Inhoud van ajkappert - Pagina 6

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

ComboFix 12-01-30.02 - toshiba 02-02-2012 8:50.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4004.2546 [GMT 1:00] Gestart vanuit: c:\users\toshiba\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\toshiba\Desktop\CFScript.txt.docx AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))) . . 2012-02-02 07:54 . 2012-02-02 07:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-31 16:45 . 2012-01-31 16:45 -------- d-----w- c:\program files (x86)\EZ-AIR 2012-01-26 17:14 . 2012-01-31 17:14 -------- d-----w- c:\program files (x86)\DealPly 2012-01-26 17:13 . 2012-01-26 17:13 1491 ----a-w- C:\user.js 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\BabylonToolbar 2012-01-26 17:13 . 2007-08-21 12:32 98304 ----a-w- c:\windows\SysWow64\redmonnt.dll 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\FoxTabPDFConverter 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\programdata\Babylon 2012-01-25 13:30 . 2012-01-25 13:30 -------- d-----w- c:\program files (x86)\Trend Micro 2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Common Files\Nokia 2012-01-23 21:13 . 2012-01-23 21:13 -------- d-----w- c:\program files (x86)\PC Connectivity Solution 2012-01-11 13:52 . 2012-01-11 13:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-01-11 12:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 12:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 12:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 12:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 12:14 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 12:14 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 12:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 12:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-10 20:34 . 2009-04-07 15:09 152064 ----a-w- c:\windows\system32\CNMN6UI.DLL 2012-01-10 20:34 . 2009-04-07 15:09 251904 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2012-01-10 19:51 . 2012-01-10 19:51 -------- d-----w- c:\programdata\PC Suite 2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\programdata\Nokia 2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\program files\DIFX 2012-01-10 19:50 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys 2012-01-10 19:49 . 2011-11-01 09:07 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll 2012-01-10 19:48 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Nokia 2012-01-10 19:26 . 2012-01-10 19:26 -------- d-----w- c:\program files\Common Files\CANON 2012-01-10 19:25 . 2012-01-10 19:25 -------- d-----w- c:\program files\Canon 2012-01-10 19:23 . 2012-01-10 19:23 -------- d--h--w- c:\programdata\CanonBJ 2012-01-10 19:23 . 2008-10-09 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9D.DLL 2012-01-10 19:23 . 2008-10-09 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9D.DLL 2012-01-10 19:22 . 2012-01-10 19:22 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-01-10 19:22 . 2008-10-08 20:00 279040 ----a-w- c:\windows\system32\CNMLM9D.DLL 2012-01-10 19:22 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNC620O.DLL 2012-01-10 19:22 . 2009-12-11 12:19 1354240 ----a-w- c:\windows\system32\CNC620C.DLL 2012-01-10 19:22 . 2009-12-11 12:19 92672 ----a-w- c:\windows\system32\CNC620I.DLL 2012-01-10 19:22 . 2009-11-30 15:40 293888 ----a-w- c:\windows\system32\CNC620L.DLL 2012-01-10 19:21 . 2012-01-10 20:34 -------- d-----w- c:\program files (x86)\Canon 2012-01-10 18:24 . 2012-01-16 07:07 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-01-10 18:19 . 2012-01-10 18:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-01-10 18:18 . 2012-01-17 22:33 -------- d-----w- c:\programdata\Microsoft Help 2012-01-10 18:18 . 2012-01-10 18:18 -------- d-----r- C:\MSOCache 2012-01-10 15:36 . 2012-01-10 15:37 -------- d-----w- c:\program files (x86)\Google 2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\SysWow64\Wat 2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\system32\Wat 2012-01-09 17:03 . 2012-01-09 17:03 -------- d-----w- C:\totalcmd 2012-01-09 16:17 . 2012-01-09 16:18 -------- d-----w- c:\programdata\IM 2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\programdata\IncrediMail 2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\program files (x86)\IncrediMail 2012-01-09 16:12 . 2012-01-09 16:12 -------- d--h--w- c:\programdata\Common Files 2012-01-09 16:12 . 2012-01-09 16:12 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-01-09 16:11 . 2012-02-02 07:23 -------- d-----w- c:\windows\system32\drivers\AVG 2012-01-09 16:11 . 2012-01-09 16:14 -------- d-----w- c:\programdata\AVG2012 2012-01-09 16:10 . 2012-01-09 16:10 -------- d-----w- c:\program files (x86)\AVG 2012-01-09 16:08 . 2012-02-02 07:23 -------- d-----w- c:\programdata\MFAData 2012-01-09 15:53 . 2012-01-09 15:53 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-01-09 15:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-01-09 15:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-01-09 15:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-01-09 15:39 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-01-09 15:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-01-09 15:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-01-09 15:22 . 2012-01-09 15:22 -------- d-----w- c:\program files\CCleaner 2012-01-09 13:58 . 2012-01-09 13:58 -------- d--h--w- c:\windows\msdownld.tmp 2012-01-09 13:57 . 2009-07-14 14:57 114688 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\eBay.gadget\Bin\eBayGadget.dll 2012-01-09 13:54 . 2012-01-09 13:54 -------- d-----w- c:\programdata\ToshibaEurope 2012-01-09 13:53 . 2012-01-09 13:55 -------- d-----w- c:\users\toshiba . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot_2012-01-30_17.46.02 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 05:10 . 2012-02-02 07:57 33422 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-01-09 13:54 . 2012-01-31 09:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-09 13:54 . 2012-01-30 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-09 13:54 . 2012-01-30 12:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-01-09 13:54 . 2012-01-31 09:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-01-31 09:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-01-30 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-02-02 07:24 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-07-14 04:46 . 2012-01-27 06:45 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-01-09 15:06 . 2012-02-02 07:57 8440 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573529791-4049238610-3989334239-1000_UserData.bin - 2012-01-30 17:45 . 2012-01-30 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-02-02 07:56 . 2012-02-02 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-01-30 17:45 . 2012-01-30 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-02-02 07:56 . 2012-02-02 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-01-10 10:54 . 2012-02-01 18:39 214872 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2011-02-11 08:50 . 2012-01-30 13:18 701564 c:\windows\system32\perfh013.dat + 2011-02-11 08:50 . 2012-02-01 18:41 701564 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-01-30 13:18 616008 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-02-01 18:41 616008 c:\windows\system32\perfh009.dat - 2011-02-11 08:50 . 2012-01-30 13:18 133564 c:\windows\system32\perfc013.dat + 2011-02-11 08:50 . 2012-02-01 18:41 133564 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-02-01 18:41 106388 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-01-30 13:18 106388 c:\windows\system32\perfc009.dat + 2009-07-14 05:01 . 2012-02-02 07:55 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-01-30 17:44 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:45 . 2012-01-26 18:06 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-02-01 08:23 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2012-01-09 14:02 . 2012-01-30 17:44 1696968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-01-09 14:02 . 2012-02-01 22:21 1696968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-01-09 14:02 . 2012-02-02 07:55 4612276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1573529791-4049238610-3989334239-1000-8192.dat + 2012-02-02 07:23 . 2012-02-02 07:23 2833408 c:\windows\Installer\693ce.msi + 2006-12-02 06:09 . 2006-12-02 06:09 2818048 c:\windows\Installer\1b05a0.msi + 2012-02-01 15:57 . 2012-02-01 15:57 7629312 c:\windows\Installer\1a2e6b6.msi . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] "IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-01-09 366024] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] . c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-2 1470848] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-02 150992] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\WLXPGSS.scr c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Voltooingstijd: 2012-02-02 09:00:37 - machine werd herstart ComboFix-quarantined-files.txt 2012-02-02 08:00 ComboFix2.txt 2012-01-31 16:06 ComboFix3.txt 2012-01-30 17:49 ComboFix4.txt 2012-01-26 17:48 . Pre-Run: 208.543.461.376 bytes beschikbaar Post-Run: 208.519.135.232 bytes beschikbaar . - - End Of File - - 8FF9A7AAA7CC91F3345C01277533A2A6

