Ga naar inhoud

Footlloose

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    9

  • Registratiedatum

  • Laatst bezocht

Over Footlloose

  • Verjaardag 16-01-1956

PC Specificaties

  • Besturingssysteem
    windows vista

Footlloose's prestaties

Groentje

Groentje (2/14)

  • Eerste post
  • Gespreksstarter
  • Week één klaar
  • Een maand later
  • Een jaar binnen

Recente badges

0

Reputatie

  1. Footlloose
    het is een Packars Bell ipower sli (quad processor) eswc, maar momenteel ben ik opgenomen in het ziekenhuis, dus de juiste gegevens zal ik pas later kunnen meedelen, ik laat wel weten wanneer ik terug thuis ben en dank alvast iedereen van jullie voor de hulp, tijd en moeite die jullie reeds voor mij gemaakt hebben. Jullie zijn toppers, thxs; Jan.
  2. Footlloose
    Opstart via veilige modus ook niet meer mogelijk nu. Vermelding BOOTMGR is missing. - - - Updated - - - Neen, die vista stond op de pc bij aankoop, ik bezit nog wel een xp.
  3. Footlloose
    Nu kan ik mijn pc niet meer opstarten, zelfs niet in veilige modus.Bij startup krijg ik de melding BOOTMGR is missing.
  4. Footlloose
    Nu kan ik zelfs niet meer in veilige modus opstarten, wanneer ik de pc aanzet krijg ik de melding BOOTMGR is missing (Press Ctrl/alt/del to restart)
  5. Footlloose
    Zoek.exe Version 4.0.0.4 Updated 26-07-2013 Tool run by SYSTEM on zo 28-07-2013 at 18:58:30,51. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\771WRDN1\zoek (2).exe [Checkboxes used] ==== Older Logs ====================== C:\zoek-results28-07-2013-1858.log 225 bytes ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\SYSTEM32\wininit.exe C:\Windows\SYSTEM32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\771WRDN1\zoek (2).exe - - - Updated - - - Zoek.exe Version 4.0.0.4 Updated 26-07-2013 Tool run by SYSTEM on zo 28-07-2013 at 18:58:30,51. Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x64 Running in: Safe Mode NETWORK Internet Access Detected Launched: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\771WRDN1\zoek (2).exe [Checkboxes used] ==== Older Logs ====================== C:\zoek-results28-07-2013-1858.log 225 bytes ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\SYSTEM32\wininit.exe C:\Windows\SYSTEM32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\Explorer.EXE C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\771WRDN1\zoek (2).exe ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== "\bootmgr" not deleted "\settings.ini" deleted "\msdia80.dll" deleted "C:\Windows\SysNative\roboot64.exe" deleted "C:\ProgramData\nvUnsupRes.dat" deleted "C:\windows\SysNative\Tasks\Express FilesUpdate" deleted "C:\user.js" deleted "\Temp" deleted "\Casino" deleted "C:\Windows\syswow64\appdata" deleted "C:\Program Files (x86)\1ClickDownload" deleted "C:\Program Files (x86)\Conduit" deleted "C:\Program Files (x86)\Conduit_Apps" deleted "C:\found.000" deleted "C:\ProgramData\iWin" deleted "C:\ProgramData\InstallMate" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Premium" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder" deleted "C:\Windows\SysWow64\searchplugins" deleted "C:\Windows\SysWow64\Extensions" deleted
  6. Footlloose
    bij deze log van Combifix; ComboFix 13-07-27.01 - SYSTEM 27-07-2013 19:59:58.1.4 - x64 NETWORK Gestart vanuit: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\771WRDN1\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt * Aanwezig AV is actief (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) ---- Voorgaande Run ------- C:\Program Files (x86)\autorun.inf C:\ProgramData\100 C:\Users\footloose\AppData\Roaming\PriceGong C:\Users\footloose\AppData\Roaming\PriceGong\Data\1.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\a.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\b.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\c.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\d.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\e.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\f.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\g.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\h.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\i.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\j.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\k.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\l.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\m.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\mru.xml C:\Users\footloose\AppData\Roaming\PriceGong\Data\n.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\o.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\p.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\q.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\r.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\s.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\t.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\u.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\v.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\w.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\wlu.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\x.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\y.txt C:\Users\footloose\AppData\Roaming\PriceGong\Data\z.txt C:\Users\footloose\AppData\Roaming\Roaming C:\Users\footloose\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt C:\Windows\IsUn0413.exe C:\Windows\SysWow64\muzapp.exe C:\Windows\SysWow64\Packet.dll C:\Windows\SysWow64\pthreadVC.dll C:\Windows\SysWow64\wpcap.dll C:\Windows\wininit.ini -- Voorgaande Run -- C:\Windows\SysWow64\userinit.exe . . . is geïnfecteerd!! -------- C:\Windows\SysWow64\wshtcpip.dll . . . is geïnfecteerd!! ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF (((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-28 )))))))))))))))))))))))))))))) 2013-07-27 18:12:32 . 2013-07-27 18:12:32 -------- dc----w- C:\Users\UpdatusUser\AppData\Local\temp 2013-07-27 18:12:32 . 2013-07-27 18:12:32 -------- dc----w- C:\Users\footloose\AppData\Local\temp 2013-07-27 18:12:32 . 2013-07-27 18:12:32 -------- dc----w- C:\Users\Default\AppData\Local\temp 2013-07-27 18:12:32 . 2013-07-27 18:12:32 -------- d-----w- C:\Users\Gast\AppData\Local\temp 2013-07-27 08:58:18 . 2013-07-27 08:58:18 -------- dc----w- C:\ProgramData\Malwarebytes 2013-07-27 08:58:18 . 2013-04-04 12:50:32 25928 -c--a-w- C:\Windows\system32\drivers\mbam.sys 2013-07-27 08:58:17 . 2013-07-27 08:59:03 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-07-21 13:15:33 . 2013-07-27 18:18:39 378944 -c--a-w- C:\Windows\system32\drivers\aswSP.sys 2013-07-21 13:15:33 . 2013-05-09 08:59:06 33400 -c--a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2013-07-21 13:15:13 . 2013-05-09 08:59:06 270824 -c--a-w- C:\Windows\system32\drivers\aswNdis2.sys 2013-07-21 13:15:12 . 2013-07-27 18:18:39 1030952 -c--a-w- C:\Windows\system32\drivers\aswSnx.sys 2013-07-21 13:15:12 . 2013-05-09 08:59:07 64288 -c--a-w- C:\Windows\system32\drivers\aswTdi.sys 2013-07-21 13:15:12 . 2013-05-09 08:59:07 59144 -c--a-w- C:\Windows\system32\drivers\aswRdr.sys 2013-07-21 13:15:12 . 2013-05-09 08:59:06 22600 -c--a-w- C:\Windows\system32\drivers\aswKbd.sys 2013-07-21 13:15:12 . 2013-05-09 08:59:06 131232 -c--a-w- C:\Windows\system32\drivers\aswFW.sys 2013-07-21 13:15:11 . 2013-07-27 18:18:39 189936 -c--a-w- C:\Windows\system32\drivers\aswVmm.sys 2013-07-21 13:15:11 . 2013-05-09 08:59:07 65336 -c--a-w- C:\Windows\system32\drivers\aswRvrt.sys 2013-07-21 13:15:11 . 2013-05-09 08:59:06 80816 -c--a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2013-07-21 13:14:51 . 2013-05-09 08:58:11 287840 -c--a-w- C:\Windows\system32\aswBoot.exe 2013-07-21 13:14:43 . 2013-03-13 17:01:59 12368 -c--a-w- C:\Windows\system32\drivers\aswNdis.sys 2013-07-21 13:14:19 . 2013-05-09 08:58:37 41664 -c--a-w- C:\Windows\avastSS.scr 2013-07-21 13:13:53 . 2013-07-21 13:13:53 -------- dc----w- C:\Program Files\AVAST Software 2013-07-21 13:13:35 . 2013-07-21 13:13:53 -------- dc----w- C:\ProgramData\AVAST Software 2013-07-21 09:02:59 . 2013-07-21 13:28:15 -------- dc----w- C:\Users\TEMP 2013-07-13 15:34:55 . 2013-07-13 15:42:11 -------- dc----w- C:\Windows\system32\MRT 2013-07-01 16:48:44 . 2013-04-24 04:09:48 174592 -c--a-w- C:\Windows\system32\cryptsvc.dll 2013-07-01 16:44:59 . 2013-05-02 04:16:27 686080 -c--a-w- C:\Windows\system32\win32spl.dll 2013-07-01 16:44:59 . 2013-05-02 04:04:25 443904 -c--a-w- C:\Windows\SysWow64\win32spl.dll 2013-07-01 16:44:59 . 2013-05-02 04:03:42 37376 -c--a-w- C:\Windows\SysWow64\printcom.dll 2013-07-01 16:37:26 . 2013-07-01 16:37:21 96168 -c--a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-07-01 16:47:55 . 2012-03-31 07:19:27 692104 -c--a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-01 16:47:55 . 2011-06-03 03:32:53 71048 -c--a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-01 16:37:20 . 2012-08-24 23:10:50 867240 -c--a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-07-01 16:37:20 . 2010-05-17 18:02:58 789416 -c--a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-23 22:57:12 . 2006-11-02 12:35:00 78277128 -c--a-w- C:\Windows\system32\mrt.exe 2013-05-08 11:59:33 . 2013-05-08 11:59:33 53248 -c--a-r- C:\Users\footloose\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2013-05-08 11:59:24 . 2012-12-30 16:47:53 18960 -c--a-w- C:\Windows\system32\drivers\LNonPnP.sys 2013-05-02 08:34:26 . 2010-06-24 09:33:56 22240 -c--a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2010-11-16 07:45:54 . 2011-03-17 15:21:54 35 -c--a-w- C:\Program Files (x86)\run.bat 2010-04-27 05:56:52 . 2011-03-17 15:21:54 1100664 -c--a-w- C:\Program Files (x86)\setup.pkg ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 05:32:50 253816] "ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 05:15:22 221184] "ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30:30 81920] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2013-05-09 08:58:30 4858968] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 12:50:32 532040] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - C:\Program Files (x86)\Ralink\Common\RaUI.exe -s [2013-1-25 15642512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\main.exe] "Debugger"="C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\nvcplui.exe] "Debugger"="C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\presentationhost.exe] "Debugger"="C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\skype.exe] "Debugger"="C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "WZCSLDR2"="C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe" "WinampAgent"="C:\Program Files (x86)\Winamp\winampa.exe" "D-Link D-Link DWA-125"="C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe" "ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start "Realtime Audio Engine"="mmrtkrnl.exe" /i "NSU_agent"="C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe" --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - ECACHE HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes Inhoud van de 'Gedeelde Taken' map 2013-07-19 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 07:19:27 . 