Inhoud van paddepoel - PC Helpforum

laptop woordt traag - opstarten duurt heel lang

paddepoel plaatste een topic in Archief Bestrijding malware & virussen

Hallo, de laptop wordt nogal traag. Vooral het opstarten neemt nogal wat tijd in beslag. Een snelle scan met MalwareBytes heeft niets opgeleverd. Hierbij een HijackThis logje: Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 10:04:30, on 24/08/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16660) CHROME: 28.0.1500.95 Boot mode: Normal Running processes: C:\Windows\PLFSetI.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Users\Nele\Desktop\onderhoud PC\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer! R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [F-Secure Hoster (44163)] "C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe" -app -hosterid:1 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107 O17 - HKLM\System\CCS\Services\Tcpip\..\{7B1D8BE1-18A3-40BC-8D0B-D94E936B151C}: NameServer = 81.169.60.107 81.169.60.107 O17 - HKLM\System\CS1\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107 O17 - HKLM\System\CS2\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Reputation\fsorsp.exe O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13108 bytes

PC wordt traag

paddepoel reageerde op paddepoel's topic in Archief Bestrijding malware & virussen

De foutmelding is inderdaad verdwenen. Moet ComboFix nu niet worden verwijderd ?

PC wordt traag

paddepoel reageerde op paddepoel's topic in Archief Bestrijding malware & virussen

Heb Combofix herstart in veilige modus en nadien ook hijackThis gerund. Hierbij de logjes: ComboFix 13-01-27.03 - pgadebac 27/01/2013 10:27:21.2.4 - x86 MINIMAL Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3055.1783 [GMT 1:00] Gestart vanuit: c:\users\pgadebac\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\pgadebac\Desktop\CFScript.txt AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_mvaservice . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-27 to 2013-01-27 )))))))))))))))))))))))))))))) . . 2013-01-27 09:32 . 2013-01-27 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-27 09:32 . 2013-01-27 09:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-01-27 08:25 . 2013-01-27 08:26 -------- d-----w- c:\program files\Common Files\Adobe 2013-01-27 06:54 . 2013-01-27 06:54 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\offreg.dll 2013-01-26 14:31 . 2013-01-26 14:31 -------- d-----w- c:\users\pgadebac\AppData\Roaming\smkits 2013-01-20 11:59 . 2013-01-27 09:34 -------- d-----w- c:\users\pgadebac\AppData\Local\temp 2013-01-19 12:39 . 2013-01-19 12:39 -------- d-----w- c:\program files\ESET 2013-01-19 12:17 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\mpengine.dll 2013-01-19 12:17 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2013-01-18 14:16 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-18 14:15 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs 2013-01-12 09:54 . 2013-01-12 09:54 -------- d-----w- c:\users\pgadebac\AppData\Local\Programs . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-15 16:34 . 2012-09-23 16:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-15 16:34 . 2012-07-03 07:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-19 08:48 . 2012-07-09 07:28 5995172 ----a-w- c:\windows\FramePkg.exe 2012-12-14 15:49 . 2012-07-07 06:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-17 12:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2012-11-17 12:55 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-11-14 12:16 . 2012-11-14 12:16 4608 ----a-w- c:\windows\system32\w95inf32.dll 2012-11-14 12:16 . 2012-11-14 12:16 2272 ----a-w- c:\windows\system32\w95inf16.dll 2012-03-13 04:38 . 2012-07-03 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Copernic Desktop Search - Corporate"="c:\program files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2010-09-07 1743320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-26 13830760] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708] "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "LogonV2"="c:\mva-tools\loglogonV2.exe" [2013-01-07 310779] "PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192] "DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416] "LaCie Safe Manager Startup"="c:\program files\LaCie\Safe Manager\LSMDaemon.exe" [2010-04-02 45568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= - . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0] "Script"=\\finbel\findata\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey] 2011-06-26 19:57 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray] 2012-10-30 10:20 1315400 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch] 2012-10-19 22:02 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-07-05 13:43 116648 ----atw- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan] 2005-09-29 18:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Safe Manager Startup] 2010-04-02 14:27 45568 ----a-w- c:\program files\LaCie\Safe Manager\LSMDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband] 2011-06-14 16:39 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe . R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x] R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x] R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x] R3 Sb2.Printer;Sb2.Printer;c:\program files\Sb2\Sb2.Printer.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 UacCtl2;GN Netcom Control Driver;c:\windows\system32\DRIVERS\uacctl2.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x] S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x] S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x] S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x] S2 LNSUSvc;Lotus Notes Smart Upgrade-service;c:\program files\IBM\Lotus\Notes\SUService.exe [x] S2 Lotus Notes Diagnostics;Lotus Notes Diagnostische Service;c:\program files\IBM\Lotus\Notes\nsd.exe [x] S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x] S2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [x] S2 VmbService;Vodafone Mobile Broadband-service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 16:34] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job - c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job - c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://intranet mStart Page = hxxp://intranet TCP: DhcpNameServer = 195.130.130.130 195.130.131.130 TCP: Interfaces\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11 TCP: Interfaces\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11 TCP: Interfaces\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11 TCP: Interfaces\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11 TCP: Interfaces\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11 DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5016) c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll c:\program files\Copernic Desktop Search - Corporate\DeskbandIntegration304000026.dll c:\program files\Copernic Desktop Search - Corporate\SearchPlatform-s.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\IDT\WDM\STacSV.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\IBM\Lotus\Notes\ntmulti.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\CCM\CcmExec.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\taskhost.exe c:\program files\Teamviewer\Version7\TeamViewer.exe c:\windows\system32\conhost.exe c:\program files\Teamviewer\Version7\tv_w32.exe c:\windows\system32\msiexec.exe c:\windows\System32\vds.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\program files\Philips Display\SmartControl\DTHtml.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe c:\program files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe c:\program files\Portrait Displays\Pivot Pro Plugin\floater.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe c:\windows\system32\sppsvc.exe c:\windows\system32\wbem\WmiApSrv.exe . ************************************************************************** . Voltooingstijd: 2013-01-27 10:38:07 - machine werd herstart ComboFix-quarantined-files.txt 2013-01-27 09:38 ComboFix2.txt 2013-01-20 12:08 . Pre-Run: 149.251.698.688 bytes beschikbaar Post-Run: 149.046.054.912 bytes beschikbaar . - - End Of File - - F5222B3AE20659D0872BA643700ADA3C Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:41:35, on 27/01/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Program Files\Teamviewer\Version7\TeamViewer.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\Philips Display\SmartControl\DTHtml.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\LaCie\Safe Manager\LSMDaemon.exe C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe C:\Windows\Explorer.exe C:\Windows\system32\notepad.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\pgadebac\Documents\onderhoud PC\HijackThis.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910080500.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [LogonV2] C:\MVA-Tools\loglogonV2.exe O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10 O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [LaCie Safe Manager Startup] "C:\Program Files\LaCie\Safe Manager\LSMDaemon.exe" O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} (ALM Platfrom Loader v11) - http://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.minfin.be/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra O17 - HKLM\System\CCS\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS1\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS2\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe O23 - Service: AgentService - Autonomy Corporation plc - c:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe O23 - Service: Lotus Notes Smart Upgrade-service (LNSUSvc) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\SUService.exe O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: Sb2.Printer - Sb2 - C:\Program Files\Sb2\Sb2.Printer.exe O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- End of file - 11334 bytes - - - Updated - - - Ik heb de indruk dat de portable vlotter draait. Wanneer ik op de McAfee > Info klik, heb ik volgende pop-up:

PC wordt traag

paddepoel reageerde op paddepoel's topic in Archief Bestrijding malware & virussen

Hierbij het ComboFix logje: Wanneer ik HijackThis wil opstarten krijg ik volgende foutmelding: ComboFix 13-01-17.04 - pgadebac 20/01/2013 12:55:49.1.4 - x86 MINIMAL Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3055.1841 [GMT 1:00] Gestart vanuit: c:\users\pgadebac\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\data C:\install.exe c:\programdata\SEC7351.tmp c:\windows\system32\ReadMe.txt c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll c:\windows\system32\ZoomIt.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_mvaservice -------\Service_uvnc_service . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-20 to 2013-01-20 )))))))))))))))))))))))))))))) . . 2013-01-20 11:59 . 2013-01-20 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-20 11:59 . 2013-01-20 11:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-01-19 12:39 . 2013-01-19 12:39 -------- d-----w- c:\program files\ESET 2013-01-19 12:17 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\mpengine.dll 2013-01-19 12:17 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2013-01-18 14:16 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-18 14:15 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs 2013-01-12 09:54 . 2013-01-12 09:54 -------- d-----w- c:\users\pgadebac\AppData\Local\Programs . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-15 16:34 . 2012-09-23 16:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-15 16:34 . 2012-07-03 07:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-19 08:48 . 2012-07-09 07:28 5995172 ----a-w- c:\windows\FramePkg.exe 2012-12-14 15:49 . 2012-07-07 06:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-17 12:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2012-11-17 12:55 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-11-14 12:16 . 2012-11-14 12:16 4608 ----a-w- c:\windows\system32\w95inf32.dll 2012-11-14 12:16 . 2012-11-14 12:16 2272 ----a-w- c:\windows\system32\w95inf16.dll 2012-03-13 04:38 . 2012-07-03 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Copernic Desktop Search - Corporate"="c:\program files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2010-09-07 1743320] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-26 13830760] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708] "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496] "LogonV2"="c:\mva-tools\loglogonV2.exe" [2013-01-07 310779] "PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192] "DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416] "LaCie Safe Manager Startup"="c:\program files\LaCie\Safe Manager\LSMDaemon.exe" [2010-04-02 45568] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "HideSCAHealth"= - . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0] "Script"=\\finbel\findata\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey] 2011-06-26 19:57 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray] 2012-10-30 10:20 1315400 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch] 2012-10-19 22:02 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-07-05 13:43 116648 ----atw- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan] 2005-09-29 18:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Safe Manager Startup] 2010-04-02 14:27 45568 ----a-w- c:\program files\LaCie\Safe Manager\LSMDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband] 2011-06-14 16:39 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe . R2 VmbService;Vodafone Mobile Broadband-service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x] R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x] R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x] R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x] R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x] R3 Sb2.Printer;Sb2.Printer;c:\program files\Sb2\Sb2.Printer.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 UacCtl2;GN Netcom Control Driver;c:\windows\system32\DRIVERS\uacctl2.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x] S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x] S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x] S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x] S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x] S2 LNSUSvc;Lotus Notes Smart Upgrade-service;c:\program files\IBM\Lotus\Notes\SUService.exe [x] S2 Lotus Notes Diagnostics;Lotus Notes Diagnostische Service;c:\program files\IBM\Lotus\Notes\nsd.exe [x] S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x] S2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [x] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 16:34] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job - c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43] . 2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job - c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://intranet mStart Page = hxxp://intranet TCP: DhcpNameServer = 195.130.130.130 195.130.131.130 TCP: Interfaces\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11 TCP: Interfaces\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11 TCP: Interfaces\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11 TCP: Interfaces\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11 TCP: Interfaces\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11 DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.be FF - prefs.js: network.proxy.type - 4 FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be . . ------- Bestandsassociaties ------- . inifile=%SystemRoot%\SciTE.exe "%1" txtfile=%SystemRoot%\SciTE.exe "%1" . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4624) c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll c:\program files\Copernic Desktop Search - Corporate\DeskbandIntegration304000026.dll c:\program files\Copernic Desktop Search - Corporate\SearchPlatform-s.dll c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll . - - - - - - - > 'explorer.exe'(3528) c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\nvvsvc.exe c:\program files\IDT\WDM\STacSV.exe c:\windows\system32\nvvsvc.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe c:\program files\Juniper Networks\Common Files\dsNcService.exe c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\IBM\Lotus\Notes\ntmulti.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\windows\system32\conhost.exe c:\windows\system32\taskhost.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\CCM\CcmExec.exe c:\program files\Common Files\McAfee\SystemCore\mcshield.exe c:\program files\Teamviewer\Version7\TeamViewer.exe c:\windows\system32\conhost.exe c:\program files\Teamviewer\Version7\tv_w32.exe c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe c:\program files\Philips Display\SmartControl\DTHtml.exe c:\program files\McAfee\Common Framework\McTray.exe c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe c:\program files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe c:\program files\Portrait Displays\Pivot Pro Plugin\floater.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\windows\System32\vds.exe c:\windows\system32\msiexec.exe c:\windows\system32\sppsvc.exe c:\windows\system32\wbem\WmiApSrv.exe . ************************************************************************** . Voltooingstijd: 2013-01-20 13:08:08 - machine werd herstart ComboFix-quarantined-files.txt 2013-01-20 12:08 . Pre-Run: 151.077.576.704 bytes beschikbaar Post-Run: 151.718.653.952 bytes beschikbaar . - - End Of File - - 4EB561EE3A9E6A7BF2DBC7C35E7C061D

PC wordt traag

paddepoel reageerde op paddepoel's topic in Archief Bestrijding malware & virussen

Wanneer ik ComboFix wil installeren, krijg ik meerder malen foutmeldingen. Ik kan klikken op Afbreken, Negeren of Overslaan. Heb op Overslaan geklikt. Na installatie van ComboFix, opstarten en updtane krijg je het blauwe scherm, maar onmiddelijk de boodschap dat een bestand mist (wat logisch is). Hoe kan ik ComboFix volledig geïnstalleerd krijgen?

