paddepoel

Hallo,

de laptop wordt nogal traag. Vooral het opstarten neemt nogal wat tijd in beslag.

Een snelle scan met MalwareBytes heeft niets opgeleverd.

Hierbij een HijackThis logje:

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 10:04:30, on 24/08/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16660)

CHROME: 28.0.1500.95

Boot mode: Normal

Running processes:

C:\Windows\PLFSetI.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe

C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Users\Nele\Desktop\onderhoud PC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [F-Secure Hoster (44163)] "C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe" -app -hosterid:1

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"

O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"

O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107

O17 - HKLM\System\CCS\Services\Tcpip\..\{7B1D8BE1-18A3-40BC-8D0B-D94E936B151C}: NameServer = 81.169.60.107 81.169.60.107

O17 - HKLM\System\CS1\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107

O17 - HKLM\System\CS2\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (file missing)

O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Reputation\fsorsp.exe

O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13108 bytes

De foutmelding is inderdaad verdwenen. Moet ComboFix nu niet worden verwijderd ?

Heb Combofix herstart in veilige modus en nadien ook hijackThis gerund. Hierbij de logjes:

ComboFix 13-01-27.03 - pgadebac 27/01/2013 10:27:21.2.4 - x86 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3055.1783 [GMT 1:00]

Gestart vanuit: c:\users\pgadebac\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\pgadebac\Desktop\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_mvaservice

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-27 to 2013-01-27 ))))))))))))))))))))))))))))))

.

.

2013-01-27 09:32 . 2013-01-27 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-27 09:32 . 2013-01-27 09:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-01-27 08:25 . 2013-01-27 08:26 -------- d-----w- c:\program files\Common Files\Adobe

2013-01-27 06:54 . 2013-01-27 06:54 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\offreg.dll

2013-01-26 14:31 . 2013-01-26 14:31 -------- d-----w- c:\users\pgadebac\AppData\Roaming\smkits

2013-01-20 11:59 . 2013-01-27 09:34 -------- d-----w- c:\users\pgadebac\AppData\Local\temp

2013-01-19 12:39 . 2013-01-19 12:39 -------- d-----w- c:\program files\ESET

2013-01-19 12:17 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\mpengine.dll

2013-01-19 12:17 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2013-01-18 14:16 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-18 14:15 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs

2013-01-12 09:54 . 2013-01-12 09:54 -------- d-----w- c:\users\pgadebac\AppData\Local\Programs

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-15 16:34 . 2012-09-23 16:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-15 16:34 . 2012-07-03 07:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-19 08:48 . 2012-07-09 07:28 5995172 ----a-w- c:\windows\FramePkg.exe

2012-12-14 15:49 . 2012-07-07 06:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-17 12:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-11-17 12:55 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-11-14 12:16 . 2012-11-14 12:16 4608 ----a-w- c:\windows\system32\w95inf32.dll

2012-11-14 12:16 . 2012-11-14 12:16 2272 ----a-w- c:\windows\system32\w95inf16.dll

2012-03-13 04:38 . 2012-07-03 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Copernic Desktop Search - Corporate"="c:\program files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2010-09-07 1743320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-26 13830760]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"LogonV2"="c:\mva-tools\loglogonV2.exe" [2013-01-07 310779]

"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]

"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416]

"LaCie Safe Manager Startup"="c:\program files\LaCie\Safe Manager\LSMDaemon.exe" [2010-04-02 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= -

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=\\finbel\findata\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey]

2011-06-26 19:57 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]

2012-10-30 10:20 1315400 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]

2012-10-19 22:02 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-07-05 13:43 116648 ----atw- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 18:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Safe Manager Startup]

2010-04-02 14:27 45568 ----a-w- c:\program files\LaCie\Safe Manager\LSMDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]

2011-06-14 16:39 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

.

R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x]

R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x]

R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]

R3 Sb2.Printer;Sb2.Printer;c:\program files\Sb2\Sb2.Printer.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 UacCtl2;GN Netcom Control Driver;c:\windows\system32\DRIVERS\uacctl2.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]

S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x]

S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x]

S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]

S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x]

S2 LNSUSvc;Lotus Notes Smart Upgrade-service;c:\program files\IBM\Lotus\Notes\SUService.exe [x]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostische Service;c:\program files\IBM\Lotus\Notes\nsd.exe [x]

S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]

S2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [x]

S2 VmbService;Vodafone Mobile Broadband-service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 16:34]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet

mStart Page = hxxp://intranet

TCP: DhcpNameServer = 195.130.130.130 195.130.131.130

TCP: Interfaces\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11

DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab

FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.type - 4

FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(5016)

c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

c:\program files\Copernic Desktop Search - Corporate\DeskbandIntegration304000026.dll

c:\program files\Copernic Desktop Search - Corporate\SearchPlatform-s.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Juniper Networks\Common Files\dsNcService.exe

c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\IBM\Lotus\Notes\ntmulti.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\conhost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\windows\system32\CCM\CcmExec.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\program files\Teamviewer\Version7\TeamViewer.exe

c:\windows\system32\conhost.exe

c:\program files\Teamviewer\Version7\tv_w32.exe

c:\windows\system32\msiexec.exe

c:\windows\System32\vds.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

c:\program files\Philips Display\SmartControl\DTHtml.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe

c:\program files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe

c:\program files\Portrait Displays\Pivot Pro Plugin\floater.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\wbem\WmiApSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2013-01-27 10:38:07 - machine werd herstart

ComboFix-quarantined-files.txt 2013-01-27 09:38

ComboFix2.txt 2013-01-20 12:08

.

Pre-Run: 149.251.698.688 bytes beschikbaar

Post-Run: 149.046.054.912 bytes beschikbaar

.

- - End Of File - - F5222B3AE20659D0872BA643700ADA3C

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:41:35, on 27/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Teamviewer\Version7\TeamViewer.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\Philips Display\SmartControl\DTHtml.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\LaCie\Safe Manager\LSMDaemon.exe

C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe

C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\Documents\onderhoud PC\HijackThis.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910080500.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [LogonV2] C:\MVA-Tools\loglogonV2.exe

O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10

O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [LaCie Safe Manager Startup] "C:\Program Files\LaCie\Safe Manager\LSMDaemon.exe"

O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} (ALM Platfrom Loader v11) - http://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.minfin.be/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: AgentService - Autonomy Corporation plc - c:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe

O23 - Service: Lotus Notes Smart Upgrade-service (LNSUSvc) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\SUService.exe

O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: Sb2.Printer - Sb2 - C:\Program Files\Sb2\Sb2.Printer.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe

O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--

End of file - 11334 bytes

- - - Updated - - -

Ik heb de indruk dat de portable vlotter draait. Wanneer ik op de McAfee > Info klik, heb ik volgende pop-up:

Hierbij het ComboFix logje:

Wanneer ik HijackThis wil opstarten krijg ik volgende foutmelding:

ComboFix 13-01-17.04 - pgadebac 20/01/2013 12:55:49.1.4 - x86 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3055.1841 [GMT 1:00]

Gestart vanuit: c:\users\pgadebac\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

C:\install.exe

c:\programdata\SEC7351.tmp

c:\windows\system32\ReadMe.txt

c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll

c:\windows\system32\ZoomIt.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_mvaservice

-------\Service_uvnc_service

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-12-20 to 2013-01-20 ))))))))))))))))))))))))))))))

.

.

2013-01-20 11:59 . 2013-01-20 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-20 11:59 . 2013-01-20 11:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-01-19 12:39 . 2013-01-19 12:39 -------- d-----w- c:\program files\ESET

2013-01-19 12:17 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\mpengine.dll

2013-01-19 12:17 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe

2013-01-18 14:16 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-01-18 14:15 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs

2013-01-12 09:54 . 2013-01-12 09:54 -------- d-----w- c:\users\pgadebac\AppData\Local\Programs

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-15 16:34 . 2012-09-23 16:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-01-15 16:34 . 2012-07-03 07:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-19 08:48 . 2012-07-09 07:28 5995172 ----a-w- c:\windows\FramePkg.exe

2012-12-14 15:49 . 2012-07-07 06:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-17 12:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2012-11-17 12:55 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-11-14 12:16 . 2012-11-14 12:16 4608 ----a-w- c:\windows\system32\w95inf32.dll

2012-11-14 12:16 . 2012-11-14 12:16 2272 ----a-w- c:\windows\system32\w95inf16.dll

2012-03-13 04:38 . 2012-07-03 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Copernic Desktop Search - Corporate"="c:\program files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2010-09-07 1743320]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-26 13830760]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]

"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]

"LogonV2"="c:\mva-tools\loglogonV2.exe" [2013-01-07 310779]

"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]

"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416]

"LaCie Safe Manager Startup"="c:\program files\LaCie\Safe Manager\LSMDaemon.exe" [2010-04-02 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"EnableLUA"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= -

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=\\finbel\findata\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey]

2011-06-26 19:57 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]

2012-10-30 10:20 1315400 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]

2012-10-19 22:02 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2012-07-05 13:43 116648 ----atw- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 18:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Safe Manager Startup]

2010-04-02 14:27 45568 ----a-w- c:\program files\LaCie\Safe Manager\LSMDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]

2011-06-14 16:39 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe

.

R2 VmbService;Vodafone Mobile Broadband-service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]

R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x]

R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x]

R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]

R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]

R3 Sb2.Printer;Sb2.Printer;c:\program files\Sb2\Sb2.Printer.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 UacCtl2;GN Netcom Control Driver;c:\windows\system32\DRIVERS\uacctl2.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]

S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x]

S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x]

S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]

S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x]

S2 LNSUSvc;Lotus Notes Smart Upgrade-service;c:\program files\IBM\Lotus\Notes\SUService.exe [x]

S2 Lotus Notes Diagnostics;Lotus Notes Diagnostische Service;c:\program files\IBM\Lotus\Notes\nsd.exe [x]

S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]

S2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [x]

S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 16:34]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]

.

2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet

mStart Page = hxxp://intranet

TCP: DhcpNameServer = 195.130.130.130 195.130.131.130

TCP: Interfaces\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11

TCP: Interfaces\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11

DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab

FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.type - 4

FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

.

.