2 februari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Zeer geachte en geduldige hulp, Wanneer ik combofix (4,291 kb)op de bovengenoemde locatie met de rechtermuisknop aanklik, dan heb ik de mogelijkheid om "te kopieëren naar" met daar achter "bureaublad (snelkoppeling maken), kennelijk moet dat dan anders, maar ik kan het niet bedenken. Het cfscript.txt heb ik in word gemaakt, hiervan maak ik een snelkoppeling naar mijn bureaublad en schuif (kopieër) daarna cfscript.txt over combofix, daarna begint automatisch de scan. Gaarna nadere instructies v.w.b. mijn foutief handelen.

1 februari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

ComboFix 12-01-30.02 - toshiba 31-01-2012 16:56:48.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4004.2313 [GMT 1:00] Gestart vanuit: c:\users\toshiba\Downloads\ComboFix.exe gebruikte Opdracht switches :: c:\users\toshiba\Desktop\CFScript.txt - Snelkoppeling.lnk AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))) . . 2012-01-31 16:01 . 2012-01-31 16:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-26 17:14 . 2012-01-30 17:14 -------- d-----w- c:\program files (x86)\DealPly 2012-01-26 17:13 . 2012-01-26 17:13 1491 ----a-w- C:\user.js 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\BabylonToolbar 2012-01-26 17:13 . 2007-08-21 12:32 98304 ----a-w- c:\windows\SysWow64\redmonnt.dll 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\FoxTabPDFConverter 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\programdata\Babylon 2012-01-25 13:30 . 2012-01-25 13:30 -------- d-----w- c:\program files (x86)\Trend Micro 2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Common Files\Nokia 2012-01-23 21:13 . 2012-01-23 21:13 -------- d-----w- c:\program files (x86)\PC Connectivity Solution 2012-01-11 13:52 . 2012-01-11 13:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-01-11 12:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 12:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 12:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 12:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 12:14 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 12:14 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 12:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 12:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-10 20:34 . 2009-04-07 15:09 152064 ----a-w- c:\windows\system32\CNMN6UI.DLL 2012-01-10 20:34 . 2009-04-07 15:09 251904 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2012-01-10 19:51 . 2012-01-10 19:51 -------- d-----w- c:\programdata\PC Suite 2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\programdata\Nokia 2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\program files\DIFX 2012-01-10 19:50 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys 2012-01-10 19:49 . 2011-11-01 09:07 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll 2012-01-10 19:48 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Nokia 2012-01-10 19:26 . 2012-01-10 19:26 -------- d-----w- c:\program files\Common Files\CANON 2012-01-10 19:25 . 2012-01-10 19:25 -------- d-----w- c:\program files\Canon 2012-01-10 19:23 . 2012-01-10 19:23 -------- d--h--w- c:\programdata\CanonBJ 2012-01-10 19:23 . 2008-10-09 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9D.DLL 2012-01-10 19:23 . 2008-10-09 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9D.DLL 2012-01-10 19:22 . 2012-01-10 19:22 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-01-10 19:22 . 2008-10-08 20:00 279040 ----a-w- c:\windows\system32\CNMLM9D.DLL 2012-01-10 19:22 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNC620O.DLL 2012-01-10 19:22 . 2009-12-11 12:19 1354240 ----a-w- c:\windows\system32\CNC620C.DLL 2012-01-10 19:22 . 2009-12-11 12:19 92672 ----a-w- c:\windows\system32\CNC620I.DLL 2012-01-10 19:22 . 2009-11-30 15:40 293888 ----a-w- c:\windows\system32\CNC620L.DLL 2012-01-10 19:21 . 2012-01-10 20:34 -------- d-----w- c:\program files (x86)\Canon 2012-01-10 18:24 . 2012-01-16 07:07 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-01-10 18:19 . 2012-01-10 18:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-01-10 18:18 . 2012-01-17 22:33 -------- d-----w- c:\programdata\Microsoft Help 2012-01-10 18:18 . 2012-01-10 18:18 -------- d-----r- C:\MSOCache 2012-01-10 15:36 . 2012-01-10 15:37 -------- d-----w- c:\program files (x86)\Google 2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\SysWow64\Wat 2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\system32\Wat 2012-01-09 17:03 . 2012-01-09 17:03 -------- d-----w- C:\totalcmd 2012-01-09 16:17 . 2012-01-09 16:18 -------- d-----w- c:\programdata\IM 2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\programdata\IncrediMail 2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\program files (x86)\IncrediMail 2012-01-09 16:12 . 2012-01-09 16:12 -------- d--h--w- c:\programdata\Common Files 2012-01-09 16:12 . 2012-01-09 16:12 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-01-09 16:11 . 2012-01-31 07:29 -------- d-----w- c:\windows\system32\drivers\AVG 2012-01-09 16:11 . 2012-01-09 16:14 -------- d-----w- c:\programdata\AVG2012 2012-01-09 16:10 . 2012-01-09 16:10 -------- d-----w- c:\program files (x86)\AVG 2012-01-09 16:08 . 2012-01-31 07:29 -------- d-----w- c:\programdata\MFAData 2012-01-09 15:53 . 2012-01-09 15:53 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-01-09 15:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-01-09 15:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-01-09 15:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-01-09 15:39 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-01-09 15:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-01-09 15:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-01-09 15:22 . 2012-01-09 15:22 -------- d-----w- c:\program files\CCleaner 2012-01-09 13:58 . 2012-01-09 13:58 -------- d--h--w- c:\windows\msdownld.tmp 2012-01-09 13:57 . 2009-07-14 14:57 114688 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\eBay.gadget\Bin\eBayGadget.dll 2012-01-09 13:54 . 2012-01-09 13:54 -------- d-----w- c:\programdata\ToshibaEurope 2012-01-09 13:53 . 2012-01-09 13:55 -------- d-----w- c:\users\toshiba . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot_2012-01-30_17.46.02 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 05:10 . 2012-01-30 17:47 33248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-01-30 18:06 33248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin - 2012-01-09 13:54 . 2012-01-30 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-01-09 13:54 . 2012-01-31 09:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-09 13:54 . 2012-01-30 12:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-01-09 13:54 . 2012-01-31 09:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-01-30 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-01-31 09:20 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-01-30 17:50 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-01-09 15:06 . 2012-01-30 18:06 8308 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573529791-4049238610-3989334239-1000_UserData.bin - 2012-01-30 17:45 . 2012-01-30 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-31 16:02 . 2012-01-31 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-31 16:02 . 2012-01-31 16:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-01-30 17:45 . 2012-01-30 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2012-01-31 16:01 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-01-30 17:44 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-01-09 14:02 . 2012-01-31 16:01 4501376 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1573529791-4049238610-3989334239-1000-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] "IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-01-09 366024] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] . c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-2 1470848] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-02 150992] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\windows\WLXPGSS.scr . ************************************************************************** . Voltooingstijd: 2012-01-31 17:06:48 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-31 16:06 ComboFix2.txt 2012-01-30 17:49 ComboFix3.txt 2012-01-26 17:48 . Pre-Run: 204.996.657.152 bytes beschikbaar Post-Run: 204.941.717.504 bytes beschikbaar . - - End Of File - - F3EF10A7609FA9A66DC5338B89128578