PC wordt traag

paddepoel reageerde op paddepoel's topic in Archief Bestrijding malware & virussen

Het gaat niet over dezelfde laptop - het andere topic betrof een vorige laptop.

PC wordt traag

paddepoel plaatste een topic in Archief Bestrijding malware & virussen

De laptop reageert sedert enige tijd vrij traag - opstarten van bvb. Excel duurt lang - soms 'bevriest' een toepassing of IE - een snelle scan met Mamwarebyutes Anti-Malware heeft geen besmettingen aantgetoond - hierbij een Hijackthis logje. pcLogfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:49:19, on 12/01/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Teamviewer\Version7\TeamViewer.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Philips Display\SmartControl\DTHtml.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Users\pgadebac\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe C:\Program Files\Borland\StarTeam Toolbar\SBToolbar.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe C:\PROGRA~1\COPERN~1\DESKTO~3.EXE C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Users\pgadebac\Favorites\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910080500.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Copernic Desktop Search - Corporate Toolbar - {B69A3268-DA39-49B0-B1A6-4E7E4B98BB45} - C:\Program Files\Copernic Desktop Search - Corporate\Toolbar\ToolbarContainer101000325.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" O4 - HKLM\..\Run: [LogonV2] C:\MVA-Tools\loglogonV2.exe O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10 O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} (ALM Platfrom Loader v11) - http://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.minfin.be/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra O17 - HKLM\System\CCS\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CCS\Services\Tcpip\..\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS1\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS2\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe O23 - Service: AgentService - Autonomy Corporation plc - c:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe O23 - Service: Lotus Notes Smart Upgrade-service (LNSUSvc) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\SUService.exe O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\MVA-Tools\srvany.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe O23 - Service: Sb2.Printer - Sb2 - C:\Program Files\Sb2\Sb2.Printer.exe O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe O23 - Service: uvnc_service - UltraVNC - C:\Program Files\VNC\winvnc.exe O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- End of file - 12516 bytes

PC vertraagt en foutmeldingen ivm harde schijfnda

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Hallo, ik neem steeds een 'volledige' image van een schijf, dus, MBR, Recovery, .... Dus, in principe zit ik goed. Ik veronderstel dat de nieuwe schijf wel groter mag zijn dan de oude. Vroeger werd reeds een schijf (voor een andere laptop) vervangen en die was merkelijk groter. De image werd teruggeplaatst en alles was OK. Bij opstarten van deze laptop krijg ik een scherm waarop vermeld staat: Disk Failure is imminent. Please backup immediately data. Na drukken op F1 start de laptop op. De laptop is nog geen 3 jaar oud. Bij het runnen van HD Tune krijg ik geen foutmeldingen. Ik heb enkel de quickScan gedraaid. Ik draai vananvond wel eens de volledige scan. Het gekke is dat delaptop soms heel lang nodig heeft om bvb. Chrome te openen of een toepassing. Na een tijdje werkt de laptop blijkbaar weer op 'normale' snelheid. Zou het ook niet een probleem van Malware of iets dergelijks kunnen zijn. (een volledige scan van Malwarebytes heeft 1 besmetting gevonden, die werd verwijderd).

PC vertraagt en foutmeldingen ivm harde schijfnda

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Bedankt voor de snelle reacties. Ik laat HD Tune lopen en zal de resultaten posten. Vraagje: wanneer ik een volledige image van de harde schijf maak ik gebruik Easus ToDo Backup 3.0 Free) en die dan op een nieuwe HDD zet, is alles dan OK of loop ik het risico dat schijffouten worden gekopieerd ? Als de oude schijf 'fysiek' aan het begeven is, zou een teruggeplaatste image op een nieuwe schijf toch geen problemen mogen geven?

PC vertraagt en foutmeldingen ivm harde schijf

paddepoel plaatste een topic in Archief Windows Algemeen

Hallo, de laptop vertraagt enorm. Opstarten duurt lang en loop soms volledig vast. Schijfcontrole heeft een hele reeks fouten aangegeven die werden gecorrigeerd. Heb vandaag bij opstarten een foutmelding gekregen dat er ernstige schijfproblemen (zouden) zijn. Heb Seagate SeaTools for Windows geïnstalleerd. Enkele testen falen: SMART Test, Short DST. Wat kan het probleem zijn?

PC vertraagt en foutmeldingen ivm harde schijfnda

paddepoel plaatste een topic in Archief Windows Algemeen

Hallo, de laptop vertraagt enorm. Opstarten duurt lang en loop soms volledig vast. Schijfcontrole heeft een hele reeks fouten aangegeven die werden gecorrigeerd. Heb vandaag bij opstarten een foutmelding gekregen dat er ernstige schijfproblemen (zouden) zijn. Heb Seagate SeaTools for Windows geïnstalleerd. Enkele testen falen: SMART Test, Short DST. Wat kan het probleem zijn?

Laptop bevriest...