------- Bestandsassociaties -------

.

inifile=%SystemRoot%\SciTE.exe "%1"

txtfile=%SystemRoot%\SciTE.exe "%1"

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(4624)

c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

c:\program files\Copernic Desktop Search - Corporate\DeskbandIntegration304000026.dll

c:\program files\Copernic Desktop Search - Corporate\SearchPlatform-s.dll

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

.

- - - - - - - > 'explorer.exe'(3528)

c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\program files\IDT\WDM\STacSV.exe

c:\windows\system32\nvvsvc.exe

c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\Juniper Networks\Common Files\dsNcService.exe

c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe

c:\program files\McAfee\Common Framework\FrameworkService.exe

c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files\IBM\Lotus\Notes\ntmulti.exe

c:\program files\McAfee\VirusScan Enterprise\mfeann.exe

c:\windows\system32\conhost.exe

c:\windows\system32\taskhost.exe

c:\program files\McAfee\Common Framework\naPrdMgr.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\CCM\CcmExec.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Teamviewer\Version7\TeamViewer.exe

c:\windows\system32\conhost.exe

c:\program files\Teamviewer\Version7\tv_w32.exe

c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

c:\program files\Philips Display\SmartControl\DTHtml.exe

c:\program files\McAfee\Common Framework\McTray.exe

c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe

c:\program files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe

c:\program files\Portrait Displays\Pivot Pro Plugin\floater.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\System32\vds.exe

c:\windows\system32\msiexec.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\wbem\WmiApSrv.exe

.

**************************************************************************

.

Voltooingstijd: 2013-01-20 13:08:08 - machine werd herstart

ComboFix-quarantined-files.txt 2013-01-20 12:08

.

Pre-Run: 151.077.576.704 bytes beschikbaar

Post-Run: 151.718.653.952 bytes beschikbaar

.

- - End Of File - - 4EB561EE3A9E6A7BF2DBC7C35E7C061D

Wanneer ik ComboFix wil installeren, krijg ik meerder malen foutmeldingen. Ik kan klikken op Afbreken, Negeren of Overslaan. Heb op Overslaan geklikt. Na installatie van ComboFix, opstarten en updtane krijg je het blauwe scherm, maar onmiddelijk de boodschap dat een bestand mist (wat logisch is). Hoe kan ik ComboFix volledig geïnstalleerd krijgen?

Het gaat niet over dezelfde laptop - het andere topic betrof een vorige laptop.

De laptop reageert sedert enige tijd vrij traag - opstarten van bvb. Excel duurt lang - soms 'bevriest' een toepassing of IE - een snelle scan met Mamwarebyutes Anti-Malware heeft geen besmettingen aantgetoond - hierbij een Hijackthis logje.

pcLogfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:49:19, on 12/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Teamviewer\Version7\TeamViewer.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\Philips Display\SmartControl\DTHtml.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe

C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe

C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

C:\Users\pgadebac\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe

C:\Program Files\Borland\StarTeam Toolbar\SBToolbar.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe

C:\PROGRA~1\COPERN~1\DESKTO~3.EXE

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Users\pgadebac\Favorites\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910080500.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Copernic Desktop Search - Corporate Toolbar - {B69A3268-DA39-49B0-B1A6-4E7E4B98BB45} - C:\Program Files\Copernic Desktop Search - Corporate\Toolbar\ToolbarContainer101000325.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

O4 - HKLM\..\Run: [LogonV2] C:\MVA-Tools\loglogonV2.exe

O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10

O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} (ALM Platfrom Loader v11) - http://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.minfin.be/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CCS\Services\Tcpip\..\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe

O23 - Service: AgentService - Autonomy Corporation plc - c:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe

O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe

O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe

O23 - Service: Lotus Notes Smart Upgrade-service (LNSUSvc) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\SUService.exe

O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\MVA-Tools\srvany.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe

O23 - Service: Sb2.Printer - Sb2 - C:\Program Files\Sb2\Sb2.Printer.exe

O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe

O23 - Service: uvnc_service - UltraVNC - C:\Program Files\VNC\winvnc.exe

O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe

--

End of file - 12516 bytes

Hallo,

ik neem steeds een 'volledige' image van een schijf, dus, MBR, Recovery, ....

Dus, in principe zit ik goed. Ik veronderstel dat de nieuwe schijf wel groter mag zijn dan de oude. Vroeger werd reeds een schijf (voor een andere laptop) vervangen en die was merkelijk groter. De image werd teruggeplaatst en alles was OK.

Bij opstarten van deze laptop krijg ik een scherm waarop vermeld staat: Disk Failure is imminent. Please backup immediately data. Na drukken op F1 start de laptop op. De laptop is nog geen 3 jaar oud.

Bij het runnen van HD Tune krijg ik geen foutmeldingen. Ik heb enkel de quickScan gedraaid. Ik draai vananvond wel eens de volledige scan. Het gekke is dat delaptop soms heel lang nodig heeft om bvb. Chrome te openen of een toepassing. Na een tijdje werkt de laptop blijkbaar weer op 'normale' snelheid. Zou het ook niet een probleem van Malware of iets dergelijks kunnen zijn. (een volledige scan van Malwarebytes heeft 1 besmetting gevonden, die werd verwijderd).

Bedankt voor de snelle reacties. Ik laat HD Tune lopen en zal de resultaten posten. Vraagje: wanneer ik een volledige image van de harde schijf maak ik gebruik Easus ToDo Backup 3.0 Free) en die dan op een nieuwe HDD zet, is alles dan OK of loop ik het risico dat schijffouten worden gekopieerd ? Als de oude schijf 'fysiek' aan het begeven is, zou een teruggeplaatste image op een nieuwe schijf toch geen problemen mogen geven?

Hallo,

de laptop vertraagt enorm. Opstarten duurt lang en loop soms volledig vast.

Schijfcontrole heeft een hele reeks fouten aangegeven die werden gecorrigeerd. Heb vandaag bij opstarten een foutmelding gekregen dat er ernstige schijfproblemen (zouden) zijn. Heb Seagate SeaTools for Windows geïnstalleerd. Enkele testen falen: SMART Test, Short DST.

Wat kan het probleem zijn?

Hallo,

de laptop vertraagt enorm. Opstarten duurt lang en loop soms volledig vast.

Schijfcontrole heeft een hele reeks fouten aangegeven die werden gecorrigeerd. Heb vandaag bij opstarten een foutmelding gekregen dat er ernstige schijfproblemen (zouden) zijn. Heb Seagate SeaTools for Windows geïnstalleerd. Enkele testen falen: SMART Test, Short DST.

Wat kan het probleem zijn?

Hierbij het logje + een Speccy-logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:03:38, on 6/02/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\Drivers\trcboot.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\Connected\AgentSrv.EXE

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\mfevtps.exe

C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

C:\WINNT\System32\srvany.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINNT\system32\mvaservice.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\WINNT\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\UltraVNC\WinVNC.exe

C:\WINNT\system32\SearchIndexer.exe

C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINNT\system32\Drivers\ldlcserv.exe

C:\WINNT\system32\Drivers\ldlcserv6.exe

C:\Program Files\Connected\CBSysTray.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\Explorer.EXE

C:\WINNT\stsystra.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe

C:\WINNT\system32\ctfmon.exe

D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE

C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe

C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE

C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE

C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE

C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE

C:\WINNT\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [EZ Notes Search] C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe

O4 - HKLM\..\Run: [Logon] C:\WINNT\system32\loglogon.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user')

O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.intranet

O15 - Trusted IP range: http://192.168.2.1

O15 - ESC Trusted IP range: http://192.168.2.1

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: schmap-help - (no CLSID) - (no file)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE

O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe

O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe

O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--

End of file - 13924 bytes

SPECCY:

Overzicht

Besturingssysteem

MS Windows XP Professional 32-bit SP3

Processor

AMD Turion 64 X2 Mobile TL-56 52 °C

Tyler 65nm Technologie

RAM

3,00 GB Single-Kanaal DDR2 @ 299MHz (5-5-5-15)

Moederbord

Dell Inc. 0PM233 (Microprocessor) 62 °C

Graphics

Standaardbeeldscherm (1280x800@60Hz)

ATI video (Dell)

Harde schijven

78GB Seagate ST980813ASG (SATA) 31 °C

Optische schijven

SONY CDRWDVD CRX880A

Audio

USB-audioapparaat

Besturingssysteem

MS Windows XP Professional 32-bit SP3

Installatie datum: 17 July 2008, 08:58

Serienummer: ********************************

Windows Security Center

Firewall Ingeschakeld

Windows Update

AutoUpdate Download automatisch en installeer op geplande tijd

Schema frequentie Elke dag

Antivirus

Antivirus Ingeschakeld

Bedrijfsnaam McAfee, Inc.

Weergavenaam McAfee VirusScan Enterprise

Product versie 8.7.0.570

Omgevingsvariabelen

USERPROFILE D:\Documents and Settings\pgadebac

SystemRoot C:\WINNT

Gebruikersvariabelen

TEMP D:\Documents and Settings\pgadebac\Local Settings\Temp

TMP D:\Documents and Settings\pgadebac\Local Settings\Temp

_settings_result 0

MOZ_PLUGIN_PATH C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\

Machine variabelen

ComSpec C:\WINNT\system32\cmd.exe

Path C:\WINNT\system32

C:\WINNT

C:\WINNT\system32\wbem

C:\Program Files\IBM\Personal Communications

C:\Program Files\IBM\Trace Facility

C:\Program Files\Borland\StarTeam SDK 9.3\Lib

C:\Program Files\Borland\StarTeam SDK 9.3\Bin

C:\Program Files\Common Files\Autodesk Shared

C:\Program Files\Borland\CaliberRM SDK 2005 R2\lib

C:\Program Files\Borland\StarTeam SDK 2005 R2\Lib

C:\Program Files\Borland\StarTeam SDK 2005 R2\Bin

C:\WINNT\system32\WindowsPowerShell\v1.0

C:\Program Files\Belgium Identity Card

C:\Program Files\IBM\Lotus\Notes

windir C:\WINNT

FP_NO_HOST_CHECK NO

OS Windows_NT

PROCESSOR_ARCHITECTURE x86

PROCESSOR_LEVEL 15

PROCESSOR_IDENTIFIER x86 Family 15 Model 104 Stepping 2, AuthenticAMD

PROCESSOR_REVISION 6802

NUMBER_OF_PROCESSORS 2

PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1

TEMP C:\WINNT\TEMP

TMP C:\WINNT\TEMP

PCOMM_Root C:\Program Files\IBM\Personal Communications\

CLASSPATH C:\Program Files\Belgium Identity Card;