31 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

ComboFix 12-01-30.02 - toshiba 30-01-2012 18:39:12.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4004.2431 [GMT 1:00] Gestart vanuit: c:\users\toshiba\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))) . . 2012-01-30 17:44 . 2012-01-30 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-26 17:14 . 2012-01-30 17:14 -------- d-----w- c:\program files (x86)\DealPly 2012-01-26 17:13 . 2012-01-26 17:13 1491 ----a-w- C:\user.js 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\BabylonToolbar 2012-01-26 17:13 . 2007-08-21 12:32 98304 ----a-w- c:\windows\SysWow64\redmonnt.dll 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\FoxTabPDFConverter 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\programdata\Babylon 2012-01-25 13:30 . 2012-01-25 13:30 -------- d-----w- c:\program files (x86)\Trend Micro 2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Common Files\Nokia 2012-01-23 21:13 . 2012-01-23 21:13 -------- d-----w- c:\program files (x86)\PC Connectivity Solution 2012-01-11 13:52 . 2012-01-11 13:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-01-11 12:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 12:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 12:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 12:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 12:14 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 12:14 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 12:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 12:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-10 20:34 . 2009-04-07 15:09 152064 ----a-w- c:\windows\system32\CNMN6UI.DLL 2012-01-10 20:34 . 2009-04-07 15:09 251904 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2012-01-10 19:51 . 2012-01-10 19:51 -------- d-----w- c:\programdata\PC Suite 2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\programdata\Nokia 2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\program files\DIFX 2012-01-10 19:50 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys 2012-01-10 19:49 . 2011-11-01 09:07 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll 2012-01-10 19:48 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Nokia 2012-01-10 19:26 . 2012-01-10 19:26 -------- d-----w- c:\program files\Common Files\CANON 2012-01-10 19:25 . 2012-01-10 19:25 -------- d-----w- c:\program files\Canon 2012-01-10 19:23 . 2012-01-10 19:23 -------- d--h--w- c:\programdata\CanonBJ 2012-01-10 19:23 . 2008-10-09 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9D.DLL 2012-01-10 19:23 . 2008-10-09 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9D.DLL 2012-01-10 19:22 . 2012-01-10 19:22 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-01-10 19:22 . 2008-10-08 20:00 279040 ----a-w- c:\windows\system32\CNMLM9D.DLL 2012-01-10 19:22 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNC620O.DLL 2012-01-10 19:22 . 2009-12-11 12:19 1354240 ----a-w- c:\windows\system32\CNC620C.DLL 2012-01-10 19:22 . 2009-12-11 12:19 92672 ----a-w- c:\windows\system32\CNC620I.DLL 2012-01-10 19:22 . 2009-11-30 15:40 293888 ----a-w- c:\windows\system32\CNC620L.DLL 2012-01-10 19:21 . 2012-01-10 20:34 -------- d-----w- c:\program files (x86)\Canon 2012-01-10 18:24 . 2012-01-16 07:07 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-01-10 18:19 . 2012-01-10 18:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-01-10 18:18 . 2012-01-17 22:33 -------- d-----w- c:\programdata\Microsoft Help 2012-01-10 18:18 . 2012-01-10 18:18 -------- d-----r- C:\MSOCache 2012-01-10 15:36 . 2012-01-10 15:37 -------- d-----w- c:\program files (x86)\Google 2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\SysWow64\Wat 2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\system32\Wat 2012-01-09 17:03 . 2012-01-09 17:03 -------- d-----w- C:\totalcmd 2012-01-09 16:17 . 2012-01-09 16:18 -------- d-----w- c:\programdata\IM 2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\programdata\IncrediMail 2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\program files (x86)\IncrediMail 2012-01-09 16:12 . 2012-01-09 16:12 -------- d--h--w- c:\programdata\Common Files 2012-01-09 16:12 . 2012-01-09 16:12 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-01-09 16:11 . 2012-01-30 17:08 -------- d-----w- c:\windows\system32\drivers\AVG 2012-01-09 16:11 . 2012-01-09 16:14 -------- d-----w- c:\programdata\AVG2012 2012-01-09 16:10 . 2012-01-09 16:10 -------- d-----w- c:\program files (x86)\AVG 2012-01-09 16:08 . 2012-01-30 17:08 -------- d-----w- c:\programdata\MFAData 2012-01-09 15:53 . 2012-01-09 15:53 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-01-09 15:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-01-09 15:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-01-09 15:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-01-09 15:39 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-01-09 15:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-01-09 15:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-01-09 15:22 . 2012-01-09 15:22 -------- d-----w- c:\program files\CCleaner 2012-01-09 13:58 . 2012-01-09 13:58 -------- d--h--w- c:\windows\msdownld.tmp 2012-01-09 13:57 . 2009-07-14 14:57 114688 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\eBay.gadget\Bin\eBayGadget.dll 2012-01-09 13:54 . 2012-01-09 13:54 -------- d-----w- c:\programdata\ToshibaEurope 2012-01-09 13:53 . 2012-01-09 13:55 -------- d-----w- c:\users\toshiba . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((( SnapShot@2012-01-26_17.45.18 ))))))))))))))))))))))))))))))))))))))))) . - 2010-11-21 03:24 . 