2013-07-01 16:47:55] 2013-07-21 C:\Windows\Tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-07-21 13:14:16 . 2013-05-09 08:58:30] 2012-09-01 C:\Windows\Tasks\Driver Robot.job - C:\Program Files (x86)\Driver Robot\Driver Robot.lnk [2012-08-28 13:53:03 . 2012-08-28 13:53:14] 2013-07-27 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 16:22:00 . 2012-07-16 16:21:58] 2013-07-27 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-16 16:22:00 . 2012-07-16 16:21:58] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58:09 133840 -c--a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 17:28:10 13192848] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 13:47:00 134416] "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 02:41:42 2991856] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp ------- Bijkomende Scan ------- mLocal Page = C:\Windows\SysWOW64\blank.htm mSearchAssistant = LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll TCP: DhcpNameServer = 195.130.131.5 195.130.130.133 DPF: Microsoft XML Parser for Java - - - - ORPHANS VERWIJDERD - - - - Wow6432Node-HKLM-Run-AVG_UI - C:\Program Files (x86)\AVG\AVG2013\avgui.exe Wow6432Node-HKLM-Run-beid - C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1] @="131473" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="C:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0026\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0027\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0028\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0029\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0030\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0031\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0032\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0033\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0034\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0035\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0036\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0037\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0038\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0039\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0040\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0041\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0042\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0043\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0044\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0045\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0046\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0047\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0048\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0049\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0050\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0051\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0052\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0053\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0054\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0055\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0056\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0057\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0058\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0059\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0060\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0061\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0062\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0063\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0064\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0065\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0066\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0067\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 ------------------------ Andere Aktieve Processen ------------------------ C:\Windows\SysWOW64\conime.exe ************************************************************************** Voltooingstijd: 2013-07-28 10:43:45 - machine werd herstart ComboFix-quarantined-files.txt 2013-07-28 08:43:45 Pre-Run: 206.030.503.936 bytes beschikbaar Post-Run: 206.040.698.880 bytes beschikbaar - - End Of File - - A54BEF4FCCB1A1947D36764269C2167B D41D8CD98F00B204E9800998ECF8427E - - - Updated - - - En het vorig aangemaakte logje van combifix (Quarantained file); 2013-07-28 08:42:12 . 2013-07-28 08:42:12 534 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfRd.reg.dat 2013-07-28 08:42:12 . 2013-07-28 08:42:12 534 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-WudfPf.reg.dat 2013-07-28 08:42:06 . 2013-07-28 08:42:06 177 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-beid.reg.dat 2013-07-28 08:42:06 . 2013-07-28 08:42:06 167 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-AVG_UI.reg.dat 2013-07-27 17:44:05 . 2013-07-27 17:44:05 1,220 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NPF.reg.dat 2013-07-27 17:44:05 . 2013-07-27 17:44:05 1,046 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NPF.reg.dat 2013-07-27 17:43:56 . 2013-07-27 18:09:40 32,447 -c--a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2013-07-27 17:32:31 . 2013-07-27 17:58:50 102 -c--a-w- C:\Qoobox\Quarantine\catchme.log 2013-01-10 20:41:43 . 2013-01-10 21:32:43 72 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\mru.xml.vir 2012-11-28 13:17:18 . 2012-11-28 13:17:18 172,032 -c--a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\muzapp.exe.