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Hierbij het logje + een Speccy-logje: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:03:38, on 6/02/2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\Drivers\trcboot.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\IBM\Lotus\Notes\nsd.exe C:\Program Files\IBM\Lotus\Notes\nslsvice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\mfevtps.exe C:\Program Files\IBM\Lotus\Notes\ntmulti.exe C:\WINNT\System32\srvany.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\WINNT\system32\mvaservice.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINNT\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINNT\system32\SearchIndexer.exe C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINNT\system32\CCM\CcmExec.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\WINNT\system32\Drivers\ldlcserv.exe C:\WINNT\system32\Drivers\ldlcserv6.exe C:\Program Files\Connected\CBSysTray.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\WINNT\stsystra.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe C:\WINNT\system32\ctfmon.exe D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE C:\WINNT\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [EZ Notes Search] C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe O4 - HKLM\..\Run: [Logon] C:\WINNT\system32\loglogon.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user') O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.intranet O15 - Trusted IP range: http://192.168.2.1 O15 - ESC Trusted IP range: http://192.168.2.1 O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: schmap-help - (no CLSID) - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 13924 bytes SPECCY: Overzicht Besturingssysteem MS Windows XP Professional 32-bit SP3 Processor AMD Turion 64 X2 Mobile TL-56 52 °C Tyler 65nm Technologie RAM 3,00 GB Single-Kanaal DDR2 @ 299MHz (5-5-5-15) Moederbord Dell Inc. 0PM233 (Microprocessor) 62 °C Graphics Standaardbeeldscherm (1280x800@60Hz) ATI video (Dell) Harde schijven 78GB Seagate ST980813ASG (SATA) 31 °C Optische schijven SONY CDRWDVD CRX880A Audio USB-audioapparaat Besturingssysteem MS Windows XP Professional 32-bit SP3 Installatie datum: 17 July 2008, 08:58 Serienummer: ******************************** Windows Security Center Firewall Ingeschakeld Windows Update AutoUpdate Download automatisch en installeer op geplande tijd Schema frequentie Elke dag Antivirus Antivirus Ingeschakeld Bedrijfsnaam McAfee, Inc. Weergavenaam McAfee VirusScan Enterprise Product versie 8.7.0.570 Omgevingsvariabelen USERPROFILE D:\Documents and Settings\pgadebac SystemRoot C:\WINNT Gebruikersvariabelen TEMP D:\Documents and Settings\pgadebac\Local Settings\Temp TMP D:\Documents and Settings\pgadebac\Local Settings\Temp _settings_result 0 MOZ_PLUGIN_PATH C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\ Machine variabelen ComSpec C:\WINNT\system32\cmd.exe Path C:\WINNT\system32 C:\WINNT C:\WINNT\system32\wbem C:\Program Files\IBM\Personal Communications C:\Program Files\IBM\Trace Facility C:\Program Files\Borland\StarTeam SDK 9.3\Lib C:\Program Files\Borland\StarTeam SDK 9.3\Bin C:\Program Files\Common Files\Autodesk Shared C:\Program Files\Borland\CaliberRM SDK 2005 R2\lib C:\Program Files\Borland\StarTeam SDK 2005 R2\Lib C:\Program Files\Borland\StarTeam SDK 2005 R2\Bin C:\WINNT\system32\WindowsPowerShell\v1.0 C:\Program Files\Belgium Identity Card C:\Program Files\IBM\Lotus\Notes windir C:\WINNT FP_NO_HOST_CHECK NO OS Windows_NT PROCESSOR_ARCHITECTURE x86 PROCESSOR_LEVEL 15 PROCESSOR_IDENTIFIER x86 Family 15 Model 104 Stepping 2, AuthenticAMD PROCESSOR_REVISION 6802 NUMBER_OF_PROCESSORS 2 PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1 TEMP C:\WINNT\TEMP TMP C:\WINNT\TEMP PCOMM_Root C:\Program Files\IBM\Personal Communications\ CLASSPATH C:\Program Files\Belgium Identity Card; DEFLOGDIR D:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection VSEDEFLOGDIR D:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection DEVMGR_SHOW_NONPRESENT_DEVICES 1 DEVMGR_SHOW_DETAILS 1 Batterij AC lijn Online Batterij volledige tijd Onbekend Batterij lading % 100 % Batterij staat Hoog Resterende tijd (sec) Onbekend Energieprofiel Actief energiebeheerschema Maximum Performance (QuickSet) Slaapstand Ingeschakeld Geforceerd uitschakelen Ingeschakeld Geforceerd stoppen Ingeschakeld Schakel monitor uit na: (Bij het aansluiten van AC stroom) Nooit Schakel monitor uit na: (Bij het aansluiten van de batterij) Nooit Schakel harde schijf uit na: (Bij het aansluiten van AC stroom) Nooit Schakel harde schijf uit na: (Bij het aansluiten van de batterij) Nooit Stoppen na: (Bij het aansluiten van AC stroom) Nooit Stoppen na: (Bij het aansluiten van de batterij) Nooit Screensaver Uitgeschakeld Uptime Huidige sessie Huidige tijd 6/02/2012 8:05:59 Huidige uptime 89137 sec (1 d, 00 h, 45 m, 37 s) Laatste opstarttijd 5/02/2012 7:20:22 Tijdzone Tijdzone GMT +1 uur Taal Dutch Land België Munteenheid € Datumnotatie d/MM/yyyy Tijdnotatie H:mm:ss Schema GoogleUpdateTaskMachineUA 6/02/2012 8:33;elke 1 uur, vanaf 14:33 uur, gedurende 24 uur elke dag, te beginnen op 1/02/2012 GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA 6/02/2012 8:51;elke 1 uur, vanaf 16:51 uur, gedurende 24 uur elke dag, te beginnen op 17/05/2010 GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core 6/02/2012 8:57;om 8:57 uur, elke dag, te beginnen op 2/02/2012 GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA 6/02/2012 8:58;elke 1 uur, vanaf 8:58 uur, gedurende 24 uur elke dag, te beginnen op 2/02/2012 GoogleUpdateTaskMachineCore 6/02/2012 14:33;Uitvoeren bij aanmelden GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core 6/02/2012 16:51;om 16:51 uur, elke dag, te beginnen op 17/05/2010 Proceslijst agentsrv.exe Proces ID 2004 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\Connected\AgentSrv.EXE Geheugengebruik 280 kB Piek Geheugengebruik 26 MB alg.exe Proces ID 2920 Gebruiker Lokale service Domein NT AUTHORITY Locatie C:\WINNT\System32\alg.exe Geheugengebruik 3.69 MB Piek Geheugengebruik 3.70 MB ati2evxx.exe Proces ID 1752 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\Ati2evxx.exe Geheugengebruik 3.48 MB Piek Geheugengebruik 3.49 MB ati2evxx.exe Proces ID 6028 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\Ati2evxx.exe Geheugengebruik 4.14 MB Piek Geheugengebruik 4.15 MB cbsystray.exe Proces ID 840 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\Connected\CBSysTray.exe Geheugengebruik 1.23 MB Piek Geheugengebruik 2.38 MB ccmexec.exe Proces ID 3396 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\CCM\CcmExec.exe Geheugengebruik 20 MB Piek Geheugengebruik 21 MB chrome.exe Proces ID 824 Gebruiker pgadebac Domein FINBEL Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Geheugengebruik 43 MB Piek Geheugengebruik 44 MB chrome.exe Proces ID 4240 Gebruiker pgadebac Domein FINBEL Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Geheugengebruik 16 MB Piek Geheugengebruik 16 MB chrome.exe Proces ID 5124 Gebruiker pgadebac Domein FINBEL Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Geheugengebruik 49 MB Piek Geheugengebruik 50 MB csrss.exe Proces ID 1488 Gebruiker SYSTEM Domein NT AUTHORITY Locatie \??\C:\WINNT\system32\csrss.exe Geheugengebruik 6.54 MB Piek Geheugengebruik 12 MB ctfmon.exe Proces ID 6036 Gebruiker pgadebac Domein FINBEL Locatie C:\WINNT\system32\ctfmon.exe Geheugengebruik 3.50 MB Piek Geheugengebruik 3.50 MB dsncservice.exe Proces ID 280 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\Juniper Networks\Common Files\dsNcService.exe Geheugengebruik 11 MB Piek Geheugengebruik 12 MB engineserver.exe Proces ID 1396 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe Geheugengebruik 385 MB Piek Geheugengebruik 581 MB explorer.exe Proces ID 2084 Gebruiker pgadebac Domein FINBEL Locatie C:\WINNT\Explorer.EXE Geheugengebruik 27 MB Piek Geheugengebruik 58 MB eznconnector.exe Proces ID 1036 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe Geheugengebruik 33 MB Piek Geheugengebruik 33 MB frameworkservice.exe Proces ID 1412 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\McAfee\Common Framework\FrameworkService.exe Geheugengebruik 6.12 MB Piek Geheugengebruik 13 MB googlecrashhandler.exe Proces ID 480 Gebruiker pgadebac Domein FINBEL Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe Geheugengebruik 504 kB Piek Geheugengebruik 1.97 MB ioloservicemanager.exe Proces ID 504 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\iolo\common\lib\ioloServiceManager.exe Geheugengebruik 5.68 MB Piek Geheugengebruik 5.70 MB jqs.exe Proces ID 888 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\Java\jre7\bin\jqs.exe Geheugengebruik 1.41 MB Piek Geheugengebruik 18 MB ldlcserv.exe Proces ID 3508 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\Drivers\ldlcserv.exe Geheugengebruik 1.27 MB Piek Geheugengebruik 1.28 MB ldlcserv6.exe Proces ID 3556 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\Drivers\ldlcserv6.exe Geheugengebruik 1.29 MB Piek Geheugengebruik 1.29 MB lsass.exe Proces ID 1576 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\lsass.exe Geheugengebruik 3.71 MB Piek Geheugengebruik 7.73 MB mbamservice.exe Proces ID 976 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Geheugengebruik 7.20 MB Piek Geheugengebruik 7.31 MB mcshield.exe Proces ID 3424 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe Geheugengebruik 48 MB Piek Geheugengebruik 240 MB mctray.exe Proces ID 856 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\McAfee\Common Framework\McTray.exe Geheugengebruik 1.22 MB Piek Geheugengebruik 7.36 MB mdm.exe Proces ID 1464 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Geheugengebruik 3.29 MB Piek Geheugengebruik 3.31 MB mfeann.exe Proces ID 3536 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe Geheugengebruik 4.03 MB Piek Geheugengebruik 6.43 MB mfevtps.exe Proces ID 1940 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\mfevtps.exe Geheugengebruik 404 kB Piek Geheugengebruik 2.35 MB msaccess.exe Proces ID 4384 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE Geheugengebruik 34 MB Piek Geheugengebruik 34 MB msaccess.exe Proces ID 3908 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE Geheugengebruik 34 MB Piek Geheugengebruik 34 MB mvaservice.exe Proces ID 2144 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\mvaservice.exe Geheugengebruik 6.82 MB Piek Geheugengebruik 6.84 MB naprdmgr.exe Proces ID 2392 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\McAfee\Common Framework\naPrdMgr.exe Geheugengebruik 1.00 MB Piek Geheugengebruik 8.51 MB nicconfigsvc.exe Proces ID 2136 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe Geheugengebruik 7.79 MB Piek Geheugengebruik 22 MB nlnotes.exe Proces ID 3732 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE Geheugengebruik 69 MB Piek Geheugengebruik 69 MB notepad.exe Proces ID 876 Gebruiker pgadebac Domein FINBEL Locatie C:\WINNT\system32\NOTEPAD.EXE Geheugengebruik 728 kB Piek Geheugengebruik 3.68 MB notes2.exe Proces ID 4308 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe Geheugengebruik 179 MB Piek Geheugengebruik 200 MB nsd.exe Proces ID 688 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\IBM\Lotus\Notes\nsd.exe Geheugengebruik 4.11 MB Piek Geheugengebruik 4.12 MB nslsvice.exe Proces ID 960 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\IBM\Lotus\Notes\nslsvice.exe Geheugengebruik 1.34 MB Piek Geheugengebruik 1.35 MB ntaskldr.exe Proces ID 2536 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE Geheugengebruik 17 MB Piek Geheugengebruik 45 MB ntmulti.exe Proces ID 2104 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\IBM\Lotus\Notes\ntmulti.exe Geheugengebruik 1.83 MB Piek Geheugengebruik 2.01 MB pcs_agnt.exe Proces ID 1960 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE Geheugengebruik 5.14 MB Piek Geheugengebruik 5.27 MB powerpnt.exe Proces ID 5760 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE Geheugengebruik 2.38 MB Piek Geheugengebruik 34 MB quickset.exe Proces ID 2416 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\Dell\QuickSet\Quickset.exe Geheugengebruik 7.77 MB Piek Geheugengebruik 7.78 MB scardsvr.exe Proces ID 1168 Gebruiker Lokale service Domein NT AUTHORITY Locatie C:\WINNT\System32\SCardSvr.exe Geheugengebruik 2.73 MB Piek Geheugengebruik 2.75 MB searchfilterhost.exe Proces ID 1196 Gebruiker Lokale service Domein NT AUTHORITY Locatie C:\WINNT\system32\SearchFilterHost.exe Geheugengebruik 5.24 MB Piek Geheugengebruik 5.24 MB searchindexer.exe Proces ID 3236 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\SearchIndexer.exe Geheugengebruik 17 MB Piek Geheugengebruik 54 MB searchprotocolhost.exe Proces ID 2856 Gebruiker pgadebac Domein FINBEL Locatie C:\WINNT\system32\SearchProtocolHost.exe Geheugengebruik 2.45 MB Piek Geheugengebruik 27 MB services.exe Proces ID 1564 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\services.exe Geheugengebruik 6.42 MB Piek Geheugengebruik 9.50 MB smss.exe Proces ID 1128 Gebruiker SYSTEM Domein NT AUTHORITY Locatie \SystemRoot\System32\smss.exe Geheugengebruik 420 kB Piek Geheugengebruik 504 kB speccy.exe Proces ID 4920 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\Speccy\Speccy.exe Geheugengebruik 13 MB Piek Geheugengebruik 13 MB spoolsv.exe Proces ID 1108 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\spoolsv.exe Geheugengebruik 10 MB Piek Geheugengebruik 73 MB srvany.exe Proces ID 2120 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\System32\srvany.exe Geheugengebruik 1.41 MB Piek Geheugengebruik 1.42 MB stacsv.exe Proces ID 2280 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe Geheugengebruik 4.17 MB Piek Geheugengebruik 4.19 MB stsystra.exe Proces ID 2256 Gebruiker pgadebac Domein FINBEL Locatie C:\WINNT\stsystra.exe Geheugengebruik 8.29 MB Piek Geheugengebruik 8.29 MB svchost.exe Proces ID 4320 Gebruiker Netwerkservice Domein NT AUTHORITY Locatie C:\WINNT\system32\svchost.exe Geheugengebruik 7.82 MB Piek Geheugengebruik 8.18 MB svchost.exe Proces ID 668 Gebruiker Lokale service Domein NT AUTHORITY Locatie C:\WINNT\system32\svchost.exe Geheugengebruik 5.17 MB Piek Geheugengebruik 5.18 MB svchost.exe Proces ID 2024 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\svchost.exe Geheugengebruik 3.39 MB Piek Geheugengebruik 3.39 MB svchost.exe Proces ID 1984 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\System32\svchost.exe Geheugengebruik 33 MB Piek Geheugengebruik 47 MB svchost.exe Proces ID 1772 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\svchost.exe Geheugengebruik 5.77 MB Piek Geheugengebruik 5.83 MB svchost.exe Proces ID 3072 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\svchost.exe Geheugengebruik 4.36 MB Piek Geheugengebruik 4.52 MB svchost.exe Proces ID 1820 Locatie C:\WINNT\system32\svchost.exe Geheugengebruik 5.08 MB Piek Geheugengebruik 5.25 MB system Proces ID 4 Gebruiker Administrators Domein INGEBOUWD Geheugengebruik 244 kB Piek Geheugengebruik 2.93 MB system idle process Proces ID 0 tosbtsrv.exe Proces ID 3092 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe Geheugengebruik 2.67 MB Piek Geheugengebruik 2.83 MB trcboot.exe Proces ID 1924 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\Drivers\trcboot.exe Geheugengebruik 1.52 MB Piek Geheugengebruik 2.99 MB udaterui.exe Proces ID 5436 Gebruiker pgadebac Domein FINBEL Locatie C:\Program Files\McAfee\Common Framework\udaterui.exe Geheugengebruik 3.21 MB Piek Geheugengebruik 6.62 MB vstskmgr.exe Proces ID 1456 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe Geheugengebruik 1.69 MB Piek Geheugengebruik 83 MB winlogon.exe Proces ID 1520 Gebruiker SYSTEM Domein NT AUTHORITY Locatie \??