2010-11-21 03:24 96768 c:\windows\SysWOW64\sspicli.dll + 2012-01-26 16:30 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll - 2010-11-21 03:24 . 2010-11-21 03:24 22016 c:\windows\SysWOW64\secur32.dll + 2012-01-26 16:30 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll + 2012-01-29 11:22 . 2012-01-29 11:22 49934 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2010-11-21 03:09 . 2012-01-26 18:05 35886 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-01-30 17:47 33248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-01-26 16:30 . 2011-11-17 06:35 29184 c:\windows\system32\sspisrv.dll - 2010-11-21 03:24 . 2010-11-21 03:24 29184 c:\windows\system32\sspisrv.dll + 2012-01-26 16:30 . 2011-11-17 06:35 28160 c:\windows\system32\secur32.dll - 2010-11-21 03:24 . 2010-11-21 03:24 28160 c:\windows\system32\secur32.dll + 2012-01-26 16:30 . 2011-11-17 06:33 31232 c:\windows\system32\lsass.exe - 2009-07-13 23:20 . 2009-07-14 01:39 31232 c:\windows\system32\lsass.exe + 2012-01-26 16:30 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys - 2012-01-09 13:54 . 2012-01-26 17:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-01-09 13:54 . 2012-01-30 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-01-09 13:54 . 2012-01-26 17:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-01-09 13:54 . 2012-01-30 12:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-01-26 17:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-01-30 12:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-01-27 06:45 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-01-09 15:06 . 2012-01-30 17:47 8292 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1573529791-4049238610-3989334239-1000_UserData.bin - 2012-01-26 17:44 . 2012-01-26 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-30 17:45 . 2012-01-30 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-01-30 17:45 . 2012-01-30 17:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-01-26 17:44 . 2012-01-26 17:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-01-26 16:30 . 2011-11-17 05:35 314880 c:\windows\SysWOW64\webio.dll - 2010-11-21 03:23 . 2010-11-21 03:23 314880 c:\windows\SysWOW64\webio.dll + 2012-01-26 16:30 . 2011-11-17 05:34 224768 c:\windows\SysWOW64\schannel.dll + 2012-01-26 16:30 . 2011-11-17 06:35 395776 c:\windows\system32\webio.dll - 2010-11-21 03:24 . 2010-11-21 03:24 395776 c:\windows\system32\webio.dll + 2012-01-10 10:54 . 2012-01-26 21:37 214160 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2012-01-26 16:30 . 2011-11-17 06:35 136192 c:\windows\system32\sspicli.dll - 2010-11-21 03:24 . 2010-11-21 03:24 136192 c:\windows\system32\sspicli.dll - 2010-11-21 03:24 . 2010-11-21 03:24 340992 c:\windows\system32\schannel.dll + 2012-01-26 16:30 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll - 2011-02-11 08:50 . 2012-01-25 19:52 701564 c:\windows\system32\perfh013.dat + 2011-02-11 08:50 . 2012-01-30 13:18 701564 c:\windows\system32\perfh013.dat - 2009-07-14 02:36 . 2012-01-25 19:52 616008 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-01-30 13:18 616008 c:\windows\system32\perfh009.dat - 2011-02-11 08:50 . 2012-01-25 19:52 133564 c:\windows\system32\perfc013.dat + 2011-02-11 08:50 . 2012-01-30 13:18 133564 c:\windows\system32\perfc013.dat - 2009-07-14 02:36 . 2012-01-25 19:52 106388 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-01-30 13:18 106388 c:\windows\system32\perfc009.dat + 2012-01-26 16:30 . 2011-11-17 06:49 152432 c:\windows\system32\drivers\ksecpkg.sys + 2012-01-26 16:30 . 2011-11-17 06:44 459232 c:\windows\system32\drivers\cng.sys - 2009-07-14 05:01 . 2012-01-26 17:43 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-01-30 17:44 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-11-21 03:24 . 2010-11-21 03:24 1447936 c:\windows\system32\lsasrv.dll + 2012-01-26 16:30 . 2011-11-17 06:35 1447936 c:\windows\system32\lsasrv.dll - 2009-07-14 04:45 . 2012-01-16 07:22 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-01-26 18:06 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2012-01-09 14:02 . 2012-01-25 22:22 1696968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-01-09 14:02 . 2012-01-30 17:44 1696968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-01-09 14:02 . 2012-01-30 17:44 4482700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1573529791-4049238610-3989334239-1000-8192.dat + 2009-07-14 02:34 . 2012-01-26 18:02 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2009-07-14 02:34 . 2012-01-10 18:55 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] "IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-01-09 366024] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] . c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-2 1470848] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-02 150992] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Voltooingstijd: 2012-01-30 18:49:32 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-30 17:49 ComboFix2.txt 2012-01-26 17:48 . Pre-Run: 206.705.475.584 bytes beschikbaar Post-Run: 206.576.820.224 bytes beschikbaar . - - End Of File - - 9E3E84BC1E14411BF67654D6B57F55D7 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:37:52, on 25-1-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Toshiba | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR O4 - HKCU\..\Run: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe O4 - Global Startup: Toshiba Places Icon Utility.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11868 bytes

