012-03-09 20:07 -------- d-----w- c:\users\Pela\AppData\Local\temp

2012-03-08 15:45 . 2012-03-08 15:45 -------- d-----w- c:\windows\system32\SPReview

2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur

2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java

2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders

2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe

2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp

2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro

2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro

2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems

2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems

2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems

2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations

2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software

2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software

2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent

2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll

2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-14 21:29 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl

2012-02-14 21:29 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-14 21:29 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-14 21:29 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys

2012-02-11 21:56 . 2012-02-11 21:56 -------- d-----w- c:\users\Pela\AppData\Local\Apps

2012-02-10 20:03 . 2012-02-10 20:10 -------- d-----w- c:\users\Pela\AppData\Roaming\Systweak

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-14 17:43 . 2011-11-17 17:33 704336 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-03-06_20.31.19 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-05 13:43 . 2012-03-09 19:15 58172 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2012-03-09 19:15 38064 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-10-06 18:36 . 2012-03-09 19:15 17110 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2062663584-2361553994-830336109-1000_UserData.bin

- 2009-07-14 04:50 . 2012-03-06 19:25 86016 c:\windows\System32\DriverStore\infpub.dat

+ 2009-07-14 04:50 . 2012-03-09 19:14 86016 c:\windows\System32\DriverStore\infpub.dat

+ 2012-03-09 19:21 . 2012-03-09 19:21 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-03-06 19:23 . 2012-03-06 19:23 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2010-09-30 09:59 . 2012-03-06 19:38 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-30 09:59 . 2012-03-08 23:18 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-30 09:59 . 2012-03-08 23:18 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-09-30 09:59 . 2012-03-06 19:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2012-03-08 23:18 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2012-03-06 19:38 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-03-06 19:24 . 2012-03-06 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-09 19:22 . 2012-03-09 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-06 19:24 . 2012-03-06 19:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-09 19:22 . 2012-03-09 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-08 15:41 . 2012-03-08 15:41 152576 c:\windows\winsxs\Temp\PendingRenames\456c0ff441fdcc01570800006c0ba815.msclmd.dll

+ 2012-03-08 13:06 . 2012-03-08 13:06 152576 c:\windows\winsxs\Temp\PendingRenames\0bc6d1532cfdcc01570800008015a810.msclmd.dll

+ 2010-10-11 18:14 . 2012-03-09 11:16 330402 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2012-03-08 15:45 . 2012-03-08 15:29 253952 c:\windows\System32\SPReview\spwizui.dll

- 2012-03-06 12:47 . 2012-03-06 12:21 253952 c:\windows\System32\SPReview\spwizui.dll

- 2012-03-06 12:47 . 2012-03-06 12:21 280576 c:\windows\System32\SPReview\spreview.exe

+ 2012-03-08 15:45 . 2012-03-08 15:29 280576 c:\windows\System32\SPReview\spreview.exe

+ 2012-03-08 15:45 . 2012-03-08 15:29 190464 c:\windows\System32\SPReview\sperror.dll

- 2012-03-06 12:47 . 2012-03-06 12:21 190464 c:\windows\System32\SPReview\sperror.dll

+ 2009-07-14 04:50 . 2012-03-09 19:14 143360 c:\windows\System32\DriverStore\infstrng.dat

- 2009-07-14 04:50 . 2012-03-06 19:25 143360 c:\windows\System32\DriverStore\infstrng.dat

+ 2009-07-14 04:50 . 2012-03-09 19:14 143360 c:\windows\System32\DriverStore\infstor.dat

- 2009-07-14 04:50 . 2012-03-06 19:25 143360 c:\windows\System32\DriverStore\infstor.dat

- 2009-07-14 04:47 . 2012-03-06 19:23 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:47 . 2012-03-09 19:21 276968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 02:03 . 2012-03-09 10:26 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat

- 2009-07-14 02:03 . 2012-03-06 18:03 7340032 c:\windows\System32\SMI\Store\Machine\schema.dat

+ 2011-09-12 19:58 . 2012-03-08 16:13 2062676 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-12288.dat

+ 2010-10-19 19:47 . 2012-03-09 19:21 30506024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-8192.dat

- 2011-11-02 01:11 . 2012-03-06 19:23 47221300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat

+ 2011-11-02 01:11 . 2012-03-09 19:04 47221300 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]

"FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648]

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.bing.com/

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 6.1.7600 Disk: WDC_WD25 rev.01.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

.

device: opened successfully

user: MBR read successfully

kernel: MBR read successfully

user != kernel MBR !!!

error: Read Kan de opdracht niet uitvoeren door een fout in een I/O-apparaat.

sectors 488397151 (+0): user != kernel

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.032"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.abr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ani"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.apd"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.arw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bay"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.bmp"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cr2"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.crw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cs1"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cur"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dcr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dcx"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.dib"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.djv"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.djvu"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dng"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.emf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.eps"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.erf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.fff"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.fpx"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.gif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.hdr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.icl"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.icn"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.iff"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ilbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.int"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.inta"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.iw4"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.j2c"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.j2k"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jbr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.jfif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jp2"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpc"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.jpe"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.jpeg"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.jpg"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpk"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpx"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.kdc"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.lbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mef"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mos"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mrw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.nef"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.nrw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.orf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pbr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pcd"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pct"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pcx"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pef"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pgm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pic"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pict"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pix"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.png"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ppm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.psd"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.psp"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pspbrush"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pspimage"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.raf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ras"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.raw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rgb"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rgba"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rle"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rsb"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rw2"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rwl"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.sgi"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.sr2"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.srf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.tga"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.thm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.tif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.tiff"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ttc"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ttf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30po"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30pp"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.v30ppf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wbmp"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wmf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xmp"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xpm"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(1192)

c:\windows\system32\MSHTML.dll

.

Voltooingstijd: 2012-03-09 21:22:51

ComboFix-quarantined-files.txt 2012-03-09 20:22

ComboFix2.txt 2012-03-08 23:05

ComboFix3.txt 2012-03-08 17:45

ComboFix4.txt 2012-03-06 20:47

.

Pre-Run: 184.637.460.480 bytes beschikbaar

Post-Run: 184.428.294.144 bytes beschikbaar

.

- - End Of File - - 1D66DF67C4FF59B43E70B6BD3F99C2FC

8 maart 2012

de inhoud van Combofix.txt:

ComboFix 12-03-06.01 - Pela 08/03/2012 23:15:09.3.4 - x86 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1911.1158 [GMT 1:00]

Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}

c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi

c:\users\Pela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-08 to 2012-03-08 ))))))))))))))))))))))))))))))

.

2012-03-08 22:49 . 2012-03-08 22:50 -------- d-----w- c:\users\Pela\AppData\Local\temp

2012-03-08 22:49 . 2012-03-08 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-08 15:45 . 2012-03-08 15:45 -------- d-----w- c:\windows\system32\SPReview

2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur

2012-03-06 12:24 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0D0C1191-9F5C-482F-82E5-CD3FD342CE36}\mpengine.dll