\C:\WINNT\system32\winlogon.exe Geheugengebruik 6.34 MB Piek Geheugengebruik 16 MB winvnc.exe Proces ID 3208 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\Program Files\UltraVNC\WinVNC.exe Geheugengebruik 4.37 MB Piek Geheugengebruik 4.41 MB wmiprvse.exe Proces ID 3656 Locatie C:\WINNT\system32\wbem\wmiprvse.exe Geheugengebruik 6.43 MB Piek Geheugengebruik 6.45 MB wmiprvse.exe Proces ID 4084 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\wbem\wmiprvse.exe Geheugengebruik 5.46 MB Piek Geheugengebruik 5.63 MB wmiprvse.exe Proces ID 4140 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\wbem\wmiprvse.exe Geheugengebruik 6.00 MB Piek Geheugengebruik 6.68 MB wmiprvse.exe Proces ID 4756 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\wbem\wmiprvse.exe Geheugengebruik 5.63 MB Piek Geheugengebruik 6.35 MB wuser32.exe Proces ID 3368 Gebruiker SYSTEM Domein NT AUTHORITY Locatie C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe Geheugengebruik 808 kB Piek Geheugengebruik 4.13 MB Hotfixes Systeem folders Path for burning CD D:\Documents and Settings\pgadebac\Local Settings\Application Data\Microsoft\CD Burning Application Data D:\Documents and Settings\All Users\Application Data Public Desktop D:\Documents and Settings\All Users\Bureaublad Documents D:\Documents and Settings\All Users\Documenten Global Favorites D:\Documents and Settings\All Users\Favorieten Music D:\Documents and Settings\All Users\Documenten\Mijn muziek Pictures D:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen Start Menu Programs D:\Documents and Settings\All Users\Menu Start\Programma's Start Menu D:\Documents and Settings\All Users\Menu Start Startup D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten Templates D:\Documents and Settings\All Users\Sjablonen Videos D:\Documents and Settings\All Users\Documenten\Mijn video's Cookies D:\Documents and Settings\pgadebac\Cookies Desktop D:\Documents and Settings\pgadebac\Bureaublad Physical Desktop D:\Documents and Settings\pgadebac\Bureaublad User Favorites D:\Documents and Settings\pgadebac\Favorieten Fonts C:\WINNT\Fonts Internet History D:\Documents and Settings\pgadebac\Local Settings\Geschiedenis Temporary Internet Files D:\Documents and Settings\pgadebac\Local Settings\Temporary Internet Files Local Application Data D:\Documents and Settings\pgadebac\Local Settings\Application Data Windows directory C:\WINNT Windows/System C:\WINNT\system32 Program Files C:\Program Files Device Tree ACPI Multiprocessor-pc Systeem dat voldoet aan Microsoft ACPI AMD Turion 64 X2 Mobile Technology TL-56 AMD Turion 64 X2 Mobile Technology TL-56 ACPI-thermale zone Systeemkaart ACPI-deksel ACPI-aan/uit-knop ACPI-slaapstandknop Microsoft AC-adapter Accu die voldoet aan Microsoft ACPI-besturingsmethode Accu die voldoet aan Microsoft ACPI-besturingsmethode Microsoft Windows Beheerinterface voor ACPI Basisstation PCI-bus PCI standard host CPU bridge ATI SMBus PCI standard host CPU bridge PCI standard host CPU bridge PCI standard host CPU bridge PCI standard host CPU bridge Uitgebreide I/O-bus Systeemkaart Systeemkaart PCI standard PCI-to-PCI bridge ATI Radeon X1270 Standaardbeeldscherm Standaardbeeldscherm Standaardbeeldscherm Standaardbeeldscherm Standaardbeeldscherm PCI standard PCI-to-PCI bridge Dell draadloze 1390 WLAN Mini-kaart PCI standard PCI-to-PCI bridge Broadcom NetXtreme 57xx Gigabit Controller Standaard Dual Channel PCI IDE Controller Secundair IDE-kanaal Primair IDE-kanaal ST980813ASG Standard OpenHCD USB Host-controller USB-hoofdhub USB-HID HID-compliant muis Standard OpenHCD USB Host-controller USB-hoofdhub Standard OpenHCD USB Host-controller USB-hoofdhub Generic USB Hub O2Micro OZ776 USB CCID Smartcard Reader Standard OpenHCD USB Host-controller USB-hoofdhub Dell Wireless 360 Bluetooth Module Bluetooth RFBUS Bluetooth RFHID Bluetooth RFBNEP Bluetooth Personal Area Network Standard OpenHCD USB Host-controller USB-hoofdhub Standard Enhanced PCI naar USB-hostcontroller USB-hoofdhub Generic USB Hub Ondersteuning voor USB-afdrukken Samsung ML-3470 Series USB-apparaat voor massaopslag USB Device Algemeen volume Samengesteld USB-apparaat USB-audioapparaat USB-HID HID-compliant besturingsapparaat van gebruikers Standaard Dual Channel PCI IDE Controller Secundair IDE-kanaal Primair IDE-kanaal SONY CDRWDVD CRX880A Microsoft UAA Bus Driver for High Definition Audio SigmaTel High Definition Audio CODEC Conexant HDA D330 MDC V.92 Modem PCI standard ISA bridge ISAPNP Read Data-poort PS/2-compatibele muis Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord Systeem-CMOS/Real-timeklok Systeemtimer Systeemluidspreker Systeemkaart Controller voor directe geheugentoegang Numerieke-gegevensprocessor Gebeurtenistimer met hoge precisie Communicatiepoort (COM1) Systeemkaart ECP-printerpoort (LPT1) Printer Poort logische interface PCI standard PCI-to-PCI bridge Algemene CardBus Controller Basisstation OHCI Compliant IEEE 1394 Host Controller 1394-netwerkkaart #2 Diensten Opgestart Application Layer Gateway-service Opgestart Ati HotKey Poller Opgestart COM+-gebeurtenissysteem Opgestart Computer Browser Opgestart Connected Agent Service Opgestart CryptSvc Opgestart DCOM Server Process Launcher Opgestart DHCP Client Opgestart DNS Client Opgestart Event Log Opgestart Help en ondersteuning Opgestart HID Input Service Opgestart IBM Enterprise Extender (IPv4) Opgestart IBM Enterprise Extender (IPv6) Opgestart IBM Traceerfunctie Opgestart Intelligente achtergrondsoverdrachtservice Opgestart iolo FileInfoList Service Opgestart iolo System Service Opgestart Java Quick Starter Opgestart Juniper Network Connect Service Opgestart Lotus Notes Diagnostische Service Opgestart Lotus Notes Single Logon Opgestart Machine Debug Manager Opgestart MBAMService Opgestart McAfee Engine Service Opgestart McAfee Framework Service Opgestart McAfee McShield Opgestart McAfee Task Manager Opgestart McAfee Validation Trust Protection Service Opgestart Multi-user Cleanup Service Opgestart MVA-Team Service Opgestart Net Logon Opgestart Network Connections Opgestart Network Location Awareness (NLA) Opgestart NICCONFIGSVC Opgestart Plug and Play Opgestart Print Spooler Opgestart Protected Storage Opgestart Remote Procedure Call (RPC) Opgestart Secondary Logon Opgestart Security Accounts Manager Opgestart Server Opgestart Service voor het rapporteren van fouten Opgestart Shell Hardware Detection Opgestart SigmaTel Audio Service Opgestart Smart Card Opgestart SMS Agent Host Opgestart SMS Remote Control Agent Opgestart SSDP Discovery-service Opgestart System Event Notification Opgestart Task Scheduler Opgestart TCP/IP NetBIOS Helper Opgestart Telephony Opgestart Terminal Services Opgestart Thema's Opgestart TOSHIBA Bluetooth Service Opgestart Verbindingsbeheer voor RAS Opgestart VNC Server Opgestart Windows Audio Opgestart Windows Driver Foundation - User-mode Driver Framework Opgestart Windows Firewall (WF) / Internet-verbinding delen (ICS) Opgestart Windows Image Acquisition (WIA) Opgestart Windows Management Instrumentation Opgestart Windows Search Opgestart Wireless Zero Configuration-service Opgestart Workstation Gestopt .NET Runtime Optimization Service v2.0.50727_X86 Gestopt Alerter Gestopt Application Management Gestopt AppnNode Gestopt ASP.NET-statusservice Gestopt Automatic Updates Gestopt ClipBook Gestopt COM+-systeemtoepassing Gestopt COM-service voor IMAPI cd-branders Gestopt Compatibiliteit voor Snelle gebruikerswisseling Gestopt Delen van Extern bureaublad met NetMeeting Gestopt Distributed Link Tracking Client Gestopt Distributed Transaction Coordinator Gestopt Extensible Authentication Protocol-service Gestopt Google Update-service (gupdatem) Gestopt Google Updater Service Gestopt Google Updateservice (gupdate) Gestopt Google Updateservice (gupdate1c9c883e3eb492) Gestopt Health Key and Certificate Management-service Gestopt Helpsessiebeheer voor Extern bureaublad Gestopt HTTP SSL Gestopt Indexing-service Gestopt InstallDriver Table Manager Gestopt IPSEC-services Gestopt Logical Disk Manager Gestopt Logical Disk Manager Administrative-service Gestopt Messenger Gestopt Microsoft Automated Troubleshooting Service Gestopt Microsoft Office Diagnostics Service Gestopt Microsoft Office Groove Audit Service Gestopt MS Software Shadow Copy Provider Gestopt NAP-agent (Network Access Protection) Gestopt Net.Tcp service voor het delen van poorten Gestopt Network DDE Gestopt Network DDE DSDM Gestopt Network Provisioning Service Gestopt NT LM Security Support Provider Gestopt Office Source Engine Gestopt Performance Logs and Alerts Gestopt Pml Driver HPZ12 Gestopt PuranDefrag Gestopt QoS RSVP Gestopt Remote Access Auto Connection Manager Gestopt Remote Procedure Call (RPC) Locator Gestopt Remote Registry Gestopt Routing and Remote Access Gestopt Sb2.Printer Gestopt Security Center Gestopt Serienummerservice voor draagbare media Gestopt System Restore-service Gestopt Telnet Gestopt Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation Gestopt Uninterruptible Power Supply Gestopt Universele Plug en Play-apparaathost Gestopt Verwisselbare opslag Gestopt Volume Shadow Copy Gestopt WebClient Gestopt Windows CardSpace Gestopt Windows Installer Gestopt Windows Media Player Network Sharing-service Gestopt Windows Presentation Foundation Font Cache 3.0.0.0 Gestopt Wired AutoConfig Gestopt WMI-prestatieadapter Processor AMD Turion 64 X2 Mobile TL-56 Cores 2 Threads 2 Naam AMD Turion 64 X2 Mobile TL-56 Codenaam Tyler Package Socket S1 (638) Technologie 65nm Specificatie AMD Turion 64 X2 Mobile Technology TL-56 Familie F Uitgebreide familie F Model 8 Uitgebreid Model 68 Stepping 2 Instructies MMX (+), 3DNow! (+), SSE, SSE2, SSE3, AMD 64 Virtualisatie Ondersteund, Uitgeschakeld Hyperthreading Not supported Bussnelheid 199.5 MHZ Rated bussnelheid 798.1 MHZ Stock Core snelheid 1800 MHZ Stock Bus Snelheid 200 MHZ Gemiddelde Temperatuur 52 °C Caches L1 Data Cachegrootte 2 x 64 KBytes L1 Instructies Cachegrootte 2 x 64 KBytes L2 Unified Cachegrootte 2 x 512 KBytes Core 0 Coresnelheid 1795.4 MHZ Multiplier x 9.0 Bussnelheid 199.5 MHZ Rated bussnelheid 798.1 MHZ Temperatuur 52 °C Thread 1 APIC ID 0 Core 1 Coresnelheid 1795.4 MHZ Multiplier x 9.0 Bussnelheid 199.5 MHZ Rated bussnelheid 798.1 MHZ Temperatuur 53 °C Thread 1 APIC ID 1 RAM Geheugenslots Totaal geheugenslots 2 Gebruikte geheugenslots 2 Vrije geheugenslots 0 Geheugen Type DDR2 Grootte 3072 MBytes Kanalen # Single DRAM Frequentie 299.3 MHZ CAS# Latency (CL) 5 clocks RAS# naar CAS# vertraging (tRCD) 5 clocks RAS# Precharge (tRP) 5 clocks Cyclustijd (tRAS) 15 clocks Bank Cycle Time (tRC) 21 clocks Command Rate (CR) 2T Fysiek geheugen Geheugengebruik 39 % Fysiek totaal 2.87 GB Fysiek beschikbaar 1.74 GB Virtueel totaal 4.03 GB Virtueel beschikbaar 2.91 GB SPD Aantal SPD modules 2 Slot #1 Type DDR2 Grootte 2048 MBytes Fabrikant Hyundai Electronics Maximale bandbreedte PC2-6400 (400 MHZ) Onderdeel nummer HYMP125S64CP8-S6 Serial nummer 4661061F Week/jaar 28 / 09 SPD Ext. EPP JEDEC #3 Frequentie 400.0 MHZ CAS# vertraging 6.0 RAS# naar CAS# 6 RAS# voorladen 6 tRAS 18 tRC 24 Spanning 1.800 V JEDEC #2 Frequentie 333.3 MHZ CAS# vertraging 5.0 RAS# naar CAS# 6 RAS# voorladen 6 tRAS 16 tRC 21 Spanning 1.800 V JEDEC #1 Frequentie 266.7 MHZ CAS# vertraging 4.0 RAS# naar CAS# 4 RAS# voorladen 4 tRAS 12 tRC 16 Spanning 1.800 V Slot #2 Type DDR2 Grootte 1024 MBytes Fabrikant Samsung Maximale bandbreedte PC2-5300 (333 MHZ) Onderdeel nummer M4 70T2864QZ3-CE6 Serial nummer 762DD666 Week/jaar 05 / 08 SPD Ext. EPP JEDEC #3 Frequentie 333.3 MHZ CAS# vertraging 5.0 RAS# naar CAS# 6 RAS# voorladen 6 tRAS 16 tRC 21 Spanning 1.800 V JEDEC #2 Frequentie 266.7 MHZ CAS# vertraging 4.0 RAS# naar CAS# 4 RAS# voorladen 4 tRAS 12 tRC 16 Spanning 1.800 V JEDEC #1 Frequentie 200.0 MHZ CAS# vertraging 3.0 RAS# naar CAS# 3 RAS# voorladen 3 tRAS 9 tRC 12 Spanning 1.800 V Moederbord Fabrikant Dell Inc. Model 0PM233 (Microprocessor) Chipset verkoper ATI Chipset model RS690/RS690M Chipset herziening 00 Southbridge verkoper ATI Southbridge model SB600 Southbridge herziening 00 Systeem temperatuur 62 °C BIOS Merk Dell Inc. Versie A04 Datum 01/14/2008 PCI data Slot ONBEKEND Slot type ONBEKEND Slot gebruik Beschikbaar Bus breedte 32 bit Slot benaming PCMCIA 0 Slot nummer 0 Graphics Monitor Naam Standaardbeeldscherm op ATI Radeon X1270 Huidige resolutie 1280x800 pixels Werkresolutie 1280x766 pixels Status ingeschakeld, primaire Monitorbreedte 1280 Monitorhoogte 800 Monitor Bpp 32 bits per pixel Monitorfrequentie 60 Hz Apparaat \\.\DISPLAY1\Monitor0 ATI video GPU RS690M Apparaat ID 1002-791F Subvendor Dell (1028) Huidig prestatieniveau Level 1 'Die' grootte 49 nm² Releasedatum Feb 28, 2007 DirextX ondersteuning 9.0b DirectX shader model 2.0 OpenGL ondersteuning 2.0 Bios core clock 400.00 Bios memory clock 400.00 Stuurprogramma ati2mtag.sys Versie stuurprogramma 6.14.10.6666 ROPs 4 Shaders Vertex 4/Pixel 4 Type geheugen System Aantal prestatieniveau's: 1 Level 1 OpenGL Version 2.0.6347 WinXP Release Vendor ATI Technologies Inc. Renderer ATI Radeon X1270 x86/MMX/3DNow!