30 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Combofix.exe staat niet op mijn bureaublad. Er staat wel een combofix bestand in C, 407 Kb met "handle 3XE bestand". Ook staat er nog een combofix tekstbestand (20,3Kb) in C. In Qooboo staat: backenv, quarantine, add.remove programs, combofix.quarantined files(2Kb, deze heb ik u gisteren gestuurd), snapshot@2012-1-26.dat. Voor welk bovenstaand bestand moet ik een icoon voor het bureaublad maken? CFScript.txt staat inmiddels op het bureaublad.

30 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Wanneer combofix start, moet ik dan ook eerst weer AVG tijdelijk uitschakelen?

29 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

ComboFix 12-01-23.02 - toshiba 26-01-2012 18:39:31.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4004.2502 [GMT 1:00] Gestart vanuit: c:\users\toshiba\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\xp c:\programdata\xp\EBLib.dll c:\programdata\xp\TPwSav.sys c:\users\toshiba\AppData\Local\Temp\AC94.tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2011-12-26 to 2012-01-26 )))))))))))))))))))))))))))))) . . 2012-01-26 17:43 . 2012-01-26 17:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-01-26 17:14 . 2012-01-26 17:14 -------- d-----w- c:\program files (x86)\DealPly 2012-01-26 17:13 . 2012-01-26 17:13 1491 ----a-w- C:\user.js 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\BabylonToolbar 2012-01-26 17:13 . 2007-08-21 12:32 98304 ----a-w- c:\windows\SysWow64\redmonnt.dll 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\program files (x86)\FoxTabPDFConverter 2012-01-26 17:13 . 2012-01-26 17:13 -------- d-----w- c:\programdata\Babylon 2012-01-25 13:30 . 2012-01-25 13:30 -------- d-----w- c:\program files (x86)\Trend Micro 2012-01-23 21:14 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Common Files\Nokia 2012-01-23 21:13 . 2012-01-23 21:13 -------- d-----w- c:\program files (x86)\PC Connectivity Solution 2012-01-11 13:52 . 2012-01-11 13:52 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-01-11 12:14 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll 2012-01-11 12:14 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-01-11 12:14 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-01-11 12:14 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll 2012-01-11 12:14 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll 2012-01-11 12:14 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll 2012-01-11 12:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll 2012-01-11 12:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll 2012-01-10 20:34 . 2009-04-07 15:09 152064 ----a-w- c:\windows\system32\CNMN6UI.DLL 2012-01-10 20:34 . 2009-04-07 15:09 251904 ----a-w- c:\windows\system32\CNMN6PPM.DLL 2012-01-10 19:51 . 2012-01-10 19:51 -------- d-----w- c:\programdata\PC Suite 2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\programdata\Nokia 2012-01-10 19:50 . 2012-01-10 19:50 -------- d-----w- c:\program files\DIFX 2012-01-10 19:50 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys 2012-01-10 19:49 . 2011-11-01 09:07 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll 2012-01-10 19:48 . 2012-01-23 21:14 -------- d-----w- c:\program files (x86)\Nokia 2012-01-10 19:26 . 2012-01-10 19:26 -------- d-----w- c:\program files\Common Files\CANON 2012-01-10 19:25 . 2012-01-10 19:25 -------- d-----w- c:\program files\Canon 2012-01-10 19:23 . 2012-01-10 19:23 -------- d--h--w- c:\programdata\CanonBJ 2012-01-10 19:23 . 2008-10-09 04:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP9D.DLL 2012-01-10 19:23 . 2008-10-09 04:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD9D.DLL 2012-01-10 19:22 . 2012-01-10 19:22 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2012-01-10 19:22 . 2008-10-08 20:00 279040 ----a-w- c:\windows\system32\CNMLM9D.DLL 2012-01-10 19:22 . 2007-03-15 13:13 229888 ----a-w- c:\windows\system32\CNC620O.DLL 2012-01-10 19:22 . 2009-12-11 12:19 1354240 ----a-w- c:\windows\system32\CNC620C.DLL 2012-01-10 19:22 . 2009-12-11 12:19 92672 ----a-w- c:\windows\system32\CNC620I.DLL 2012-01-10 19:22 . 2009-11-30 15:40 293888 ----a-w- c:\windows\system32\CNC620L.DLL 2012-01-10 19:21 . 2012-01-10 20:34 -------- d-----w- c:\program files (x86)\Canon 2012-01-10 18:24 . 