DEFLOGDIR D:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

VSEDEFLOGDIR D:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

DEVMGR_SHOW_NONPRESENT_DEVICES 1

DEVMGR_SHOW_DETAILS 1

Batterij

AC lijn Online

Batterij volledige tijd Onbekend

Batterij lading % 100 %

Batterij staat Hoog

Resterende tijd (sec) Onbekend

Energieprofiel

Actief energiebeheerschema Maximum Performance (QuickSet)

Slaapstand Ingeschakeld

Geforceerd uitschakelen Ingeschakeld

Geforceerd stoppen Ingeschakeld

Schakel monitor uit na: (Bij het aansluiten van AC stroom) Nooit

Schakel monitor uit na: (Bij het aansluiten van de batterij) Nooit

Schakel harde schijf uit na: (Bij het aansluiten van AC stroom) Nooit

Schakel harde schijf uit na: (Bij het aansluiten van de batterij) Nooit

Stoppen na: (Bij het aansluiten van AC stroom) Nooit

Stoppen na: (Bij het aansluiten van de batterij) Nooit

Screensaver Uitgeschakeld

Uptime

Huidige sessie

Huidige tijd 6/02/2012 8:05:59

Huidige uptime 89137 sec (1 d, 00 h, 45 m, 37 s)

Laatste opstarttijd 5/02/2012 7:20:22

Tijdzone

Tijdzone GMT +1 uur

Taal Dutch

Land België

Munteenheid €

Datumnotatie d/MM/yyyy

Tijdnotatie H:mm:ss

Schema

GoogleUpdateTaskMachineUA 6/02/2012 8:33;elke 1 uur, vanaf 14:33 uur, gedurende 24 uur elke dag, te beginnen op 1/02/2012

GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA 6/02/2012 8:51;elke 1 uur, vanaf 16:51 uur, gedurende 24 uur elke dag, te beginnen op 17/05/2010

GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core 6/02/2012 8:57;om 8:57 uur, elke dag, te beginnen op 2/02/2012

GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA 6/02/2012 8:58;elke 1 uur, vanaf 8:58 uur, gedurende 24 uur elke dag, te beginnen op 2/02/2012

GoogleUpdateTaskMachineCore 6/02/2012 14:33;Uitvoeren bij aanmelden

GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core 6/02/2012 16:51;om 16:51 uur, elke dag, te beginnen op 17/05/2010

Proceslijst

agentsrv.exe

Proces ID 2004

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\Connected\AgentSrv.EXE

Geheugengebruik 280 kB

Piek Geheugengebruik 26 MB

alg.exe

Proces ID 2920

Gebruiker Lokale service

Domein NT AUTHORITY

Locatie C:\WINNT\System32\alg.exe

Geheugengebruik 3.69 MB

Piek Geheugengebruik 3.70 MB

ati2evxx.exe

Proces ID 1752

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\Ati2evxx.exe

Geheugengebruik 3.48 MB

Piek Geheugengebruik 3.49 MB

ati2evxx.exe

Proces ID 6028

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\Ati2evxx.exe

Geheugengebruik 4.14 MB

Piek Geheugengebruik 4.15 MB

cbsystray.exe

Proces ID 840

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\Connected\CBSysTray.exe

Geheugengebruik 1.23 MB

Piek Geheugengebruik 2.38 MB

ccmexec.exe

Proces ID 3396

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\CCM\CcmExec.exe

Geheugengebruik 20 MB

Piek Geheugengebruik 21 MB

chrome.exe

Proces ID 824

Gebruiker pgadebac

Domein FINBEL

Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

Geheugengebruik 43 MB

Piek Geheugengebruik 44 MB

chrome.exe

Proces ID 4240

Gebruiker pgadebac

Domein FINBEL

Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

Geheugengebruik 16 MB

Piek Geheugengebruik 16 MB

chrome.exe

Proces ID 5124

Gebruiker pgadebac

Domein FINBEL

Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

Geheugengebruik 49 MB

Piek Geheugengebruik 50 MB

csrss.exe

Proces ID 1488

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie \??\C:\WINNT\system32\csrss.exe

Geheugengebruik 6.54 MB

Piek Geheugengebruik 12 MB

ctfmon.exe

Proces ID 6036

Gebruiker pgadebac

Domein FINBEL

Locatie C:\WINNT\system32\ctfmon.exe

Geheugengebruik 3.50 MB

Piek Geheugengebruik 3.50 MB

dsncservice.exe

Proces ID 280

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

Geheugengebruik 11 MB

Piek Geheugengebruik 12 MB

engineserver.exe

Proces ID 1396

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

Geheugengebruik 385 MB

Piek Geheugengebruik 581 MB

explorer.exe

Proces ID 2084

Gebruiker pgadebac

Domein FINBEL

Locatie C:\WINNT\Explorer.EXE

Geheugengebruik 27 MB

Piek Geheugengebruik 58 MB

eznconnector.exe

Proces ID 1036

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe

Geheugengebruik 33 MB

Piek Geheugengebruik 33 MB

frameworkservice.exe

Proces ID 1412

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\McAfee\Common Framework\FrameworkService.exe

Geheugengebruik 6.12 MB

Piek Geheugengebruik 13 MB

googlecrashhandler.exe

Proces ID 480

Gebruiker pgadebac

Domein FINBEL

Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe

Geheugengebruik 504 kB

Piek Geheugengebruik 1.97 MB

ioloservicemanager.exe

Proces ID 504

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\iolo\common\lib\ioloServiceManager.exe

Geheugengebruik 5.68 MB

Piek Geheugengebruik 5.70 MB

jqs.exe

Proces ID 888

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\Java\jre7\bin\jqs.exe

Geheugengebruik 1.41 MB

Piek Geheugengebruik 18 MB

ldlcserv.exe

Proces ID 3508

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\Drivers\ldlcserv.exe

Geheugengebruik 1.27 MB

Piek Geheugengebruik 1.28 MB

ldlcserv6.exe

Proces ID 3556

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\Drivers\ldlcserv6.exe

Geheugengebruik 1.29 MB

Piek Geheugengebruik 1.29 MB

lsass.exe

Proces ID 1576

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\lsass.exe

Geheugengebruik 3.71 MB

Piek Geheugengebruik 7.73 MB

mbamservice.exe

Proces ID 976

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

Geheugengebruik 7.20 MB

Piek Geheugengebruik 7.31 MB

mcshield.exe

Proces ID 3424

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

Geheugengebruik 48 MB

Piek Geheugengebruik 240 MB

mctray.exe

Proces ID 856

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\McAfee\Common Framework\McTray.exe

Geheugengebruik 1.22 MB

Piek Geheugengebruik 7.36 MB

mdm.exe

Proces ID 1464

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

Geheugengebruik 3.29 MB

Piek Geheugengebruik 3.31 MB

mfeann.exe

Proces ID 3536

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

Geheugengebruik 4.03 MB

Piek Geheugengebruik 6.43 MB

mfevtps.exe

Proces ID 1940

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\mfevtps.exe

Geheugengebruik 404 kB

Piek Geheugengebruik 2.35 MB

msaccess.exe

Proces ID 4384

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE

Geheugengebruik 34 MB

Piek Geheugengebruik 34 MB

msaccess.exe

Proces ID 3908

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE

Geheugengebruik 34 MB

Piek Geheugengebruik 34 MB

mvaservice.exe

Proces ID 2144

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\mvaservice.exe

Geheugengebruik 6.82 MB

Piek Geheugengebruik 6.84 MB

naprdmgr.exe

Proces ID 2392

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

Geheugengebruik 1.00 MB

Piek Geheugengebruik 8.51 MB

nicconfigsvc.exe

Proces ID 2136

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

Geheugengebruik 7.79 MB

Piek Geheugengebruik 22 MB

nlnotes.exe

Proces ID 3732

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE

Geheugengebruik 69 MB

Piek Geheugengebruik 69 MB

notepad.exe

Proces ID 876

Gebruiker pgadebac

Domein FINBEL

Locatie C:\WINNT\system32\NOTEPAD.EXE

Geheugengebruik 728 kB

Piek Geheugengebruik 3.68 MB

notes2.exe

Proces ID 4308

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe

Geheugengebruik 179 MB

Piek Geheugengebruik 200 MB

nsd.exe

Proces ID 688

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\IBM\Lotus\Notes\nsd.exe

Geheugengebruik 4.11 MB

Piek Geheugengebruik 4.12 MB

nslsvice.exe

Proces ID 960

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

Geheugengebruik 1.34 MB

Piek Geheugengebruik 1.35 MB

ntaskldr.exe

Proces ID 2536

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE

Geheugengebruik 17 MB

Piek Geheugengebruik 45 MB

ntmulti.exe

Proces ID 2104

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

Geheugengebruik 1.83 MB

Piek Geheugengebruik 2.01 MB

pcs_agnt.exe

Proces ID 1960

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

Geheugengebruik 5.14 MB

Piek Geheugengebruik 5.27 MB

powerpnt.exe

Proces ID 5760

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE

Geheugengebruik 2.38 MB

Piek Geheugengebruik 34 MB

quickset.exe

Proces ID 2416

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\Dell\QuickSet\Quickset.exe

Geheugengebruik 7.77 MB

Piek Geheugengebruik 7.78 MB

scardsvr.exe

Proces ID 1168

Gebruiker Lokale service

Domein NT AUTHORITY

Locatie C:\WINNT\System32\SCardSvr.exe

Geheugengebruik 2.73 MB

Piek Geheugengebruik 2.75 MB

searchfilterhost.exe

Proces ID 1196

Gebruiker Lokale service

Domein NT AUTHORITY

Locatie C:\WINNT\system32\SearchFilterHost.exe

Geheugengebruik 5.24 MB

Piek Geheugengebruik 5.24 MB

searchindexer.exe

Proces ID 3236

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\SearchIndexer.exe

Geheugengebruik 17 MB

Piek Geheugengebruik 54 MB

searchprotocolhost.exe

Proces ID 2856

Gebruiker pgadebac

Domein FINBEL

Locatie C:\WINNT\system32\SearchProtocolHost.exe

Geheugengebruik 2.45 MB

Piek Geheugengebruik 27 MB

services.exe

Proces ID 1564

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\services.exe

Geheugengebruik 6.42 MB

Piek Geheugengebruik 9.50 MB

smss.exe

Proces ID 1128

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie \SystemRoot\System32\smss.exe