/SSE2 GLU Version 1.2.2.0 Microsoft Corporation Values GL_MAX_LIGHTS 8 GL_MAX_TEXTURE_SIZE 2048 GL_MAX_TEXTURE_STACK_DEPTH 10 GL Extensions GL_ARB_multitexture GL_EXT_texture_env_add GL_EXT_compiled_vertex_array GL_S3_s3tc GL_ARB_depth_texture GL_ARB_fragment_program GL_ARB_fragment_program_shadow GL_ARB_fragment_shader GL_ARB_multisample GL_ARB_occlusion_query GL_ARB_point_parameters GL_ARB_point_sprite GL_ARB_shader_objects GL_ARB_shading_language_100 GL_ARB_shadow GL_ARB_shadow_ambient GL_ARB_texture_border_clamp GL_ARB_texture_compression GL_ARB_texture_cube_map GL_ARB_texture_env_add GL_ARB_texture_env_combine GL_ARB_texture_env_crossbar GL_ARB_texture_env_dot3 GL_ARB_texture_float GL_ARB_texture_mirrored_repeat GL_ARB_texture_rectangle GL_ARB_transpose_matrix GL_ARB_vertex_blend GL_ARB_vertex_buffer_object GL_ARB_pixel_buffer_object GL_ARB_vertex_program GL_ARB_vertex_shader GL_ARB_window_pos GL_ARB_draw_buffers GL_ATI_draw_buffers GL_ATI_envmap_bumpmap GL_ATI_fragment_shader GL_ATI_separate_stencil GL_ATI_shader_texture_lod GL_ATI_texture_env_combine3 GL_ATI_texture_float GL_ATI_texture_mirror_once GL_ATI_vertex_streams GL_ATIX_texture_env_combine3 GL_ATIX_texture_env_route GL_ATIX_vertex_shader_output_point_size GL_EXT_abgr GL_EXT_bgra GL_EXT_blend_color GL_EXT_blend_func_separate GL_EXT_blend_minmax GL_EXT_blend_subtract GL_EXT_clip_volume_hint GL_EXT_draw_range_elements GL_EXT_fog_coord GL_EXT_framebuffer_object GL_EXT_multi_draw_arrays GL_EXT_packed_pixels GL_EXT_point_parameters GL_EXT_rescale_normal GL_EXT_secondary_color GL_EXT_separate_specular_color GL_EXT_shadow_funcs GL_EXT_stencil_wrap GL_EXT_texgen_reflection GL_EXT_texture3D GL_EXT_texture_compression_s3tc GL_EXT_texture_cube_map GL_EXT_texture_edge_clamp GL_EXT_texture_env_combine GL_EXT_texture_env_dot3 GL_EXT_texture_filter_anisotropic GL_EXT_texture_lod_bias GL_EXT_texture_mirror_clamp GL_EXT_texture_object GL_EXT_texture_rectangle GL_EXT_vertex_array GL_EXT_vertex_shader GL_HP_occlusion_test GL_NV_blend_square GL_NV_occlusion_query GL_NV_texgen_reflection GL_SGI_color_matrix GL_SGIS_generate_mipmap GL_SGIS_multitexture GL_SGIS_texture_border_clamp GL_SGIS_texture_edge_clamp GL_SGIS_texture_lod GL_SUN_multi_draw_arrays GL_WIN_swap_hint WGL_EXT_extensions_string WGL_EXT_swap_control GLU Extensions GL_EXT_bgra Harde schijven ST980813ASG Fabrikant Seagate Vorm factor 2.5" Heads 16 Cylinders 16383 SATA type SATA-II 3.0Gb/s Apparaat type Vast ATA standaard ATA/ATAPI-7 LBA grootte 48-bit LBA Inschakelen op tel 4485 keren Inschakelen op tijd 285.8 days Functies S.M.A.R.T., APM, AAM, NCQ Overdrachtsmodus SATA II Interface SATA Capaciteit 78GB Ware grootte 80.026.361.856 bytes RAID Type None S.M.A.R.T. 01 Lees foutenpercentage 100 (253ergste) Data 0000000000 03 Spin-up tijd 099 (099) Data 0000000000 04 Start/stop aantal 096 (096) Data 000000120B 05 Herverdeelde sectoren aantal 100 (100) Data 0000000000 07 Zoek foutenpercentage 087 (060) Data 001C754427 09 Power-on uren (POH) 093 (093) Data 0000001ACB 0A Spin opnieuw tellen 100 (100) Data 0000000000 0C Apparaat vermogings cyclus aantal 096 (096) Data 0000001185 BB Gerapporteerde oncorigeerbare fouten 001 (001) Data 000000C9BD BD High Fly Writes (WDC) 100 (100) Data 0000000000 BE Verschil in temperatuur van 100 070 (039) Data 001E11001E BF G-sense foutenpercentage 100 (100) Data 0000000001 C0 Power-off Retract aantal 099 (099) Data 0000000AAA C1 Laden/lossen cyclus aantal 095 (095) Data 00000029FF C2 Temperatuur 030 (061) Data 000000001E C3 Hardware ECC hersteld 060 (056) Data 00003FA5B2 C5 Huidige afwachting aantal sectoren 100 (100) Data 0000000002 C6 Oncorrigeerbaar aantal sectoren 100 (100) Data 0000000002 C7 UltraDMA CRC Error aantal 200 (200) Data 0000000003 C8 Schrijf foutenpercentage / Multi-zone foutenpercentage 100 (253) Data 0000000000 CA Gegevens adresmarkering fouten 100 (253) Data 0000000000 F0 Hoofd vlieguren 000 (000) Data 0000001AE9 F1 Totaal aantal LBA's geschreven 000 (000) Data 0094FBA861 F2 Totaal aantal LBA's gelezen 000 (000) Data 000039C162 FE Vrije val bescherming 001 (001) Data 000000009D Temperatuur 31 °C Temperatuur omvang OK (minder dan 50 °C) Status Goed Partitie 0 Partitie ID Disk #0, Partition #0 Schijfletter C: Bestandssysteem NTFS Volume serienummer 04D40BB2 Grootte 39.1GB Gebruikte ruimte 18.9GB (49%) Vrije ruimte 20.3GB (51%) Partitie 1 Partitie ID Disk #0, Partition #1 Schijfletter D: Bestandssysteem NTFS Volume serienummer B4D60A19 Grootte 35.4GB Gebruikte ruimte 19.7GB (56%) Vrije ruimte 15.7GB (44%) Optische schijven SONY CDRWDVD CRX880A Media type CD-ROM Naam SONY CDRWDVD CRX880A Beschikbaarheid Werkend/Volle kracht Mogelijkheden Random toegang, Ondersteunt verwijderbare media Configuratiemanager error code Apparaat werkt correct Configuratiemanager gebruikersconfiguratie VALS Schijf E: Geladen media VALS SCSI bus 0 SCSI Logische eenheid 0 SCSI Poort 3 SCSI Target ID 0 Status OK Audio Geluidskaarten USB-audioapparaat SigmaTel High Definition Audio CODEC Afspeelapparatuur GN 4800 USB SigmaTel Audio Opname apparatuur GN 4800 USB SigmaTel Audio Speaker configuratie Speaker configuratie Speaker type Stereo Randapparatuur Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord Apparaat soort Keyboard Apparaat naam Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord Locatie Op toetsenbordpoort aangesloten Stuurprogramma Datum 7-1-2001 Versie 5.1.2600.2180 Bestand C:\WINNT\system32\DRIVERS\i8042prt.sys Bestand C:\WINNT\system32\DRIVERS\kbdclass.sys SMS Virtual Keyboard Apparaat soort Keyboard Apparaat naam SMS Virtual Keyboard Stuurprogramma Datum 11-23-2005 Versie 2.50.4136.2000 Bestand C:\WINNT\system32\DRIVERS\kbstuff5.sys PS/2-compatibele muis Apparaat soort Muis Apparaat naam PS/2-compatibele muis Locatie Aangesloten op de PS/2-muispoort Stuurprogramma Datum 7-1-2001 Versie 5.1.2600.0 Bestand C:\WINNT\system32\DRIVERS\i8042prt.sys Bestand C:\WINNT\system32\DRIVERS\mouclass.sys HID-compliant muis Apparaat soort Muis Apparaat naam HID-compliant muis Verkoper Onbekend Locatie Locatie 0 Stuurprogramma Datum 7-1-2001 Versie 5.1.2600.0 Bestand C:\WINNT\system32\DRIVERS\mouclass.sys Bestand C:\WINNT\system32\DRIVERS\mouhid.sys SMS Virtual Mouse Apparaat soort Muis Apparaat naam SMS Virtual Mouse Stuurprogramma Datum 11-23-2005 Versie 2.50.4136.2000 Bestand C:\WINNT\system32\DRIVERS\kbstuff5.sys Samsung ML-3470 Series Apparaat soort Printer Apparaat naam Samsung ML-3470 Series Locatie Ondersteuning voor USB-afdrukken Stuurprogramma Datum 7-4-2007 Versie 3.4.32.0 Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347P.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdu.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppp.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu2.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Po.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcm.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Plf.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pum.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pum.xml Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcm.ctd Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppp.ver Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.ini Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pua.bmp Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pub.bmp Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pul.bmp Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.bmp Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu1.bmp Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pio.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pn.dll Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pab.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcp.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pct.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcz.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdn.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdt.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pen.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfi.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfn.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pgr.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phb.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phu.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pit.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pkr.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pnr.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppo.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pru.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psp.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psw.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ptk.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pel.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppt.dat Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pab.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcp.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pct.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcz.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdn.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdt.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pen.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfi.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfn.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pgr.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phb.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phu.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pit.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pkr.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pnr.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppo.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pru.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psp.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psw.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ptk.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pel.chm Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppt.chm Bestand C:\WINNT\system32\SecSNMP.dll Bestand C:\WINNT\system32\ml347Pl3.dll Bestand C:\WINNT\system32\ml347Pl3.smt Bestand C:\WINNT\system32\ml347Pci.dll Bestand C:\WINNT\system32\ml347Pci.exe Bestand C:\WINNT\System32\spool\PRTPROCS\W32X86\ml347Ppc.dll USB-audioapparaat Apparaat soort Audio apparaat Apparaat naam USB-audioapparaat Verkoper Onbekend Locatie GN 4800 USB (Locatie 0) Stuurprogramma Datum 7-1-2001 Versie 5.1.2535.0 Bestand C:\WINNT\system32\drivers\USBAUDIO.sys Bestand C:\WINNT\system32\drivers\drmk.sys Bestand C:\WINNT\system32\drivers\portcls.sys Bestand C:\WINNT\system32\drivers\stream.sys Bestand C:\WINNT\system32\wdmaud.drv Bestand C:\WINNT\system32\ksuser.dll Schijfstation Apparaat soort USB opslag Apparaat naam Schijfstation Opmerking USB Device Locatie Locatie 0 Stuurprogramma Datum 7-1-2001 Versie 5.1.2535.0 Bestand C:\WINNT\system32\DRIVERS\disk.sys Printers \\fngsvfps01\Danka B13 a Gedeelde naam DankaB13 Printer poort IP_10.11.13.20 Print processor WinPrint Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 600 * 600 dpi Zwart-wit Status Onbekend Driver Driver naam infotec IS 2145 PCL 6 (v3.010) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\INF634K.DLL Adobe PDF Printer poort Mijn documenten\*.pdf Print processor WinPrint Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 1200 * 1200 dpi Kleur Status Onbekend Driver Driver naam Adobe PDF Converter (v6.00) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL Brother HL-3040CN series Printer poort IP_10.10.15.48 Print processor WinPrint Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 600 * 600 dpi Kleur Status Onbekend Driver Driver naam Brother HL-3040CN series (v1.05) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\BROCH08A.DLL Canon iP100 draagbare printer Printer poort USB001 Print processor Canon iP100 series Print Processor Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 4294967293 dpi Kleur Status Onbekend Driver Driver naam Canon iP100 series (v12.04) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\CNMDR8F.DLL Canon iP4300 Printer poort USB004 Print processor Canon iP4300 Print Processor Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 4294967293 dpi Kleur Status Onbekend Driver Driver naam Canon iP4300 (v12.02) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\CNMDR86.DLL Microsoft Office Document Image Writer Printer poort Microsoft Document Imaging Writer Port: Print processor ModiPrint Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 200 * 200 dpi Zwart-wit Status Onbekend Driver Driver naam Microsoft Office Document Image Writer Driver (v4.00) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\mdigraph.dll Microsoft XPS Document Writer Printer poort XPSPort: Print processor WinPrint Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 600 * 600 dpi Kleur Status Onbekend Driver Driver naam Microsoft XPS Document Writer (v6.00) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll Samsung ML-3470 AI (10.11.13.95) Printer poort IP_10.11.13.31 Print processor WinPrint Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 600 * 600 dpi Zwart-wit Status Onbekend Driver Driver naam Samsung ML-3470 Series PS (v6.00) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL Samsung ML-3470 PDB (Standaardprinter ) Printer poort USB002 Print processor ml347PPC Beschikbaarheid Altijd Prioriteit 1 Dubbelzijdig Geen Print kwaliteit 600 * 600 dpi Kleur Status Onbekend Driver Driver naam Samsung ML-3470 Series (v4.00) Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\ml347P.dll Netwerk U bent niet verbonden met het internet Computer naam NetBIOS naam G176L3J DNS naam G176L3J.finbel.intra Domeinnaam Remote desktop Console Staat Actief Domein FINBEL WinInet info LAN-verbinding Het lokale systeem maakt gebruik van een local area network (LAN) om verbinding te maken met het internet Het lokale systeem heeft RAS om verbinding te maken met het internet Wi-Fi info U gebruikt de oorspronkelijke Wi-Fi API versie 1 Aantal beschikbare access points 1 Wi-Fi () SSID Naam Signaal sterkte/kwaliteit 60 Beveiliging Uitgeschakeld Staat De interface is niet verbonden met een netwerk Dot11 type Onafhankelijk BSS (IBSS) netwerk Netwerk Aansluitbaar Netwerk Flags Er is een profiel voor dit netwerk Een cijfer coderingssysteem moet worden gebruikt om te verbinden met dit netwerk Geen versleutelingssysteem ingeschakeld / ondersteund Standaard authenticatie wordt gebruikt om voor de eerste keer met dit netwerk te verbinden IEEE 8020.11 Open System authenticatie versleuteling WinHTTPInfo WinHTTPSessionProxyType Geen proxt Session Proxy Session Proxy omzeiling Aansluitpogingen 5 Aansluit time-out 60000 HTTP versie HTTP 1.1 Maximale connecties per 1.0 servers ONEINDIG Maximale connecties per servers ONEINDIG Maximale HTTP automatische doorverwijzingen 10 Maximale HTTP status verdergaan 10 Verzend time-out 30000 IEProxy automatische detectie Ja IEProxy automatische configuratie http://intranet/proxy.pac IEProxy IEProxy omzeiling Standaard proxy configuratie toegang type Geen proxt Standaard configuratie proxy Standaard configuratie proxy omzeiling Adapterlijst Juniper Network Connect Virtual Adapter - Pakketplanner-minipoort IP adres 0.0.0.0 Subnet mask 0.0.0.0 Bluetooth Personal Area Network - Pakketplanner-minipoort IP adres 0.0.0.0 Subnet mask 0.0.0.0 Dell draadloze 1390 WLAN Mini-kaart - Pakketplanner-minipoort IP adres 0.0.0.0 Subnet mask 0.0.0.0 Broadcom NetXtreme 57xx Gigabit Controller - Pakketplanner-minipoort IP adres 10.11.13.57 Subnet mask 255.255.255.0 Gateway server 10.11.13.1 Netwerk delen No network shares