2012-01-16 07:07 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-01-10 18:19 . 2012-01-10 18:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-01-10 18:18 . 2012-01-17 22:33 -------- d-----w- c:\programdata\Microsoft Help 2012-01-10 18:18 . 2012-01-10 18:18 -------- d-----r- C:\MSOCache 2012-01-10 15:36 . 2012-01-10 15:37 -------- d-----w- c:\program files (x86)\Google 2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\SysWow64\Wat 2012-01-09 17:25 . 2012-01-09 17:25 -------- d-----w- c:\windows\system32\Wat 2012-01-09 17:03 . 2012-01-09 17:03 -------- d-----w- C:\totalcmd 2012-01-09 16:17 . 2012-01-09 16:18 -------- d-----w- c:\programdata\IM 2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\programdata\IncrediMail 2012-01-09 16:17 . 2012-01-09 16:17 -------- d-----w- c:\program files (x86)\IncrediMail 2012-01-09 16:12 . 2012-01-09 16:12 -------- d--h--w- c:\programdata\Common Files 2012-01-09 16:12 . 2012-01-09 16:12 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-01-09 16:11 . 2012-01-26 16:31 -------- d-----w- c:\windows\system32\drivers\AVG 2012-01-09 16:11 . 2012-01-09 16:14 -------- d-----w- c:\programdata\AVG2012 2012-01-09 16:10 . 2012-01-09 16:10 -------- d-----w- c:\program files (x86)\AVG 2012-01-09 16:08 . 2012-01-26 16:31 -------- d-----w- c:\programdata\MFAData 2012-01-09 15:53 . 2012-01-09 15:53 -------- d-----w- c:\program files (x86)\MSXML 4.0 2012-01-09 15:41 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-01-09 15:40 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-01-09 15:40 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-01-09 15:39 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-01-09 15:39 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-01-09 15:39 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-01-09 15:22 . 2012-01-09 15:22 -------- d-----w- c:\program files\CCleaner 2012-01-09 13:58 . 2012-01-09 13:58 -------- d--h--w- c:\windows\msdownld.tmp 2012-01-09 13:57 . 2009-07-14 14:57 114688 ----a-w- c:\program files\Windows Sidebar\Shared Gadgets\eBay.gadget\Bin\eBayGadget.dll 2012-01-09 13:54 . 2012-01-09 13:54 -------- d-----w- c:\programdata\ToshibaEurope 2012-01-09 13:53 . 2012-01-09 13:55 -------- d-----w- c:\users\toshiba . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-01 09:07 . 2011-11-01 09:07 9216 ----a-w- c:\windows\system32\drivers\usbser_lowerfltx64.sys 2011-11-01 09:07 . 2011-11-01 09:07 9216 ----a-w- c:\windows\system32\drivers\usbser_lowerfltjx64.sys 2011-11-01 09:07 . 2011-11-01 09:07 640000 ----a-w- c:\windows\system32\nmwcdcoclsx64.dll 2011-11-01 09:07 . 2011-11-01 09:07 27136 ----a-w- c:\windows\system32\drivers\ccdcmbox64.sys 2011-11-01 09:07 . 2011-11-01 09:07 19968 ----a-w- c:\windows\system32\drivers\ccdcmbx64.sys 2011-11-01 09:07 . 2011-11-01 09:07 166912 ----a-w- c:\windows\system32\ccdcmbwux64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] "IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-01-09 366024] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248] "SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480] "HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936] "KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176] . c:\users\toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-2 1470848] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200] S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-07 167256] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-07 391000] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-07 418136] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-11 11776104] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-02 150992] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 2114376] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?AF=100482&babsrc=HP_ss&mntrId=648255ce000000000000743170077476 uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: Toevoegen aan TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll TCP: DhcpNameServer = 192.168.1.1 DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Voltooingstijd: 2012-01-26 18:48:55 - machine werd herstart ComboFix-quarantined-files.txt 2012-01-26 17:48 . Pre-Run: 207.380.525.056 bytes beschikbaar Post-Run: 207.544.623.104 bytes beschikbaar . - - End Of File - - 6FAACB3266EA8A776C895B29C7BB0B1D