Geheugengebruik 420 kB

Piek Geheugengebruik 504 kB

speccy.exe

Proces ID 4920

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\Speccy\Speccy.exe

Geheugengebruik 13 MB

Piek Geheugengebruik 13 MB

spoolsv.exe

Proces ID 1108

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\spoolsv.exe

Geheugengebruik 10 MB

Piek Geheugengebruik 73 MB

srvany.exe

Proces ID 2120

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\System32\srvany.exe

Geheugengebruik 1.41 MB

Piek Geheugengebruik 1.42 MB

stacsv.exe

Proces ID 2280

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

Geheugengebruik 4.17 MB

Piek Geheugengebruik 4.19 MB

stsystra.exe

Proces ID 2256

Gebruiker pgadebac

Domein FINBEL

Locatie C:\WINNT\stsystra.exe

Geheugengebruik 8.29 MB

Piek Geheugengebruik 8.29 MB

svchost.exe

Proces ID 4320

Gebruiker Netwerkservice

Domein NT AUTHORITY

Locatie C:\WINNT\system32\svchost.exe

Geheugengebruik 7.82 MB

Piek Geheugengebruik 8.18 MB

svchost.exe

Proces ID 668

Gebruiker Lokale service

Domein NT AUTHORITY

Locatie C:\WINNT\system32\svchost.exe

Geheugengebruik 5.17 MB

Piek Geheugengebruik 5.18 MB

svchost.exe

Proces ID 2024

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\svchost.exe

Geheugengebruik 3.39 MB

Piek Geheugengebruik 3.39 MB

svchost.exe

Proces ID 1984

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\System32\svchost.exe

Geheugengebruik 33 MB

Piek Geheugengebruik 47 MB

svchost.exe

Proces ID 1772

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\svchost.exe

Geheugengebruik 5.77 MB

Piek Geheugengebruik 5.83 MB

svchost.exe

Proces ID 3072

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\svchost.exe

Geheugengebruik 4.36 MB

Piek Geheugengebruik 4.52 MB

svchost.exe

Proces ID 1820

Locatie C:\WINNT\system32\svchost.exe

Geheugengebruik 5.08 MB

Piek Geheugengebruik 5.25 MB

system

Proces ID 4

Gebruiker Administrators

Domein INGEBOUWD

Geheugengebruik 244 kB

Piek Geheugengebruik 2.93 MB

system idle process

Proces ID 0

tosbtsrv.exe

Proces ID 3092

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

Geheugengebruik 2.67 MB

Piek Geheugengebruik 2.83 MB

trcboot.exe

Proces ID 1924

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\Drivers\trcboot.exe

Geheugengebruik 1.52 MB

Piek Geheugengebruik 2.99 MB

udaterui.exe

Proces ID 5436

Gebruiker pgadebac

Domein FINBEL

Locatie C:\Program Files\McAfee\Common Framework\udaterui.exe

Geheugengebruik 3.21 MB

Piek Geheugengebruik 6.62 MB

vstskmgr.exe

Proces ID 1456

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

Geheugengebruik 1.69 MB

Piek Geheugengebruik 83 MB

winlogon.exe

Proces ID 1520

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie \??\C:\WINNT\system32\winlogon.exe

Geheugengebruik 6.34 MB

Piek Geheugengebruik 16 MB

winvnc.exe

Proces ID 3208

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\Program Files\UltraVNC\WinVNC.exe

Geheugengebruik 4.37 MB

Piek Geheugengebruik 4.41 MB

wmiprvse.exe

Proces ID 3656

Locatie C:\WINNT\system32\wbem\wmiprvse.exe

Geheugengebruik 6.43 MB

Piek Geheugengebruik 6.45 MB

wmiprvse.exe

Proces ID 4084

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\wbem\wmiprvse.exe

Geheugengebruik 5.46 MB

Piek Geheugengebruik 5.63 MB

wmiprvse.exe

Proces ID 4140

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\wbem\wmiprvse.exe

Geheugengebruik 6.00 MB

Piek Geheugengebruik 6.68 MB

wmiprvse.exe

Proces ID 4756

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\wbem\wmiprvse.exe

Geheugengebruik 5.63 MB

Piek Geheugengebruik 6.35 MB

wuser32.exe

Proces ID 3368

Gebruiker SYSTEM

Domein NT AUTHORITY

Locatie C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

Geheugengebruik 808 kB

Piek Geheugengebruik 4.13 MB

Hotfixes

Systeem folders

Path for burning CD D:\Documents and Settings\pgadebac\Local Settings\Application Data\Microsoft\CD Burning

Application Data D:\Documents and Settings\All Users\Application Data

Public Desktop D:\Documents and Settings\All Users\Bureaublad

Documents D:\Documents and Settings\All Users\Documenten

Global Favorites D:\Documents and Settings\All Users\Favorieten

Music D:\Documents and Settings\All Users\Documenten\Mijn muziek

Pictures D:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen

Start Menu Programs D:\Documents and Settings\All Users\Menu Start\Programma's

Start Menu D:\Documents and Settings\All Users\Menu Start

Startup D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten

Templates D:\Documents and Settings\All Users\Sjablonen

Videos D:\Documents and Settings\All Users\Documenten\Mijn video's

Cookies D:\Documents and Settings\pgadebac\Cookies

Desktop D:\Documents and Settings\pgadebac\Bureaublad

Physical Desktop D:\Documents and Settings\pgadebac\Bureaublad

User Favorites D:\Documents and Settings\pgadebac\Favorieten

Fonts C:\WINNT\Fonts

Internet History D:\Documents and Settings\pgadebac\Local Settings\Geschiedenis

Temporary Internet Files D:\Documents and Settings\pgadebac\Local Settings\Temporary Internet Files

Local Application Data D:\Documents and Settings\pgadebac\Local Settings\Application Data

Windows directory C:\WINNT

Windows/System C:\WINNT\system32

Program Files C:\Program Files

Device Tree

ACPI Multiprocessor-pc

Systeem dat voldoet aan Microsoft ACPI

AMD Turion 64 X2 Mobile Technology TL-56

AMD Turion 64 X2 Mobile Technology TL-56

ACPI-thermale zone

Systeemkaart

ACPI-deksel

ACPI-aan/uit-knop

ACPI-slaapstandknop

Microsoft AC-adapter

Accu die voldoet aan Microsoft ACPI-besturingsmethode

Accu die voldoet aan Microsoft ACPI-besturingsmethode

Microsoft Windows Beheerinterface voor ACPI

Basisstation

PCI-bus

PCI standard host CPU bridge

ATI SMBus

PCI standard host CPU bridge

PCI standard host CPU bridge

PCI standard host CPU bridge

PCI standard host CPU bridge

Uitgebreide I/O-bus

Systeemkaart

Systeemkaart

PCI standard PCI-to-PCI bridge

ATI Radeon X1270

Standaardbeeldscherm

Standaardbeeldscherm

Standaardbeeldscherm

Standaardbeeldscherm

Standaardbeeldscherm

PCI standard PCI-to-PCI bridge

Dell draadloze 1390 WLAN Mini-kaart

PCI standard PCI-to-PCI bridge

Broadcom NetXtreme 57xx Gigabit Controller

Standaard Dual Channel PCI IDE Controller

Secundair IDE-kanaal

Primair IDE-kanaal

ST980813ASG

Standard OpenHCD USB Host-controller

USB-hoofdhub

USB-HID

HID-compliant muis

Standard OpenHCD USB Host-controller

USB-hoofdhub

Standard OpenHCD USB Host-controller

USB-hoofdhub

Generic USB Hub

O2Micro OZ776 USB CCID Smartcard Reader

Standard OpenHCD USB Host-controller

USB-hoofdhub

Dell Wireless 360 Bluetooth Module

Bluetooth RFBUS

Bluetooth RFHID

Bluetooth RFBNEP

Bluetooth Personal Area Network

Standard OpenHCD USB Host-controller

USB-hoofdhub

Standard Enhanced PCI naar USB-hostcontroller

USB-hoofdhub

Generic USB Hub

Ondersteuning voor USB-afdrukken

Samsung ML-3470 Series

USB-apparaat voor massaopslag

USB Device

Algemeen volume

Samengesteld USB-apparaat

USB-audioapparaat

USB-HID

HID-compliant besturingsapparaat van gebruikers

Standaard Dual Channel PCI IDE Controller

Secundair IDE-kanaal

Primair IDE-kanaal

SONY CDRWDVD CRX880A

Microsoft UAA Bus Driver for High Definition Audio

SigmaTel High Definition Audio CODEC

Conexant HDA D330 MDC V.92 Modem

PCI standard ISA bridge

ISAPNP Read Data-poort

PS/2-compatibele muis

Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord

Systeem-CMOS/Real-timeklok

Systeemtimer

Systeemluidspreker

Systeemkaart

Controller voor directe geheugentoegang

Numerieke-gegevensprocessor

Gebeurtenistimer met hoge precisie

Communicatiepoort (COM1)

Systeemkaart

ECP-printerpoort (LPT1)

Printer Poort logische interface

PCI standard PCI-to-PCI bridge

Algemene CardBus Controller

Basisstation

OHCI Compliant IEEE 1394 Host Controller

1394-netwerkkaart #2

Diensten

Opgestart Application Layer Gateway-service

Opgestart Ati HotKey Poller

Opgestart COM+-gebeurtenissysteem

Opgestart Computer Browser

Opgestart Connected Agent Service

Opgestart CryptSvc

Opgestart DCOM Server Process Launcher

Opgestart DHCP Client

Opgestart DNS Client

Opgestart Event Log

Opgestart Help en ondersteuning

Opgestart HID Input Service

Opgestart IBM Enterprise Extender (IPv4)