Laptop bevriest...

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Hallo, hier ben ik terug. De topic was nog niet afgesloten, maar na het uitvoeren van alle hogervermelde stappen, blijft de laptop tergend traag. Klikken op mappen, bestanden, browsers, .... Het duurt makkelijk 5 tot 10 seconden eer de laptop reageert. soms gaat het wel vlot; soms bevriest de laptop midden in een actie. Precies of de laptop het gevraagde niet meer kan verwerken. Deze toestand is echt niet meer werkbaar; frustraties:thumpdown: alom. Kunnen jullie nog eens depanneren ?

Laptop bevriest...

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

hierbij het logje: ComboFix 11-12-20.04 - pgadebac 20/12/2011 18:05:36.11.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2214 [GMT 1:00] Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))) . . 2011-12-20 08:31 . 2011-12-20 08:31 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits 2011-12-19 15:09 . 2011-12-20 14:56 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend 2011-12-16 07:37 . 2011-12-16 07:37 -------- d-----w- d:\documents and settings\All Users\Application Data\A-PDF 2011-12-16 07:37 . 2011-12-16 10:58 -------- d-----w- c:\program files\A-PDF To Excel 2011-12-15 10:50 . 2011-12-15 10:50 -------- d-----w- c:\program files\Speccy 2011-12-03 09:21 . 2011-12-03 09:21 -------- d-----w- c:\program files\ToniArts 2011-12-03 09:08 . 2011-12-03 09:08 -------- d-----w- d:\documents and settings\pgadebac\Application Data\JAM Software 2011-12-03 09:07 . 2011-12-03 09:07 -------- d-----w- c:\program files\JAM Software 2011-12-02 14:22 . 2011-12-02 14:22 -------- d-----w- d:\documents and settings\pgadebac\Application Data\f-secure 2011-12-02 13:50 . 2009-06-30 09:37 28552 ----a-w- c:\winnt\system32\drivers\pavboot.sys 2011-12-02 13:43 . 2011-12-02 13:43 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Sun 2011-12-02 13:31 . 2011-12-18 09:45 -------- d-----w- d:\documents and settings\pgadebac\Application Data\QuickScan 2011-11-22 09:37 . 2011-11-22 09:58 -------- d-----w- d:\documents and settings\All Users\Application Data\JetFlash220x 2011-11-22 08:31 . 2011-11-22 09:35 -------- d-----w- d:\documents and settings\pgadebac\ARIS71 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-02 13:41 . 2008-10-01 18:03 128000 ----a-w- c:\winnt\system32\javacpl.cpl 2011-12-02 13:41 . 2011-05-11 13:11 544656 ----a-w- c:\winnt\system32\deployJava1.dll 2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-12-19_17.58.21 ))))))))))))))))))))))))))))))))))))))))) . + 2011-12-20 16:52 . 2011-12-20 16:52 16384 c:\winnt\Temp\Perflib_Perfdata_138.dat + 2011-10-04 09:02 . 2011-12-20 14:15 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2011-10-04 09:02 . 2011-12-19 14:35 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2011-10-04 09:02 . 2011-12-20 14:15 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2011-10-04 09:02 . 2011-12-19 14:35 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2011-10-04 09:02 . 2011-12-19 14:35 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2011-10-04 09:02 . 2011-12-20 14:15 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2011-08-16 08:55 . 2011-12-19 14:35 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2011-08-16 08:55 . 2011-12-20 14:15 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2011-10-04 09:02 . 2011-12-19 14:35 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2011-10-04 09:02 . 2011-12-20 14:15 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2011-08-16 08:55 . 2011-12-19 14:35 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2011-08-16 08:55 . 2011-12-20 14:15 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2011-10-04 09:02 . 2011-12-20 14:15 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2011-10-04 09:02 . 2011-12-19 14:35 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2011-08-16 08:55 . 2011-12-20 14:15 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2011-08-16 08:55 . 2011-12-19 14:35 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2011-08-16 08:55 . 2011-12-20 14:15 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2011-08-16 08:55 . 2011-12-19 14:35 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2011-08-16 08:55 . 2011-12-19 14:35 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2011-08-16 08:55 . 2011-12-20 14:15 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2011-10-04 09:02 . 2011-12-20 14:15 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2011-10-04 09:02 . 2011-12-19 14:35 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2011-08-16 08:55 . 2011-12-19 14:35 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe + 2011-08-16 08:55 . 2011-12-20 14:15 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2011-08-16 08:55 . 2011-12-19 14:35 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2011-08-16 08:55 . 2011-12-20 14:15 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912] . d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\ Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952] . d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0] "Script"=deontologieLaunch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk] backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] backup=c:\winnt\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan] 2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807] 2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON] 2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE] 2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"= "c:\\WINNT\\system32\\mmc.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2/12/2011 14:50 28552] R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696] R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048] R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656] R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016] R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096] R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216] S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?] S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536] S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152] S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152] S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152] S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840] S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-12-20 c:\winnt\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47] . 2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-12-05 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . 2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://intranet/index.php?page=&langue=nl uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: { - c:\program files\Messenger\msmsgs.exe Trusted Zone: intranet TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be FF - prefs.js: network.proxy.http - http://intranet/proxy.pac FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.type - 2 FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-20 18:22 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1288) c:\winnt\system32\Ati2evxx.dll c:\winnt\system32\pcsinst.dll . - - - - - - - > 'explorer.exe'(1888) c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\winnt\system32\webcheck.dll c:\winnt\system32\WPDShServiceObj.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll . Voltooingstijd: 2011-12-20 18:28:49 ComboFix-quarantined-files.txt 2011-12-20 17:28 ComboFix2.txt 2011-12-19 18:04 . Pre-Run: 21.031.587.840 bytes beschikbaar Post-Run: 21.008.269.312 bytes beschikbaar . - - End Of File - - 326AF83DE09AE1E6DA81DE873DA49D11

Laptop bevriest...