28 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Combofix.txt staat niet op mijn computer (zoekopdracht geeft ook geen resultaat) In Qooboo staat: backenv, quarantine, add.remove programs, combofix.quarantined files(2Kb, deze heb ik u gisteren gestuurd), snapshot@2012-1-26.dat. Verder staat er nog een combofix bestand in C, 407 Kb met "handle 3XE bestand". Ook nog een combofix tekstbestand (20,3Kb) en er is nog een User Jscript bijgekomen.

27 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Oei, ik ben erg geschrokken. Ik heb gedaan zoals boven gevraagd. de computer heeft zichzelf 1x opgestart, daarna kwam er uiteindelijk een hele file, deze wilde ik kopieëren, maar ik kwam in geen enkel programma meer, alles werd geblokkeerd. Ten lange leste heb ik de computer maar uitgeschakeld en herstart, daarna deed alles het weer. Behalve dan de juiste tekens in incredimail, dat is helaas nog niet opgelost. Moet in combofix verwijderen of kan het veilig blijven staan? dit kwam ik nu nog tegen2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat 2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TCrdMain.reg.dat 2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TPwrMain.reg.dat 2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosReelTimeMonitor.reg.dat 2012-01-26 17:48:10 . 2012-01-26 17:48:10 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TosNC.reg.dat 2012-01-26 17:48:09 . 2012-01-26 17:48:09 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat 2012-01-26 17:47:57 . 2012-01-26 17:47:57 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat 2012-01-26 17:41:55 . 2012-01-26 17:41:55 9,871 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2012-01-26 16:59:39 . 2012-01-26 16:59:39 311,248 ----a-w- C:\Qoobox\Quarantine\C\Users\toshiba\AppData\Local\Temp\AC94.tmp.vir 2012-01-25 20:07:35 . 2012-01-26 17:38:25 102 ----a-w- C:\Qoobox\Quarantine\catchme.log 2009-08-21 17:04:08 . 2009-08-21 17:04:08 40,960 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xp\EBLib.dll.vir 2008-07-24 12:40:58 . 2008-07-24 12:40:58 17,192 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xp\TPwSav.sys.vir :

26 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Ik heb AVG nu uitgeschakeld (15 min) en daarna dubbel geklikt op combofix, maar ik zie niet dat er iets gebeurd. Combofix.exe kan ik in het programma niet vinden. Het is 20,3 mb groot.

25 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Combofix heb ik op het bureaublad staan maar ik kan mijn AVG 2012 niet uitschakelen omdat deze versie niet staat bij de handleiding "uitschakelen". als ik met de rechter muisknop op AVG klik, dan krijg ik: openen, in uw venster openen, delen met, vorige versie terugzetten, scannen met AVG, in bibliotheek opnemen en verder knippen en kopieeren etc.

25 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:37:52, on 25-1-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Toshiba | MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60 O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKCU\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR O4 - HKCU\..\Run: [incrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe O4 - Global Startup: Toshiba Places Icon Utility.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Toevoegen aan TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing) O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11868 bytes

25 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert reageerde op ajkappert's topic in Archief Windows Algemeen

Het is sinds kort. Ik dacht het wel op te kunnen lossen met het tegelijkertijd indrukken van ALT/SHIFT, maar dat werkt niet.

25 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

tekens

ajkappert plaatste een topic in Archief Windows Algemeen

Het bijzondere is in dat de tekens zoals die op het toetsenbord staan ook zo te gebruiken zijn word maar wanneer ik in Incredimail een bericht wil maken klopt er van de tekens niets meer, het "?" staat dan onder de "-" toets. Wat te doen?

25 januari 2012
33 antwoorden
- bericht
- bijzondere
- (en 8 meer)
  Getagd met:
  - bericht
  - bijzondere
  - gebruiken
  - incredimail
  - maken
  - neer
  - probleem
  - toetsenbord
  - wanneer
  - windows

Beeldscherm

ajkappert reageerde op ajkappert's topic in Archief Hardware algemeen

Mijn XP beeldschermprobleem is opgelost. Ik dank iedereen voor hun bijdrage. groet, Aalt Kappert.

23 januari 2012
4 antwoorden
- geworden
- hardware
- (en 4 meer)
  Getagd met:
  - geworden
  - hardware
  - heel
  - plotseling
  - probleem
  - voorheen

Beeldscherm

ajkappert plaatste een topic in Archief Hardware algemeen

Mijn beeldscherm is plotseling heel donker geworden, voorheen was het altijd mooi helder. Wat te doen?