Opgestart IBM Enterprise Extender (IPv6)

Opgestart IBM Traceerfunctie

Opgestart Intelligente achtergrondsoverdrachtservice

Opgestart iolo FileInfoList Service

Opgestart iolo System Service

Opgestart Java Quick Starter

Opgestart Juniper Network Connect Service

Opgestart Lotus Notes Diagnostische Service

Opgestart Lotus Notes Single Logon

Opgestart Machine Debug Manager

Opgestart MBAMService

Opgestart McAfee Engine Service

Opgestart McAfee Framework Service

Opgestart McAfee McShield

Opgestart McAfee Task Manager

Opgestart McAfee Validation Trust Protection Service

Opgestart Multi-user Cleanup Service

Opgestart MVA-Team Service

Opgestart Net Logon

Opgestart Network Connections

Opgestart Network Location Awareness (NLA)

Opgestart NICCONFIGSVC

Opgestart Plug and Play

Opgestart Print Spooler

Opgestart Protected Storage

Opgestart Remote Procedure Call (RPC)

Opgestart Secondary Logon

Opgestart Security Accounts Manager

Opgestart Server

Opgestart Service voor het rapporteren van fouten

Opgestart Shell Hardware Detection

Opgestart SigmaTel Audio Service

Opgestart Smart Card

Opgestart SMS Agent Host

Opgestart SMS Remote Control Agent

Opgestart SSDP Discovery-service

Opgestart System Event Notification

Opgestart Task Scheduler

Opgestart TCP/IP NetBIOS Helper

Opgestart Telephony

Opgestart Terminal Services

Opgestart Thema's

Opgestart TOSHIBA Bluetooth Service

Opgestart Verbindingsbeheer voor RAS

Opgestart VNC Server

Opgestart Windows Audio

Opgestart Windows Driver Foundation - User-mode Driver Framework

Opgestart Windows Firewall (WF) / Internet-verbinding delen (ICS)

Opgestart Windows Image Acquisition (WIA)

Opgestart Windows Management Instrumentation

Opgestart Windows Search

Opgestart Wireless Zero Configuration-service

Opgestart Workstation

Gestopt .NET Runtime Optimization Service v2.0.50727_X86

Gestopt Alerter

Gestopt Application Management

Gestopt AppnNode

Gestopt ASP.NET-statusservice

Gestopt Automatic Updates

Gestopt ClipBook

Gestopt COM+-systeemtoepassing

Gestopt COM-service voor IMAPI cd-branders

Gestopt Compatibiliteit voor Snelle gebruikerswisseling

Gestopt Delen van Extern bureaublad met NetMeeting

Gestopt Distributed Link Tracking Client

Gestopt Distributed Transaction Coordinator

Gestopt Extensible Authentication Protocol-service

Gestopt Google Update-service (gupdatem)

Gestopt Google Updater Service

Gestopt Google Updateservice (gupdate)

Gestopt Google Updateservice (gupdate1c9c883e3eb492)

Gestopt Health Key and Certificate Management-service

Gestopt Helpsessiebeheer voor Extern bureaublad

Gestopt HTTP SSL

Gestopt Indexing-service

Gestopt InstallDriver Table Manager

Gestopt IPSEC-services

Gestopt Logical Disk Manager

Gestopt Logical Disk Manager Administrative-service

Gestopt Messenger

Gestopt Microsoft Automated Troubleshooting Service

Gestopt Microsoft Office Diagnostics Service

Gestopt Microsoft Office Groove Audit Service

Gestopt MS Software Shadow Copy Provider

Gestopt NAP-agent (Network Access Protection)

Gestopt Net.Tcp service voor het delen van poorten

Gestopt Network DDE

Gestopt Network DDE DSDM

Gestopt Network Provisioning Service

Gestopt NT LM Security Support Provider

Gestopt Office Source Engine

Gestopt Performance Logs and Alerts

Gestopt Pml Driver HPZ12

Gestopt PuranDefrag

Gestopt QoS RSVP

Gestopt Remote Access Auto Connection Manager

Gestopt Remote Procedure Call (RPC) Locator

Gestopt Remote Registry

Gestopt Routing and Remote Access

Gestopt Sb2.Printer

Gestopt Security Center

Gestopt Serienummerservice voor draagbare media

Gestopt System Restore-service

Gestopt Telnet

Gestopt Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation

Gestopt Uninterruptible Power Supply

Gestopt Universele Plug en Play-apparaathost

Gestopt Verwisselbare opslag

Gestopt Volume Shadow Copy

Gestopt WebClient

Gestopt Windows CardSpace

Gestopt Windows Installer

Gestopt Windows Media Player Network Sharing-service

Gestopt Windows Presentation Foundation Font Cache 3.0.0.0

Gestopt Wired AutoConfig

Gestopt WMI-prestatieadapter

Processor

AMD Turion 64 X2 Mobile TL-56

Cores 2

Threads 2

Naam AMD Turion 64 X2 Mobile TL-56

Codenaam Tyler

Package Socket S1 (638)

Technologie 65nm

Specificatie AMD Turion 64 X2 Mobile Technology TL-56

Familie F

Uitgebreide familie F

Model 8

Uitgebreid Model 68

Stepping 2

Instructies MMX (+), 3DNow! (+), SSE, SSE2, SSE3, AMD 64

Virtualisatie Ondersteund, Uitgeschakeld

Hyperthreading Not supported

Bussnelheid 199.5 MHZ

Rated bussnelheid 798.1 MHZ

Stock Core snelheid 1800 MHZ

Stock Bus Snelheid 200 MHZ

Gemiddelde Temperatuur 52 °C

Caches

L1 Data Cachegrootte 2 x 64 KBytes

L1 Instructies Cachegrootte 2 x 64 KBytes

L2 Unified Cachegrootte 2 x 512 KBytes

Core 0

Coresnelheid 1795.4 MHZ

Multiplier x 9.0

Bussnelheid 199.5 MHZ

Rated bussnelheid 798.1 MHZ

Temperatuur 52 °C

Thread 1

APIC ID 0

Core 1

Coresnelheid 1795.4 MHZ

Multiplier x 9.0

Bussnelheid 199.5 MHZ

Rated bussnelheid 798.1 MHZ

Temperatuur 53 °C

Thread 1

APIC ID 1

RAM

Geheugenslots

Totaal geheugenslots 2

Gebruikte geheugenslots 2

Vrije geheugenslots 0

Geheugen

Type DDR2

Grootte 3072 MBytes

Kanalen # Single

DRAM Frequentie 299.3 MHZ

CAS# Latency (CL) 5 clocks

RAS# naar CAS# vertraging (tRCD) 5 clocks

RAS# Precharge (tRP) 5 clocks

Cyclustijd (tRAS) 15 clocks

Bank Cycle Time (tRC) 21 clocks

Command Rate (CR) 2T

Fysiek geheugen

Geheugengebruik 39 %

Fysiek totaal 2.87 GB

Fysiek beschikbaar 1.74 GB

Virtueel totaal 4.03 GB

Virtueel beschikbaar 2.91 GB

SPD

Aantal SPD modules 2

Slot #1

Type DDR2

Grootte 2048 MBytes

Fabrikant Hyundai Electronics

Maximale bandbreedte PC2-6400 (400 MHZ)

Onderdeel nummer HYMP125S64CP8-S6

Serial nummer 4661061F

Week/jaar 28 / 09

SPD Ext. EPP

JEDEC #3

Frequentie 400.0 MHZ

CAS# vertraging 6.0

RAS# naar CAS# 6

RAS# voorladen 6

tRAS 18

tRC 24

Spanning 1.800 V

JEDEC #2

Frequentie 333.3 MHZ

CAS# vertraging 5.0

RAS# naar CAS# 6

RAS# voorladen 6

tRAS 16

tRC 21

Spanning 1.800 V

JEDEC #1

Frequentie 266.7 MHZ

CAS# vertraging 4.0

RAS# naar CAS# 4

RAS# voorladen 4

tRAS 12

tRC 16

Spanning 1.800 V

Slot #2

Type DDR2

Grootte 1024 MBytes

Fabrikant Samsung

Maximale bandbreedte PC2-5300 (333 MHZ)

Onderdeel nummer M4 70T2864QZ3-CE6

Serial nummer 762DD666

Week/jaar 05 / 08

SPD Ext. EPP

JEDEC #3

Frequentie 333.3 MHZ

CAS# vertraging 5.0

RAS# naar CAS# 6

RAS# voorladen 6

tRAS 16

tRC 21

Spanning 1.800 V

JEDEC #2

Frequentie 266.7 MHZ

CAS# vertraging 4.0

RAS# naar CAS# 4

RAS# voorladen 4

tRAS 12

tRC 16

Spanning 1.800 V

JEDEC #1

Frequentie 200.0 MHZ

CAS# vertraging 3.0

RAS# naar CAS# 3

RAS# voorladen 3

tRAS 9

tRC 12

Spanning 1.800 V

Moederbord

Fabrikant Dell Inc.

Model 0PM233 (Microprocessor)

Chipset verkoper ATI

Chipset model RS690/RS690M

Chipset herziening 00

Southbridge verkoper ATI

Southbridge model SB600

Southbridge herziening 00

Systeem temperatuur 62 °C

BIOS

Merk Dell Inc.

Versie A04

Datum 01/14/2008

PCI data

Slot ONBEKEND

Slot type ONBEKEND

Slot gebruik Beschikbaar

Bus breedte 32 bit

Slot benaming PCMCIA 0

Slot nummer 0

Graphics

Monitor

Naam Standaardbeeldscherm op ATI Radeon X1270

Huidige resolutie 1280x800 pixels

Werkresolutie 1280x766 pixels

Status ingeschakeld, primaire

Monitorbreedte 1280

Monitorhoogte 800

Monitor Bpp 32 bits per pixel

Monitorfrequentie 60 Hz

Apparaat \\.\DISPLAY1\Monitor0

ATI video

GPU RS690M

Apparaat ID 1002-791F

Subvendor Dell (1028)

Huidig prestatieniveau Level 1

'Die' grootte 49 nm²

Releasedatum Feb 28, 2007

DirextX ondersteuning 9.0b

DirectX shader model 2.0

OpenGL ondersteuning 2.0

Bios core clock 400.00

Bios memory clock 400.00

Stuurprogramma ati2mtag.sys

Versie stuurprogramma 6.14.10.6666

ROPs 4

Shaders Vertex 4/Pixel 4

Type geheugen System

Aantal prestatieniveau's: 1

Level 1

OpenGL

Version 2.0.6347 WinXP Release

Vendor ATI Technologies Inc.