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

hierbij het logje : ComboFix 11-12-19.01 - pgadebac 19/12/2011 18:43:12.10.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2212 [GMT 1:00] Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-19 to 2011-12-19 )))))))))))))))))))))))))))))) . . 2011-12-19 15:09 . 2011-12-19 17:28 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend 2011-12-19 08:24 . 2011-12-19 08:24 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits 2011-12-16 07:37 . 2011-12-16 07:37 -------- d-----w- d:\documents and settings\All Users\Application Data\A-PDF 2011-12-16 07:37 . 2011-12-16 10:58 -------- d-----w- c:\program files\A-PDF To Excel 2011-12-15 10:50 . 2011-12-15 10:50 -------- d-----w- c:\program files\Speccy 2011-12-03 09:21 . 2011-12-03 09:21 -------- d-----w- c:\program files\ToniArts 2011-12-03 09:08 . 2011-12-03 09:08 -------- d-----w- d:\documents and settings\pgadebac\Application Data\JAM Software 2011-12-03 09:07 . 2011-12-03 09:07 -------- d-----w- c:\program files\JAM Software 2011-12-02 14:22 . 2011-12-02 14:22 -------- d-----w- d:\documents and settings\pgadebac\Application Data\f-secure 2011-12-02 13:50 . 2009-06-30 09:37 28552 ----a-w- c:\winnt\system32\drivers\pavboot.sys 2011-12-02 13:43 . 2011-12-02 13:43 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Sun 2011-12-02 13:31 . 2011-12-18 09:45 -------- d-----w- d:\documents and settings\pgadebac\Application Data\QuickScan 2011-11-22 09:37 . 2011-11-22 09:58 -------- d-----w- d:\documents and settings\All Users\Application Data\JetFlash220x 2011-11-22 08:31 . 2011-11-22 09:35 -------- d-----w- d:\documents and settings\pgadebac\ARIS71 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-12-02 13:41 . 2008-10-01 18:03 128000 ----a-w- c:\winnt\system32\javacpl.cpl 2011-12-02 13:41 . 2011-05-11 13:11 544656 ----a-w- c:\winnt\system32\deployJava1.dll 2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136] "Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912] . d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\ Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952] . d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0] "Script"=deontologieLaunch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk] backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] backup=c:\winnt\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan] 2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807] 2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON] 2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE] 2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"= "c:\\WINNT\\system32\\mmc.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2/12/2011 14:50 28552] R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696] R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048] R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656] R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016] R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096] R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216] S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?] S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536] S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152] S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152] S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152] S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840] S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-12-19 c:\winnt\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47] . 2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-12-05 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-12-16 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . 2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://intranet/index.php?page=&langue=nl uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: { - c:\program files\Messenger\msmsgs.exe Trusted Zone: intranet TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be FF - prefs.js: network.proxy.http - http://intranet/proxy.pac FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.type - 2 FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-12-19 18:58 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1476) c:\winnt\system32\Ati2evxx.dll c:\winnt\system32\pcsinst.dll . - - - - - - - > 'explorer.exe'(3548) c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\winnt\system32\webcheck.dll c:\winnt\system32\WPDShServiceObj.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll . Voltooingstijd: 2011-12-19 19:04:30 ComboFix-quarantined-files.txt 2011-12-19 18:04 . Pre-Run: 20.756.639.744 bytes beschikbaar Post-Run: 20.731.359.232 bytes beschikbaar . - - End Of File - - 5E4FA89FEC0AE1F3B5B4E2CB57831579

Laptop bevriest...

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Heb niet de indruk dat er veel verbetering is ..... By the way, na (meermaals) uitvoeren van Fix Checked op O18 - Protocol: schmap-help - (no CLSID) - (no file) blijft deze regel toch opduiken in het logje. Wanneer ik Bitdefender Quik Scan run (via Extensie in Google Chrome) krijg ik een waarschuwing dat de PC geïnfecteerd is, maar MBAM vindt blijkbaar niets ! QuickScan 32-bit v0.9.9.100 --------------------------- Datum van de analyse: Sun Dec 18 10:45:07 2011 ID van de machine: 4D40BB2 er is 1 geïnfecteerd bestand gedetecteerd! ------------------------------------------ C:\WINNT\system32\loglogon.exe --> Trojan.Generic.4980699 --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Logon"

Laptop bevriest...

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

hierbij de logjes: 1- MBaM Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Databaseversie: 8384 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 17/12/2011 9:58:07 mbam-log-2011-12-17 (09-58-07).txt Scantype: Snelle scan Objecten gescand: 288587 Verstreken tijd: 9 minuut/minuten, 23 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 0 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 0 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) 2- HiJackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:00:59, on 17/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\Drivers\trcboot.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\IBM\Lotus\Notes\nsd.exe C:\Program Files\IBM\Lotus\Notes\nslsvice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\mfevtps.exe C:\Program Files\IBM\Lotus\Notes\ntmulti.exe C:\WINNT\System32\srvany.exe C:\WINNT\system32\mvaservice.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINNT\system32\CCM\CcmExec.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\WINNT\system32\Drivers\ldlcserv.exe C:\WINNT\system32\Drivers\ldlcserv6.exe C:\WINNT\stsystra.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Connected\CBSysTray.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\IBM\Lotus\Notes\nsd.exe C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE C:\Program Files\IBM\Lotus\Notes\NCDaemon.exe C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user') O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.intranet O15 - Trusted IP range: http://192.168.2.1 O15 - ESC Trusted IP range: http://192.168.2.1 O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: schmap-help - (no CLSID) - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 13643 bytes

Laptop bevriest...

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Hallo, hierbij Speccy-link: http://speccy.piriform.com/results/ZB7TW3PwSa0mMt2ts87zCVf logje HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:49:23, on 15/12/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\Drivers\trcboot.exe C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Juniper Networks\Common Files\dsNcService.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\IBM\Lotus\Notes\nsd.exe C:\Program Files\IBM\Lotus\Notes\nslsvice.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINNT\system32\mfevtps.exe C:\Program Files\IBM\Lotus\Notes\ntmulti.exe C:\WINNT\System32\srvany.exe C:\WINNT\system32\mvaservice.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe C:\WINNT\system32\CCM\CcmExec.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\WINNT\system32\Drivers\ldlcserv.exe C:\WINNT\system32\Drivers\ldlcserv6.exe C:\WINNT\stsystra.exe C:\Program Files\Dell\QuickSet\Quickset.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINNT\system32\ctfmon.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Connected\CBSysTray.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\IBM\Lotus\Notes\nsd.exe C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE C:\Program Files\IBM\Lotus\Notes\NCDaemon.exe C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office12\EXCEL.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe O4 - HKLM\..\Run: [Logon] C:\WINNT\system32\loglogon.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user') O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ? O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://*.intranet O15 - Trusted IP range: http://192.168.2.1 O15 - ESC Trusted IP range: http://192.168.2.1 O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: schmap-help - (no CLSID) - (no file) O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 13639 bytes

Laptop bevriest...

paddepoel plaatste een topic in Archief Windows Algemeen

Hallo, hier ben ik terug. Ik heb recent weer nogal wat problemen. Het toestel 'bevriest' gemakkelijk 10 tot 15 seconden tijdens het werken. Dit kan bvb. gebeuren bij het openen van een Word-bestand, openen tabblad browser, .... Een volledig scan met Malwarebytes levert niets op. McAfee heeft Generic.dx!bb3r gedetecteerd en in quarantaine geplaatst.

trage laptop

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Heb de indruk dat het toestel vlotter draait.

trage laptop

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Sorry voor het wel heel laattijdige antwoord. Hierbij het logje: ComboFix 11-11-14.03 - pgadebac 15/11/2011 7:50.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2329 [GMT 1:00] Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Nieuw herstelpunt werd aangemaakt * Aanwezig AV is actief . . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\winnt\system32\PowerToyReadme.htm d:\documents and settings\All Users\Application Data\TEMP . . (((((((((((((((((((( Bestanden Gemaakt van 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))) . . 2011-11-14 14:54 . 2011-11-15 06:45 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend 2011-11-14 14:26 . 2011-11-14 14:26 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits 2011-10-28 13:08 . 2011-04-12 20:41 406896 ----a-w- c:\winnt\system32\dsNcSmartCardProv.dll 2011-10-28 13:08 . 2011-04-12 20:41 361840 ----a-w- c:\winnt\system32\dsNcCredProv.dll 2011-10-24 13:46 . 2011-10-24 13:46 -------- d-----w- d:\documents and settings\pgadebac\Application Data\Foxit Software 2011-10-21 07:24 . 2010-06-19 06:30 14848 ----a-w- c:\winnt\system32\drivers\InputFilter_FlexDef2b.sys 2011-10-21 07:23 . 2011-10-21 07:24 -------- d-----w- c:\program files\SilverCrest OMC807 Driver 2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software 2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-14 14:55 . 2009-02-08 14:16 41272 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys 2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-03 04:06 . 2011-05-11 13:11 472808 ----a-w- c:\winnt\system32\deployJava1.dll 2011-10-03 01:37 . 2008-10-01 18:03 73728 ----a-w- c:\winnt\system32\javacpl.cpl 2011-08-31 16:00 . 2009-02-08 14:16 22216 ----a-w- c:\winnt\system32\drivers\mbam.sys 2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-21_06.06.48 ))))))))))))))))))))))))))))))))))))))))) . + 2011-11-15 06:22 . 2011-11-15 06:22 16384 c:\winnt\Temp\Perflib_Perfdata_72c.dat - 2004-08-04 12:00 . 2011-08-27 11:18 87088 c:\winnt\system32\perfc009.dat + 2004-08-04 12:00 . 2011-11-15 06:26 87088 c:\winnt\system32\perfc009.dat + 2011-04-12 20:10 . 2011-04-12 20:10 26624 c:\winnt\system32\drivers\dsNcAdpt.sys - 2009-03-27 02:41 . 2010-02-19 00:07 26624 c:\winnt\system32\drivers\dsNcAdpt.sys + 2011-10-04 09:02 . 2011-11-14 14:49 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2011-10-04 09:02 . 2011-10-20 11:03 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2011-10-04 09:02 . 2011-10-20 11:02 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2011-10-04 09:02 . 2011-11-14 14:49 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2011-10-04 09:02 . 2011-11-14 14:49 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2011-10-04 09:02 . 2011-10-20 11:03 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2011-08-16 08:55 . 2011-11-14 14:49 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2011-08-16 08:55 . 2011-10-20 11:02 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2011-10-04 09:02 . 2011-11-14 14:49 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2011-10-04 09:02 . 2011-10-20 11:02 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2011-08-16 08:55 . 2011-11-14 14:49 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2011-08-16 08:55 . 2011-10-20 11:02 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2011-10-04 09:02 . 2011-10-20 11:03 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2011-10-04 09:02 . 2011-11-14 14:49 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2004-08-04 12:00 . 2011-11-15 06:26 554110 c:\winnt\system32\perfh013.dat - 2004-08-04 12:00 . 2011-08-27 11:18 554110 c:\winnt\system32\perfh013.dat - 2004-08-04 12:00 . 2011-08-27 11:18 480484 c:\winnt\system32\perfh009.dat + 2004-08-04 12:00 . 2011-11-15 06:26 480484 c:\winnt\system32\perfh009.dat + 2004-08-04 12:00 . 2011-11-15 06:26 111184 c:\winnt\system32\perfc013.dat - 2004-08-04 12:00 . 2011-08-27 11:18 111184 c:\winnt\system32\perfc013.dat + 2011-11-07 07:10 . 2011-10-03 04:06 157472 c:\winnt\system32\javaws.exe - 2011-05-11 13:11 . 2011-05-11 13:11 157472 c:\winnt\system32\javaws.exe + 2011-11-07 07:10 . 2011-10-03 04:06 145184 c:\winnt\system32\javaw.exe - 2011-05-11 13:11 . 2011-05-11 13:11 145184 c:\winnt\system32\javaw.exe - 2011-05-11 13:11 . 2011-05-11 13:11 145184 c:\winnt\system32\java.exe + 2011-11-07 07:10 . 2011-10-03 04:06 145184 c:\winnt\system32\java.exe + 2011-11-07 07:12 . 2011-11-07 07:12 203776 c:\winnt\Installer\55a63.msi - 2011-08-16 08:55 . 2011-10-20 11:02 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2011-08-16 08:55 . 2011-11-14 14:49 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2011-08-16 08:55 . 2011-10-20 11:02 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2011-08-16 08:55 . 2011-11-14 14:49 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2011-08-16 08:55 . 2011-10-20 11:02 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2011-08-16 08:55 . 2011-11-14 14:49 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2011-10-04 09:02 . 2011-10-20 11:03 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2011-10-04 09:02 . 2011-11-14 14:49 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2011-08-16 08:55 . 2011-10-20 11:02 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe + 2011-08-16 08:55 . 2011-11-14 14:49 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2011-08-16 08:55 . 2011-10-20 11:02 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2011-08-16 08:55 . 2011-11-14 14:49 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912] . d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\ Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952] . d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214] Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0] "Script"=deontologieLaunch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk] backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] backup=c:\winnt\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan] 2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807] 2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON] 2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE] 2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"= "c:\\WINNT\\system32\\mmc.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696] R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048] R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656] R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016] R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096] R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216] S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?] S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536] S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664] S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152] S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152] S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152] S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840] S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-11-15 c:\winnt\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47] . 2011-11-15 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-11-15 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-11-10 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . 2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://intranet/index.php?page=&langue=nl uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: { - c:\program files\Messenger\msmsgs.exe Trusted Zone: intranet TCP: DhcpNameServer = 192.168.2.1 DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be FF - prefs.js: network.proxy.http - http://intranet/proxy.pac FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.type - 2 FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-11-15 07:58 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1288) c:\winnt\system32\Ati2evxx.dll c:\winnt\system32\pcsinst.dll . Voltooingstijd: 2011-11-15 08:01:03 ComboFix-quarantined-files.txt 2011-11-15 07:00 ComboFix2.txt 2011-10-24 16:53 ComboFix3.txt 2011-10-21 06:09 . Pre-Run: 19.404.394.496 bytes beschikbaar Post-Run: 19.380.170.752 bytes beschikbaar . - - End Of File - - 499170EFC5625BD9A790532E78EE7F02