8 januari 2012
4 antwoorden
- geworden
- hardware
- (en 4 meer)
  Getagd met:
  - geworden
  - hardware
  - heel
  - plotseling
  - probleem
  - voorheen

geen apparaat herkenning

ajkappert reageerde op ajkappert's topic in Archief Andere software

Beste Gerjannn, Gecombineerd met jouw advies heb ik Nokia ovie suite opnieuw geinstalleerd, alles werkt nu weer. Hartelijk dank Groet, Aalt Kappert

geen apparaat herkenning

ajkappert reageerde op ajkappert's topic in Archief Andere software

Hallo Gerjannn, Ik had zoveel vertrouwen in jouw oplossing, maar helaas wordt ik door mijn laptop weer teleurgesteld. Ook na boven gedane actie blijft mijn Nokia onzichtbaar voor mijn laptop. In elk geval hartelijk dank voor je moeite. Met vriendelijke groet, Aalt Kappert ---------- Post toegevoegd om 19:54 ---------- Vorige post was om 19:53 ---------- Ik maak verbinding met een kabel van mijn Nokia naar mijn laptop.

geen apparaat herkenning

ajkappert plaatste een topic in Archief Andere software

Ik wil graag mijn telefoon agenda synchroniseren met mijn laptop agenda. In het begin is dit een aantal keren gelukt (telefoon: Nokia C6-01 i.c.m. Nokia Ovi-suite) maar op eens was het gedaan en lukte het niet meer omdat mijn laptop het apparaat niet (meer) herkent. Wanneer ik ditzelde probeer op mijn desk-top, dan gaat alles prima. Dus voor mijn gevoel ligt het aan de laptop. Wat kan er mis zijn?

muisproblemen

ajkappert reageerde op ajkappert's topic in Archief Hardware algemeen

Hallo Angel, Helaas heeft ook dit niet gewerkt maar je begeleiding is voortreffelijk. Zoals het nu is kan ik er prima mee leven. Ik dacht dat het een "appeltje-eitje" was, maar dat is het toch kennelijk niet. Ik ben al heel tevreden zoals het nu is en vind het bijna bezwaarlijk om nog meer tijd van je (jullie) te vragen. Groet, Aalt

15 februari 2010
13 antwoorden
- beter
- hardware
- (en 8 meer)
  Getagd met:
  - beter
  - hardware
  - keer
  - muis
  - neer
  - oorzaak
  - probleem
  - steeds
  - stopt
  - wanneer

muisproblemen

ajkappert reageerde op ajkappert's topic in Archief Hardware algemeen

Ja,Ja, onder "knoppen" , "scrollformaat" 1 REGEL, dat was al gebeurd. Groet, Aalt

14 februari 2010
13 antwoorden
- beter
- hardware
- (en 8 meer)
  Getagd met:
  - beter
  - hardware
  - keer
  - muis
  - neer
  - oorzaak
  - probleem
  - steeds
  - stopt
  - wanneer

muisproblemen

ajkappert reageerde op ajkappert's topic in Archief Hardware algemeen

Bovengenoemde heb ik verwijderd, het probleem is er echter nog wel, bij één klikje van het radertje, schuift hij 5x op. Het is lang niet meer zo storend als het was omdat hij slechts enkele regels opschuift i.p.v. een halve bladzijde.

14 februari 2010
13 antwoorden
- beter
- hardware
- (en 8 meer)
  Getagd met:
  - beter
  - hardware
  - keer
  - muis
  - neer
  - oorzaak
  - probleem
  - steeds
  - stopt
  - wanneer

muisproblemen

ajkappert reageerde op ajkappert's topic in Archief Hardware algemeen

14-2-'10 Het gevraagde heb ik als bijlage meegestuurd, hopelijk heb ik dat goed gedaan. Wel moet ik zeggen dat de instructie uitermate duidelijk is gegeven, er was geen moment van twijfel wat ik moest doen, alvast ontzettend veel dank daarvoor. Groet, Aalt hijackthis.log mbam-log-2010-02-14 (12-36-29).txt

14 februari 2010
13 antwoorden
- beter
- hardware
- (en 8 meer)
  Getagd met:
  - beter
  - hardware
  - keer
  - muis
  - neer
  - oorzaak
  - probleem
  - steeds
  - stopt
  - wanneer

muisproblemen

ajkappert reageerde op ajkappert's topic in Archief Hardware algemeen

Hallo angel, hier komt het gevraagde: Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 13:39:45, on 13-2-2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\system32\PL15Co2K.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\WINDOWS\Mixer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MyStart by IncrediMail.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer aangeboden door @Home R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen R3 - URLSearchHook: (no name) - *{BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - (no file) R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll F3 - REG:win.ini: run= O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file) O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HI-SPEED USB DEVICE Coinstaller] PL15Co2K.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MyPoi Monitor] "C:\Program Files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: AutorunsDisabled O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/ O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} - O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {6F7864F9-DB33-11D3-8166-0060B0F885E6} (VSPTA Class) - https://www.vecozo.nl/VSApps/vspta3.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O24 - Desktop Component 0: (no name) - http://gfx1.hotmail.com/tab.bg.dln.gif -- End of file - 9300 bytes Groet, Aalt

13 februari 2010
13 antwoorden
- beter
- hardware
- (en 8 meer)
  Getagd met:
  - beter
  - hardware
  - keer
  - muis
  - neer
  - oorzaak
  - probleem
  - steeds
  - stopt
  - wanneer

muisproblemen

ajkappert reageerde op ajkappert's topic in Archief Hardware algemeen

Beste Angel, zo gezegd, zo gedaan, ik krijg de volgende melding: "In rundll32.exe is een fout opgetreden en moet worden afgesloten." Hij scrolt echter alleen 6x door bij internet sites, bij word documenten gaat het prima. Groet,Aalt

13 februari 2010
13 antwoorden
- beter
- hardware
- (en 8 meer)
  Getagd met:
  - beter
  - hardware
  - keer
  - muis
  - neer
  - oorzaak
  - probleem
  - steeds
  - stopt
  - wanneer

Inloggen

Profielen

Forums

Store

Alles dat geplaatst werd door ajkappert

OVER ONS

SITEMAP

Belangrijke informatie