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 4,788 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\1.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 28,693 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\a.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 34,106 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\b.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 32,995 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\c.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 23,439 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\d.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 21,081 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\e.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 17,376 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\f.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 16,982 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\g.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 17,668 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\h.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 10,674 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\i.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 6,753 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\j.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 9,873 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\k.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 20,193 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\l.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 29,527 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\m.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 10,663 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\n.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 11,018 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\o.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 26,726 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\p.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 1,433 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\q.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 13,243 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\r.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 50,904 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\s.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 27,667 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\t.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 5,854 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\u.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 8,371 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\v.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 12,064 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\w.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 914 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\x.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 2,645 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\y.txt.vir 2012-11-15 07:37:22 . 2012-11-15 07:37:22 2,563 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\z.txt.vir 2012-10-11 09:17:18 . 2013-01-10 20:23:31 0 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\PriceGong\Data\wlu.txt.vir 2011-03-17 15:21:54 . 2010-08-11 13:58:07 193 -c--a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\autorun.inf.vir 2011-02-11 21:23:34 . 2011-02-11 21:23:34 96,784 -c--a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\Packet.dll.vir 2011-02-11 21:23:34 . 2011-02-11 21:23:34 53,299 -c--a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\pthreadVC.dll.vir 2011-02-11 21:23:34 . 2011-02-11 21:23:34 281,104 -c--a-w- C:\Qoobox\Quarantine\C\Windows\SysWOW64\wpcap.dll.vir 2010-08-09 18:56:04 . 2010-08-10 13:33:30 236 -c--a-w- C:\Qoobox\Quarantine\C\Users\footloose\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt.vir 2010-01-14 07:57:07 . 2013-07-19 18:46:08 2,523 -c--a-w- C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir 2009-08-13 08:08:51 . 1998-11-13 10:08:20 308,224 -c--a-w- C:\Qoobox\Quarantine\C\Windows\IsUn0413.exe.vir
  7. Footlloose
    Na alles bovenvermeld doorlopen te hebben kan ik nog steeds enkel in veilige modus werken, op de normale startpagina nog steeds melding dat het gebruikersprofiel niet geladen is (standaartprofiel), hetwelke ik in gebruikersacc.beheer niet kan veranderen. Bijgevoegd logjes van Malwarebytes en HijackThis na bovenvermelde instructies.Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.07.27.02 Windows Vista Service Pack 2 x64 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 footloose :: JAN-HOME-PC [administrator] 27-7-2013 11:00:57 mbam-log-2013-07-27 (11-00-57).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 318938 Verstreken tijd: 10 minuut/minuten, 48 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 5 C:\ProgramData\wxDfast (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\wxDfast\data (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix\data (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 16 C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\footloose\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\wxDfast\mjnlgilooljkcfjiloggmpjecncjapkn.crx (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\wxDfast\data\content.