trage laptop

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Ik heb exact gedaan zoals gevraagd. Zie bestandje in bijlage. Ik probeer nog eens. CFScript.txt

trage laptop

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Hallo, de map adm_1sd21 is een map die wordt aangemaakt wanneer de helpdesk een probleem tracht op te lossen. Ze lijkt mij dus niet echt abnormaal. Hierbij het logje van Combofix : ComboFix 11-10-24.02 - pgadebac 24/10/2011 18:41:11.8.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2299 [GMT 2:00] Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-24 to 2011-10-24 )))))))))))))))))))))))))))))) . . 2011-10-24 13:46 . 2011-10-24 13:46 -------- d-----w- d:\documents and settings\pgadebac\Application Data\Foxit Software 2011-10-21 07:24 . 2010-06-19 06:30 14848 ----a-w- c:\winnt\system32\drivers\InputFilter_FlexDef2b.sys 2011-10-21 07:23 . 2011-10-21 07:24 -------- d-----w- c:\program files\SilverCrest OMC807 Driver 2011-10-21 05:51 . 2011-10-24 16:40 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend 2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software 2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks 2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-04 13:16 . 2011-10-04 13:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Brother 2011-10-04 13:09 . 2010-05-10 08:45 103736 ----a-w- c:\winnt\system32\BRRBTOOL.EXE 2011-10-04 13:09 . 2005-01-17 07:10 45056 ----a-w- c:\winnt\system32\BRTCPCON.DLL 2011-10-04 13:09 . 2006-12-21 02:23 176128 ----a-w- c:\winnt\system32\BROSNMP.DLL 2011-10-04 13:09 . 2004-08-09 06:42 77824 ----a-w- c:\winnt\system32\BRLMW03A.DLL 2011-10-04 13:09 . 2010-04-02 05:33 25299 ----a-w- c:\winnt\system32\BRLM03A.DLL 2011-09-26 11:34 . 2011-09-26 11:34 -------- d-----w- d:\documents and settings\debacker\Application Data\McAfee 2011-09-26 10:03 . 2011-10-17 13:18 -------- d-----w- C:\Temp_Backup 2011-09-26 10:02 . 2011-09-26 10:03 -------- d-----w- d:\documents and settings\adm_1sd21 2011-09-26 08:37 . 2011-09-26 08:37 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE 2011-09-26 08:36 . 2011-09-26 08:36 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\IBM 2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\McAfee 2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\Stardock 2011-09-26 08:23 . 2011-09-26 08:23 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-10-21_06.06.48 ))))))))))))))))))))))))))))))))))))))))) . + 2011-10-21 09:27 . 2011-10-21 09:27 16384 c:\winnt\Temp\Perflib_Perfdata_790.dat + 2011-10-04 09:02 . 2011-10-24 13:26 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2011-10-04 09:02 . 2011-10-20 11:03 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2011-10-04 09:02 . 2011-10-24 13:26 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2011-10-04 09:02 . 2011-10-20 11:02 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2011-10-04 09:02 . 2011-10-20 11:03 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2011-10-04 09:02 . 2011-10-24 13:26 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2011-08-16 08:55 . 2011-10-20 11:02 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2011-08-16 08:55 . 2011-10-24 13:26 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2011-10-04 09:02 . 2011-10-20 11:02 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2011-10-04 09:02 . 2011-10-24 13:26 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2011-08-16 08:55 . 2011-10-20 11:02 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2011-08-16 08:55 . 2011-10-24 13:26 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2011-10-04 09:02 . 2011-10-24 13:26 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2011-10-04 09:02 . 2011-10-20 11:03 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2011-08-16 08:55 . 2011-10-24 13:26 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2011-08-16 08:55 . 2011-10-20 11:02 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2011-08-16 08:55 . 2011-10-24 13:26 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2011-08-16 08:55 . 2011-10-20 11:02 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2011-08-16 08:55 . 2011-10-20 11:02 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2011-08-16 08:55 . 2011-10-24 13:26 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2011-10-04 09:02 . 2011-10-24 13:26 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2011-10-04 09:02 . 2011-10-20 11:03 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2011-08-16 08:55 . 2011-10-20 11:02 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe + 2011-08-16 08:55 . 2011-10-24 13:26 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2011-08-16 08:55 . 2011-10-20 11:02 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2011-08-16 08:55 . 2011-10-24 13:26 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "Launch SilverCrest OMC807"="c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe" [2010-06-28 860160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912] . d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\ Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952] . d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214] Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0] "Script"=deontologieLaunch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk] backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] backup=c:\winnt\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan] 2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-06 17:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON] 2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE] 2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"= "c:\\WINNT\\system32\\mmc.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 18:37 691696] R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 9:54 14592] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 18:47 35692] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048] R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 16:13 70656] R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 9:12 6016] R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 21:11 4096] S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?] S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664] S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664] S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 20:55 33536] S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 15:32 37120] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664] S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 14:47 65152] S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 14:47 65152] S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 14:47 65152] S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 19:50 19840] S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 18:02 67240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-10-21 c:\winnt\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47] . 2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-10-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . 2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://intranet/index.php?page=&langue=nl mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: { - c:\program files\Messenger\msmsgs.exe Trusted Zone: intranet TCP: DhcpNameServer = 192.168.2.1 DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be FF - prefs.js: network.proxy.http - http://intranet/proxy.pac FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.type - 2 FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-24 18:50 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1364) c:\winnt\system32\Ati2evxx.dll c:\winnt\system32\pcsinst.dll c:\winnt\system32\beidcsp.dll c:\winnt\system32\beidCSPLib.dll c:\winnt\system32\beid35DlgsWin32.dll c:\winnt\system32\beid35common.dll c:\winnt\system32\beid35cardlayer.dll . - - - - - - - > 'explorer.exe'(1876) c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\winnt\system32\webcheck.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\winnt\system32\WPDShServiceObj.dll c:\program files\stardock\fences\DesktopDock.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll . Voltooingstijd: 2011-10-24 18:53:43 ComboFix-quarantined-files.txt 2011-10-24 16:53 ComboFix2.txt 2011-10-21 06:09 . Pre-Run: 19.373.723.648 bytes beschikbaar Post-Run: 19.349.856.256 bytes beschikbaar . - - End Of File - - E53FF81428BB22F73CD7FCAD2D77C8B5

trage laptop

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Ik heb ComboFix gedraaid. Hierbij het logje: ComboFix 11-10-20.08 - pgadebac 21/10/2011 7:58.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2216 [GMT 2:00] Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Aanwezig AV is actief . . . (((((((((((((((((((( Bestanden Gemaakt van 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))) . . 2011-10-21 05:51 . 2011-10-21 05:51 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend 2011-10-18 07:26 . 2011-10-18 07:26 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits 2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software 2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks 2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-04 13:16 . 2011-10-04 13:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Brother 2011-10-04 13:09 . 2010-05-10 08:45 103736 ----a-w- c:\winnt\system32\BRRBTOOL.EXE 2011-10-04 13:09 . 2005-01-17 07:10 45056 ----a-w- c:\winnt\system32\BRTCPCON.DLL 2011-10-04 13:09 . 2006-12-21 02:23 176128 ----a-w- c:\winnt\system32\BROSNMP.DLL 2011-10-04 13:09 . 2004-08-09 06:42 77824 ----a-w- c:\winnt\system32\BRLMW03A.DLL 2011-10-04 13:09 . 2010-04-02 05:33 25299 ----a-w- c:\winnt\system32\BRLM03A.DLL 2011-09-26 11:34 . 2011-09-26 11:34 -------- d-----w- d:\documents and settings\debacker\Application Data\McAfee 2011-09-26 10:03 . 2011-10-17 13:18 -------- d-----w- C:\Temp_Backup 2011-09-26 10:02 . 2011-09-26 10:03 -------- d-----w- d:\documents and settings\adm_1sd21 2011-09-26 08:37 . 2011-09-26 08:37 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE 2011-09-26 08:36 . 2011-09-26 08:36 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\IBM 2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\McAfee 2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\Stardock 2011-09-26 08:23 . 2011-09-26 08:23 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache 2011-09-23 18:01 . 2006-10-26 17:56 33104 ----a-w- c:\winnt\system32\Spool\prtprocs\w32x86\msonpppr.dll 2011-09-23 18:01 . 2006-10-26 17:56 32592 ----a-w- c:\winnt\system32\msonpmon.dll 2011-09-23 17:59 . 2011-09-23 17:59 -------- d-----w- c:\program files\Microsoft Works 2011-09-23 17:54 . 2011-09-23 17:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2011-09-23 17:52 . 2011-09-23 17:52 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Microsoft Help 2011-09-23 17:52 . 2011-10-18 11:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224] "Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936] "Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912] . d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\ Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952] . d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214] Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst] 2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0] "Script"=deontologieLaunch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0] "Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0] "Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk] backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk] backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup . [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk] backup=c:\winnt\pss\Windows Search.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid] 2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet] 2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan] 2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2011-07-06 17:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON] 2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE] 2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"= "c:\\WINNT\\system32\\mmc.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= . R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 18:37 691696] R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 9:54 14592] R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 18:47 35692] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048] R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 16:13 70656] R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 9:12 6016] R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 21:11 4096] S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?] S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664] S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664] S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?] S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 20:55 33536] S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 15:32 37120] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664] S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 14:47 65152] S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 14:47 65152] S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 14:47 65152] S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 19:50 19840] S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?] S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 18:02 67240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Inhoud van de 'Gedeelde Taken' map . 2011-10-21 c:\winnt\Tasks\GlaryInitialize.job - c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47] . 2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39] . 2011-10-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job - d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08] . 2011-10-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . 2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job - d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://intranet/index.php?page=&langue=nl mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200 IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: { - c:\program files\Messenger\msmsgs.exe Trusted Zone: intranet TCP: DhcpNameServer = 192.168.2.1 DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.be FF - prefs.js: network.proxy.http - http://intranet/proxy.pac FF - prefs.js: network.proxy.http_port - 80 FF - prefs.js: network.proxy.type - 2 FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.urlbar.autoFill - false FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 FF - user.js: browser.urlbar.hideGoButton - true . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe MSConfigStartUp-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2011-10-21 08:06 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*] "3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1364) c:\winnt\system32\Ati2evxx.dll c:\winnt\system32\pcsinst.dll . - - - - - - - > 'explorer.exe'(3392) c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\winnt\system32\webcheck.dll c:\winnt\system32\WPDShServiceObj.dll c:\winnt\system32\PortableDeviceTypes.dll c:\winnt\system32\PortableDeviceApi.dll c:\program files\Stardock\Fences\FencesMenu.dll c:\program files\stardock\fences\DesktopDock.dll . Voltooingstijd: 2011-10-21 08:09:39 ComboFix-quarantined-files.txt 2011-10-21 06:09 . Pre-Run: 19.438.383.104 bytes beschikbaar Post-Run: 19.509.719.040 bytes beschikbaar . - - End Of File - - 16C39F9DEBB8DFADC3B8DF6E2B8C34BC

trage laptop

paddepoel reageerde op paddepoel's topic in Archief Windows Algemeen

Ik heb dus een map onder:\Documents and Settings\pgadebac\Application Data\Schmap, maar niet onder Program files (de program files staan trouwens onder C: en niet D:). Mag ik de map onder Application Data gewoon wissen ? Nadien draai ik dan wel Combofix.

Inloggen

Profielen

Forums

Store

Alles dat geplaatst werd door paddepoel

OVER ONS

SITEMAP

Belangrijke informatie