Renderer ATI Radeon X1270 x86/MMX/3DNow!/SSE2

GLU Version 1.2.2.0 Microsoft Corporation

Values

GL_MAX_LIGHTS 8

GL_MAX_TEXTURE_SIZE 2048

GL_MAX_TEXTURE_STACK_DEPTH 10

GL Extensions

GL_ARB_multitexture

GL_EXT_texture_env_add

GL_EXT_compiled_vertex_array

GL_S3_s3tc

GL_ARB_depth_texture

GL_ARB_fragment_program

GL_ARB_fragment_program_shadow

GL_ARB_fragment_shader

GL_ARB_multisample

GL_ARB_occlusion_query

GL_ARB_point_parameters

GL_ARB_point_sprite

GL_ARB_shader_objects

GL_ARB_shading_language_100

GL_ARB_shadow

GL_ARB_shadow_ambient

GL_ARB_texture_border_clamp

GL_ARB_texture_compression

GL_ARB_texture_cube_map

GL_ARB_texture_env_add

GL_ARB_texture_env_combine

GL_ARB_texture_env_crossbar

GL_ARB_texture_env_dot3

GL_ARB_texture_float

GL_ARB_texture_mirrored_repeat

GL_ARB_texture_rectangle

GL_ARB_transpose_matrix

GL_ARB_vertex_blend

GL_ARB_vertex_buffer_object

GL_ARB_pixel_buffer_object

GL_ARB_vertex_program

GL_ARB_vertex_shader

GL_ARB_window_pos

GL_ARB_draw_buffers

GL_ATI_draw_buffers

GL_ATI_envmap_bumpmap

GL_ATI_fragment_shader

GL_ATI_separate_stencil

GL_ATI_shader_texture_lod

GL_ATI_texture_env_combine3

GL_ATI_texture_float

GL_ATI_texture_mirror_once

GL_ATI_vertex_streams

GL_ATIX_texture_env_combine3

GL_ATIX_texture_env_route

GL_ATIX_vertex_shader_output_point_size

GL_EXT_abgr

GL_EXT_bgra

GL_EXT_blend_color

GL_EXT_blend_func_separate

GL_EXT_blend_minmax

GL_EXT_blend_subtract

GL_EXT_clip_volume_hint

GL_EXT_draw_range_elements

GL_EXT_fog_coord

GL_EXT_framebuffer_object

GL_EXT_multi_draw_arrays

GL_EXT_packed_pixels

GL_EXT_point_parameters

GL_EXT_rescale_normal

GL_EXT_secondary_color

GL_EXT_separate_specular_color

GL_EXT_shadow_funcs

GL_EXT_stencil_wrap

GL_EXT_texgen_reflection

GL_EXT_texture3D

GL_EXT_texture_compression_s3tc

GL_EXT_texture_cube_map

GL_EXT_texture_edge_clamp

GL_EXT_texture_env_combine

GL_EXT_texture_env_dot3

GL_EXT_texture_filter_anisotropic

GL_EXT_texture_lod_bias

GL_EXT_texture_mirror_clamp

GL_EXT_texture_object

GL_EXT_texture_rectangle

GL_EXT_vertex_array

GL_EXT_vertex_shader

GL_HP_occlusion_test

GL_NV_blend_square

GL_NV_occlusion_query

GL_NV_texgen_reflection

GL_SGI_color_matrix

GL_SGIS_generate_mipmap

GL_SGIS_multitexture

GL_SGIS_texture_border_clamp

GL_SGIS_texture_edge_clamp

GL_SGIS_texture_lod

GL_SUN_multi_draw_arrays

GL_WIN_swap_hint

WGL_EXT_extensions_string

WGL_EXT_swap_control

GLU Extensions

GL_EXT_bgra

Harde schijven

ST980813ASG

Fabrikant Seagate

Vorm factor 2.5"

Heads 16

Cylinders 16383

SATA type SATA-II 3.0Gb/s

Apparaat type Vast

ATA standaard ATA/ATAPI-7

LBA grootte 48-bit LBA

Inschakelen op tel 4485 keren

Inschakelen op tijd 285.8 days

Functies S.M.A.R.T., APM, AAM, NCQ

Overdrachtsmodus SATA II

Interface SATA

Capaciteit 78GB

Ware grootte 80.026.361.856 bytes

RAID Type None

S.M.A.R.T.

01 Lees foutenpercentage 100 (253ergste) Data 0000000000

03 Spin-up tijd 099 (099) Data 0000000000

04 Start/stop aantal 096 (096) Data 000000120B

05 Herverdeelde sectoren aantal 100 (100) Data 0000000000

07 Zoek foutenpercentage 087 (060) Data 001C754427

09 Power-on uren (POH) 093 (093) Data 0000001ACB

0A Spin opnieuw tellen 100 (100) Data 0000000000

0C Apparaat vermogings cyclus aantal 096 (096) Data 0000001185

BB Gerapporteerde oncorigeerbare fouten 001 (001) Data 000000C9BD

BD High Fly Writes (WDC) 100 (100) Data 0000000000

BE Verschil in temperatuur van 100 070 (039) Data 001E11001E

BF G-sense foutenpercentage 100 (100) Data 0000000001

C0 Power-off Retract aantal 099 (099) Data 0000000AAA

C1 Laden/lossen cyclus aantal 095 (095) Data 00000029FF

C2 Temperatuur 030 (061) Data 000000001E

C3 Hardware ECC hersteld 060 (056) Data 00003FA5B2

C5 Huidige afwachting aantal sectoren 100 (100) Data 0000000002

C6 Oncorrigeerbaar aantal sectoren 100 (100) Data 0000000002

C7 UltraDMA CRC Error aantal 200 (200) Data 0000000003

C8 Schrijf foutenpercentage / Multi-zone foutenpercentage 100 (253) Data 0000000000

CA Gegevens adresmarkering fouten 100 (253) Data 0000000000

F0 Hoofd vlieguren 000 (000) Data 0000001AE9

F1 Totaal aantal LBA's geschreven 000 (000) Data 0094FBA861

F2 Totaal aantal LBA's gelezen 000 (000) Data 000039C162

FE Vrije val bescherming 001 (001) Data 000000009D

Temperatuur 31 °C

Temperatuur omvang OK (minder dan 50 °C)

Status Goed

Partitie 0

Partitie ID Disk #0, Partition #0

Schijfletter C:

Bestandssysteem NTFS

Volume serienummer 04D40BB2

Grootte 39.1GB

Gebruikte ruimte 18.9GB (49%)

Vrije ruimte 20.3GB (51%)

Partitie 1

Partitie ID Disk #0, Partition #1

Schijfletter D:

Bestandssysteem NTFS

Volume serienummer B4D60A19

Grootte 35.4GB

Gebruikte ruimte 19.7GB (56%)

Vrije ruimte 15.7GB (44%)

Optische schijven

SONY CDRWDVD CRX880A

Media type CD-ROM

Naam SONY CDRWDVD CRX880A

Beschikbaarheid Werkend/Volle kracht

Mogelijkheden Random toegang, Ondersteunt verwijderbare media

Configuratiemanager error code Apparaat werkt correct

Configuratiemanager gebruikersconfiguratie VALS

Schijf E:

Geladen media VALS

SCSI bus 0

SCSI Logische eenheid 0

SCSI Poort 3

SCSI Target ID 0

Status OK

Audio

Geluidskaarten

USB-audioapparaat

SigmaTel High Definition Audio CODEC

Afspeelapparatuur

GN 4800 USB

SigmaTel Audio

Opname apparatuur

GN 4800 USB

SigmaTel Audio

Speaker configuratie

Speaker configuratie

Speaker type Stereo

Randapparatuur

Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord

Apparaat soort Keyboard

Apparaat naam Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord

Locatie Op toetsenbordpoort aangesloten

Stuurprogramma

Datum 7-1-2001

Versie 5.1.2600.2180

Bestand C:\WINNT\system32\DRIVERS\i8042prt.sys

Bestand C:\WINNT\system32\DRIVERS\kbdclass.sys

SMS Virtual Keyboard

Apparaat soort Keyboard

Apparaat naam SMS Virtual Keyboard

Stuurprogramma

Datum 11-23-2005

Versie 2.50.4136.2000

Bestand C:\WINNT\system32\DRIVERS\kbstuff5.sys

PS/2-compatibele muis

Apparaat soort Muis

Apparaat naam PS/2-compatibele muis

Locatie Aangesloten op de PS/2-muispoort

Stuurprogramma

Datum 7-1-2001

Versie 5.1.2600.0

Bestand C:\WINNT\system32\DRIVERS\i8042prt.sys

Bestand C:\WINNT\system32\DRIVERS\mouclass.sys

HID-compliant muis

Apparaat soort Muis

Apparaat naam HID-compliant muis

Verkoper Onbekend

Locatie Locatie 0

Stuurprogramma

Datum 7-1-2001

Versie 5.1.2600.0

Bestand C:\WINNT\system32\DRIVERS\mouclass.sys

Bestand C:\WINNT\system32\DRIVERS\mouhid.sys

SMS Virtual Mouse

Apparaat soort Muis

Apparaat naam SMS Virtual Mouse

Stuurprogramma

Datum 11-23-2005

Versie 2.50.4136.2000

Bestand C:\WINNT\system32\DRIVERS\kbstuff5.sys

Samsung ML-3470 Series

Apparaat soort Printer

Apparaat naam Samsung ML-3470 Series

Locatie Ondersteuning voor USB-afdrukken

Stuurprogramma

Datum 7-4-2007

Versie 3.4.32.0

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347P.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdu.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppp.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu2.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Po.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcm.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Plf.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pum.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pum.xml

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcm.ctd

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppp.ver

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.ini

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pua.bmp

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pub.bmp

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pul.bmp

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.bmp

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu1.bmp

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pio.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pn.dll