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\wxDfast\data\jsondb.js (PUP.wxDfast) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix\okenbppimmmfmfigbkhajikdpiiofnaj.crx (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix\data\epoch (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.07.27.02 Windows Vista Service Pack 2 x64 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 footloose :: JAN-HOME-PC [administrator] 27-7-2013 11:00:57 MBAM-log-2013-07-27 (11-14-42).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 318938 Verstreken tijd: 10 minuut/minuten, 48 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 5 C:\ProgramData\wxDfast (PUP.wxDfast) -> Geen actie ondernomen. C:\ProgramData\wxDfast\data (PUP.wxDfast) -> Geen actie ondernomen. C:\ProgramData\TheBflix (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\TheBflix\data (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Geen actie ondernomen. Bestanden gedetecteerd: 16 C:\ProgramData\wxDfast\bhoclass.dll (PUP.DownloadnSave) -> Geen actie ondernomen. C:\Users\footloose\Local Settings\Application Data\010112010146111103.xxe (Worm.KoobFace) -> Geen actie ondernomen. C:\ProgramData\wxDfast\background.html (PUP.wxDfast) -> Geen actie ondernomen. C:\ProgramData\wxDfast\content.js (PUP.wxDfast) -> Geen actie ondernomen. C:\ProgramData\wxDfast\mjnlgilooljkcfjiloggmpjecncjapkn.crx (PUP.wxDfast) -> Geen actie ondernomen. C:\ProgramData\wxDfast\settings.ini (PUP.wxDfast) -> Geen actie ondernomen. C:\ProgramData\wxDfast\data\content.js (PUP.wxDfast) -> Geen actie ondernomen. C:\ProgramData\wxDfast\data\jsondb.js (PUP.wxDfast) -> Geen actie ondernomen. C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\TheBflix\okenbppimmmfmfigbkhajikdpiiofnaj.crx (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\TheBflix\data\epoch (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Geen actie ondernomen. C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Geen actie ondernomen. (einde) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Databaseversie: v2013.07.27.02 Windows Vista Service Pack 2 x64 NTFS (Veilige modus/netwerkmogelijkheden) Internet Explorer 9.0.8112.16421 footloose :: JAN-HOME-PC [administrator] 27-7-2013 11:51:55 mbam-log-2013-07-27 (11-51-55).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 319432 Verstreken tijd: 11 minuut/minuten, 9 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 11:49:14, on 27-7-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16496) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UHXXFROW\HijackThis (1).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm F2 - REG:system.ini: UserInit=userinit.exe, O1 - Hosts: ::1 localhost O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11548 bytes
  8. Footlloose
    Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 14:07:11, on 26-7-2013 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16496) Boot mode: Safe mode with network support Running processes: C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2U9M35IT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: IEToolbar.BHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: MoneyMillionaire Toolbar - {d28c7e56-2cc6-415c-8727-d71334085926} - mscoree.dll (file missing) O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - (no file) O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [beid] "C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\RunOnce: [spybotDeletingA3938] command.com /c del "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll" O4 - HKLM\..\RunOnce: [spybotDeletingC6523] cmd.exe /c del "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll" O4 - HKLM\..\RunOnce: [spybotDeletingA7352] command.com /c del "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat" O4 - HKLM\..\RunOnce: [spybotDeletingC2388] cmd.exe /c del "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat" O4 - HKLM\..\RunOnce: [spybotDeletingA3940] command.com /c del "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe" O4 - HKLM\..\RunOnce: [spybotDeletingC9180] cmd.exe /c del "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe" O4 - HKLM\..\RunOnce: [spybotDeletingA5848] command.com /c del "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico" O4 - HKLM\..\RunOnce: [spybotDeletingC9699] cmd.exe /c del "C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico" O4 - HKCU\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe (User 'SYSTEEM') O4 - HKUS\.DEFAULT\..\Run: [DriverFinder] C:\Program Files (x86)\DriverFinder\DriverFinder.exe (User 'Default user') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe O23 - Service: RalinkRegistryWriter64 - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe O23 - Service: Ralink UPnP Media Server (RaMediaServer) - Ralink - C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13769 bytes
  9. Footlloose
    Na een 3tal maanden afwezigheid probeerde ik mijn pc op te starten en ik krijg steeds de melding dat het gebruikersprofiel niet geladen is. Wanner ik start als administrator idemdito. Ik kan mijn pc enkel nog opstarten in veilige modus en kan daarin het gebruikersprofiel niet veranderen. Antivirusprogramma AVG en heb ondertussen ook Avast geprobeed doch volgens beide programma's geen virussen te detecteren. Wanneer ik probeer systeemherstel te doen krijg ik melding dat er geen herstelpunt is ingesteld, dit kan echter het gevolg zijn daar ik tune-up 2012 gebruik die in veilige modus ook beperkt is. Volgens de systeembeheerder (telenet) zou de oorzaak aan een virus te wijten kunnen zijn, volgens de antivirusprogramma's echter niet! Graag advies zodat ik mijn pc terug in ordee kan krijgen. Alvast bedankt; Jan.
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.