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pab.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcp.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pct.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcz.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdn.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdt.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pen.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfi.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfn.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pgr.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phb.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phu.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pit.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pkr.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pnr.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppo.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pru.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psp.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psw.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ptk.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pel.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppt.dat

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pab.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcp.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pct.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcz.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdn.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdt.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pen.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfi.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfn.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pgr.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phb.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phu.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pit.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pkr.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pnr.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppo.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pru.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psp.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psw.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ptk.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pel.chm

Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppt.chm

Bestand C:\WINNT\system32\SecSNMP.dll

Bestand C:\WINNT\system32\ml347Pl3.dll

Bestand C:\WINNT\system32\ml347Pl3.smt

Bestand C:\WINNT\system32\ml347Pci.dll

Bestand C:\WINNT\system32\ml347Pci.exe

Bestand C:\WINNT\System32\spool\PRTPROCS\W32X86\ml347Ppc.dll

USB-audioapparaat

Apparaat soort Audio apparaat

Apparaat naam USB-audioapparaat

Verkoper Onbekend

Locatie GN 4800 USB (Locatie 0)

Stuurprogramma

Datum 7-1-2001

Versie 5.1.2535.0

Bestand C:\WINNT\system32\drivers\USBAUDIO.sys

Bestand C:\WINNT\system32\drivers\drmk.sys

Bestand C:\WINNT\system32\drivers\portcls.sys

Bestand C:\WINNT\system32\drivers\stream.sys

Bestand C:\WINNT\system32\wdmaud.drv

Bestand C:\WINNT\system32\ksuser.dll

Schijfstation

Apparaat soort USB opslag

Apparaat naam Schijfstation

Opmerking USB Device

Locatie Locatie 0

Stuurprogramma

Datum 7-1-2001

Versie 5.1.2535.0

Bestand C:\WINNT\system32\DRIVERS\disk.sys

Printers

\\fngsvfps01\Danka B13 a

Gedeelde naam DankaB13

Printer poort IP_10.11.13.20

Print processor WinPrint

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 600 * 600 dpi Zwart-wit

Status Onbekend

Driver

Driver naam infotec IS 2145 PCL 6 (v3.010)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\INF634K.DLL

Adobe PDF

Printer poort Mijn documenten\*.pdf

Print processor WinPrint

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 1200 * 1200 dpi Kleur

Status Onbekend

Driver

Driver naam Adobe PDF Converter (v6.00)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL

Brother HL-3040CN series

Printer poort IP_10.10.15.48

Print processor WinPrint

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 600 * 600 dpi Kleur

Status Onbekend

Driver

Driver naam Brother HL-3040CN series (v1.05)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\BROCH08A.DLL

Canon iP100 draagbare printer

Printer poort USB001

Print processor Canon iP100 series Print Processor

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 4294967293 dpi Kleur

Status Onbekend

Driver

Driver naam Canon iP100 series (v12.04)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\CNMDR8F.DLL

Canon iP4300

Printer poort USB004

Print processor Canon iP4300 Print Processor

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 4294967293 dpi Kleur

Status Onbekend

Driver

Driver naam Canon iP4300 (v12.02)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\CNMDR86.DLL

Microsoft Office Document Image Writer

Printer poort Microsoft Document Imaging Writer Port:

Print processor ModiPrint

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 200 * 200 dpi Zwart-wit

Status Onbekend

Driver

Driver naam Microsoft Office Document Image Writer Driver (v4.00)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\mdigraph.dll

Microsoft XPS Document Writer

Printer poort XPSPort:

Print processor WinPrint

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 600 * 600 dpi Kleur

Status Onbekend

Driver

Driver naam Microsoft XPS Document Writer (v6.00)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll

Samsung ML-3470 AI (10.11.13.95)

Printer poort IP_10.11.13.31

Print processor WinPrint

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 600 * 600 dpi Zwart-wit

Status Onbekend

Driver

Driver naam Samsung ML-3470 Series PS (v6.00)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL

Samsung ML-3470 PDB (Standaardprinter )

Printer poort USB002

Print processor ml347PPC

Beschikbaarheid Altijd

Prioriteit 1

Dubbelzijdig Geen

Print kwaliteit 600 * 600 dpi Kleur

Status Onbekend

Driver

Driver naam Samsung ML-3470 Series (v4.00)

Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\ml347P.dll

Netwerk

U bent niet verbonden met het internet

Computer naam

NetBIOS naam G176L3J

DNS naam G176L3J.finbel.intra

Domeinnaam

Remote desktop

Console

Staat Actief

Domein FINBEL

WinInet info

LAN-verbinding

Het lokale systeem maakt gebruik van een local area network (LAN) om verbinding te maken met het internet

Het lokale systeem heeft RAS om verbinding te maken met het internet

Wi-Fi info

U gebruikt de oorspronkelijke Wi-Fi API versie 1

Aantal beschikbare access points 1

Wi-Fi ()

SSID

Naam

Signaal sterkte/kwaliteit 60

Beveiliging Uitgeschakeld

Staat De interface is niet verbonden met een netwerk

Dot11 type Onafhankelijk BSS (IBSS) netwerk

Netwerk Aansluitbaar

Netwerk Flags Er is een profiel voor dit netwerk

Een cijfer coderingssysteem moet worden gebruikt om te verbinden met dit netwerk Geen versleutelingssysteem ingeschakeld / ondersteund

Standaard authenticatie wordt gebruikt om voor de eerste keer met dit netwerk te verbinden IEEE 8020.11 Open System authenticatie versleuteling

WinHTTPInfo

WinHTTPSessionProxyType Geen proxt

Session Proxy

Session Proxy omzeiling

Aansluitpogingen 5

Aansluit time-out 60000

HTTP versie HTTP 1.1

Maximale connecties per 1.0 servers ONEINDIG

Maximale connecties per servers ONEINDIG

Maximale HTTP automatische doorverwijzingen 10

Maximale HTTP status verdergaan 10

Verzend time-out 30000

IEProxy automatische detectie Ja

IEProxy automatische configuratie http://intranet/proxy.pac

IEProxy

IEProxy omzeiling

Standaard proxy configuratie toegang type Geen proxt

Standaard configuratie proxy

Standaard configuratie proxy omzeiling

Adapterlijst

Juniper Network Connect Virtual Adapter - Pakketplanner-minipoort

IP adres 0.0.0.0

Subnet mask 0.0.0.0

Bluetooth Personal Area Network - Pakketplanner-minipoort

IP adres 0.0.0.0

Subnet mask 0.0.0.0

Dell draadloze 1390 WLAN Mini-kaart - Pakketplanner-minipoort

IP adres 0.0.0.0

Subnet mask 0.0.0.0

Broadcom NetXtreme 57xx Gigabit Controller - Pakketplanner-minipoort

IP adres 10.11.13.57

Subnet mask 255.255.255.0

Gateway server 10.11.13.1

Netwerk delen

No network shares

Hallo,

hier ben ik terug. De topic was nog niet afgesloten, maar na het uitvoeren van alle hogervermelde stappen, blijft de laptop tergend traag. Klikken op mappen, bestanden, browsers, .... Het duurt makkelijk 5 tot 10 seconden eer de laptop reageert. soms gaat het wel vlot; soms bevriest de laptop midden in een actie. Precies of de laptop het gevraagde niet meer kan verwerken. Deze toestand is echt niet meer werkbaar; frustraties:thumpdown: alom. Kunnen jullie nog eens depanneren ?

hierbij het logje:

ComboFix 11-12-20.04 - pgadebac 20/12/2011 18:05:36.11.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2214 [GMT 1:00]

Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-20 to 2011-12-20 ))))))))))))))))))))))))))))))

.

.

2011-12-20 08:31 . 2011-12-20 08:31 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits

2011-12-19 15:09 . 2011-12-20 14:56 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend

2011-12-16 07:37 . 2011-12-16 07:37 -------- d-----w- d:\documents and settings\All Users\Application Data\A-PDF

2011-12-16 07:37 . 2011-12-16 10:58 -------- d-----w- c:\program files\A-PDF To Excel

2011-12-15 10:50 . 2011-12-15 10:50 -------- d-----w- c:\program files\Speccy

2011-12-03 09:21 . 2011-12-03 09:21 -------- d-----w- c:\program files\ToniArts

2011-12-03 09:08 . 2011-12-03 09:08 -------- d-----w- d:\documents and settings\pgadebac\Application Data\JAM Software

2011-12-03 09:07 . 2011-12-03 09:07 -------- d-----w- c:\program files\JAM Software

2011-12-02 14:22 . 2011-12-02 14:22 -------- d-----w- d:\documents and settings\pgadebac\Application Data\f-secure

2011-12-02 13:50 . 2009-06-30 09:37 28552 ----a-w- c:\winnt\system32\drivers\pavboot.sys

2011-12-02 13:43 . 2011-12-02 13:43 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Sun

2011-12-02 13:31 . 2011-12-18 09:45 -------- d-----w- d:\documents and settings\pgadebac\Application Data\QuickScan

2011-11-22 09:37 . 2011-11-22 09:58 -------- d-----w- d:\documents and settings\All Users\Application Data\JetFlash220x

2011-11-22 08:31 . 2011-11-22 09:35 -------- d-----w- d:\documents and settings\pgadebac\ARIS71

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-02 13:41 . 2008-10-01 18:03 128000 ----a-w- c:\winnt\system32\javacpl.cpl

2011-12-02 13:41 . 2011-05-11 13:11 544656 ----a-w- c:\winnt\system32\deployJava1.dll

2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-12-19_17.58.21 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-12-20 16:52 . 2011-12-20 16:52 16384 c:\winnt\Temp\Perflib_Perfdata_138.dat

+ 2011-10-04 09:02 . 2011-12-20 14:15 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2011-10-04 09:02 . 2011-12-19 14:35 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2011-10-04 09:02 . 2011-12-20 14:15 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2011-10-04 09:02 . 2011-12-19 14:35 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2011-10-04 09:02 . 2011-12-19 14:35 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2011-10-04 09:02 . 2011-12-20 14:15 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2011-08-16 08:55 . 2011-12-19 14:35 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2011-08-16 08:55 . 2011-12-20 14:15 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2011-10-04 09:02 . 2011-12-19 14:35 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2011-10-04 09:02 . 2011-12-20 14:15 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2011-08-16 08:55 . 2011-12-19 14:35 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2011-08-16 08:55 . 2011-12-20 14:15 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2011-10-04 09:02 . 2011-12-20 14:15 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2011-10-04 09:02 . 2011-12-19 14:35 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-08-16 08:55 . 2011-12-20 14:15 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2011-08-16 08:55 . 2011-12-19 14:35 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2011-08-16 08:55 . 2011-12-20 14:15 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2011-08-16 08:55 . 2011-12-19 14:35 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2011-08-16 08:55 . 2011-12-19 14:35 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2011-08-16 08:55 . 2011-12-20 14:15 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2011-10-04 09:02 . 2011-12-20 14:15 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2011-10-04 09:02 . 2011-12-19 14:35 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2011-08-16 08:55 . 2011-12-19 14:35 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2011-08-16 08:55 . 2011-12-20 14:15 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2011-08-16 08:55 . 2011-12-19 14:35 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2011-08-16 08:55 . 2011-12-20 14:15 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]

.

d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\

Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

.

d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]

2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=deontologieLaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

backup=c:\winnt\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807]

2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]

2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=

"c:\\WINNT\\system32\\mmc.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

.

R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2/12/2011 14:50 28552]

R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696]

R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592]

R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]

R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656]

R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016]

R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096]

R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216]

S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]

S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536]

S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152]

S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152]

S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152]

S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-20 c:\winnt\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

.

2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-12-05 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet/index.php?page=&langue=nl

uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: { - c:\program files\Messenger\msmsgs.exe

Trusted Zone: intranet

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.http - http://intranet/proxy.pac

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.type - 2

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-12-20 18:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1288)

c:\winnt\system32\Ati2evxx.dll

c:\winnt\system32\pcsinst.dll

.

- - - - - - - > 'explorer.exe'(1888)

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\winnt\system32\webcheck.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

.

Voltooingstijd: 2011-12-20 18:28:49

ComboFix-quarantined-files.txt 2011-12-20 17:28

ComboFix2.txt 2011-12-19 18:04

.

Pre-Run: 21.031.587.840 bytes beschikbaar

Post-Run: 21.008.269.312 bytes beschikbaar

.

- - End Of File - - 326AF83DE09AE1E6DA81DE873DA49D11

hierbij het logje :

ComboFix 11-12-19.01 - pgadebac 19/12/2011 18:43:12.10.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2212 [GMT 1:00]

Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-11-19 to 2011-12-19 ))))))))))))))))))))))))))))))

.

.

2011-12-19 15:09 . 2011-12-19 17:28 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend

2011-12-19 08:24 . 2011-12-19 08:24 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits

2011-12-16 07:37 . 2011-12-16 07:37 -------- d-----w- d:\documents and settings\All Users\Application Data\A-PDF

2011-12-16 07:37 . 2011-12-16 10:58 -------- d-----w- c:\program files\A-PDF To Excel

2011-12-15 10:50 . 2011-12-15 10:50 -------- d-----w- c:\program files\Speccy

2011-12-03 09:21 . 2011-12-03 09:21 -------- d-----w- c:\program files\ToniArts

2011-12-03 09:08 . 2011-12-03 09:08 -------- d-----w- d:\documents and settings\pgadebac\Application Data\JAM Software

2011-12-03 09:07 . 2011-12-03 09:07 -------- d-----w- c:\program files\JAM Software

2011-12-02 14:22 . 2011-12-02 14:22 -------- d-----w- d:\documents and settings\pgadebac\Application Data\f-secure

2011-12-02 13:50 . 2009-06-30 09:37 28552 ----a-w- c:\winnt\system32\drivers\pavboot.sys

2011-12-02 13:43 . 2011-12-02 13:43 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Sun

2011-12-02 13:31 . 2011-12-18 09:45 -------- d-----w- d:\documents and settings\pgadebac\Application Data\QuickScan

2011-11-22 09:37 . 2011-11-22 09:58 -------- d-----w- d:\documents and settings\All Users\Application Data\JetFlash220x

2011-11-22 08:31 . 2011-11-22 09:35 -------- d-----w- d:\documents and settings\pgadebac\ARIS71

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-02 13:41 . 2008-10-01 18:03 128000 ----a-w- c:\winnt\system32\javacpl.cpl

2011-12-02 13:41 . 2011-05-11 13:11 544656 ----a-w- c:\winnt\system32\deployJava1.dll

2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

"Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]

.

d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\

Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

.

d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]

2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=deontologieLaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

backup=c:\winnt\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807]

2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]

2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=

"c:\\WINNT\\system32\\mmc.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

.

R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2/12/2011 14:50 28552]

R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696]

R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592]

R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]

R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656]

R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016]

R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096]

R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216]

S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]

S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536]

S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152]

S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152]

S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152]

S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2011-12-19 c:\winnt\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

.

2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-12-05 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-12-16 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet/index.php?page=&langue=nl

uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: { - c:\program files\Messenger\msmsgs.exe

Trusted Zone: intranet

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.http - http://intranet/proxy.pac

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.type - 2

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-12-19 18:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1476)

c:\winnt\system32\Ati2evxx.dll

c:\winnt\system32\pcsinst.dll

.

- - - - - - - > 'explorer.exe'(3548)

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\winnt\system32\webcheck.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

.

Voltooingstijd: 2011-12-19 19:04:30

ComboFix-quarantined-files.txt 2011-12-19 18:04

.

Pre-Run: 20.756.639.744 bytes beschikbaar

Post-Run: 20.731.359.232 bytes beschikbaar

.

- - End Of File - - 5E4FA89FEC0AE1F3B5B4E2CB57831579

Heb niet de indruk dat er veel verbetering is .....

By the way, na (meermaals) uitvoeren van Fix Checked op O18 - Protocol: schmap-help - (no CLSID) - (no file) blijft deze regel toch opduiken in het logje.

Wanneer ik Bitdefender Quik Scan run (via Extensie in Google Chrome) krijg ik een waarschuwing dat de PC geïnfecteerd is, maar MBAM vindt blijkbaar niets !

QuickScan 32-bit v0.9.9.100

---------------------------

Datum van de analyse: Sun Dec 18 10:45:07 2011

ID van de machine: 4D40BB2

er is 1 geïnfecteerd bestand gedetecteerd!

------------------------------------------

C:\WINNT\system32\loglogon.exe --> Trojan.Generic.4980699

--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Logon"

hierbij de logjes:

1- MBaM

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Databaseversie: 8384

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

17/12/2011 9:58:07

mbam-log-2011-12-17 (09-58-07).txt

Scantype: Snelle scan

Objecten gescand: 288587

Verstreken tijd: 9 minuut/minuten, 23 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

2- HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:00:59, on 17/12/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\Drivers\trcboot.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\Connected\AgentSrv.EXE

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\mfevtps.exe

C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

C:\WINNT\System32\srvany.exe

C:\WINNT\system32\mvaservice.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\UltraVNC\WinVNC.exe

C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINNT\system32\Drivers\ldlcserv.exe

C:\WINNT\system32\Drivers\ldlcserv6.exe

C:\WINNT\stsystra.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Connected\CBSysTray.exe

C:\Program Files\Stickies\stickies.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE

C:\Program Files\IBM\Lotus\Notes\NCDaemon.exe

C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe

C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE

C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe

D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe

C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe

C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINNT\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user')

O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe

O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.intranet

O15 - Trusted IP range: http://192.168.2.1

O15 - ESC Trusted IP range: http://192.168.2.1

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: schmap-help - (no CLSID) - (no file)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE

O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe

O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe

O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--

End of file - 13643 bytes

Hallo,

hierbij Speccy-link:

http://speccy.piriform.com/results/ZB7TW3PwSa0mMt2ts87zCVf

logje HijackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:49:23, on 15/12/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\System32\svchost.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\Ati2evxx.exe

C:\WINNT\system32\spoolsv.exe

C:\WINNT\system32\Drivers\trcboot.exe

C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE

C:\Program Files\Connected\AgentSrv.EXE

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINNT\system32\mfevtps.exe

C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

C:\WINNT\System32\srvany.exe

C:\WINNT\system32\mvaservice.exe

C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\svchost.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\UltraVNC\WinVNC.exe

C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\WINNT\system32\CCM\CcmExec.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINNT\system32\Drivers\ldlcserv.exe

C:\WINNT\system32\Drivers\ldlcserv6.exe

C:\WINNT\stsystra.exe

C:\Program Files\Dell\QuickSet\Quickset.exe

C:\Program Files\McAfee\Common Framework\udaterui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINNT\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\Connected\CBSysTray.exe

C:\Program Files\Stickies\stickies.exe

C:\Program Files\IBM\Lotus\Notes\nsd.exe

C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE

C:\Program Files\IBM\Lotus\Notes\NCDaemon.exe

C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe

C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE

C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe

O4 - HKLM\..\Run: [Logon] C:\WINNT\system32\loglogon.exe

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user')

O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe

O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?

O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200

O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe

O15 - Trusted Zone: http://*.intranet

O15 - Trusted IP range: http://192.168.2.1

O15 - ESC Trusted IP range: http://192.168.2.1

O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: schmap-help - (no CLSID) - (no file)

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll

O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll

O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE

O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe

O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe

O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe

O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe

O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe

O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe

O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe

O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--

End of file - 13639 bytes

Hallo,

hier ben ik terug.

Ik heb recent weer nogal wat problemen. Het toestel 'bevriest' gemakkelijk 10 tot 15 seconden tijdens het werken. Dit kan bvb. gebeuren bij het openen van een Word-bestand, openen tabblad browser, ....

Een volledig scan met Malwarebytes levert niets op. McAfee heeft Generic.dx!bb3r gedetecteerd en in quarantaine geplaatst.

Heb de indruk dat het toestel vlotter draait.

Sorry voor het wel heel laattijdige antwoord. Hierbij het logje:

ComboFix 11-11-14.03 - pgadebac 15/11/2011 7:50.9.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2329 [GMT 1:00]

Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Nieuw herstelpunt werd aangemaakt

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\winnt\system32\PowerToyReadme.htm

d:\documents and settings\All Users\Application Data\TEMP

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-10-15 to 2011-11-15 ))))))))))))))))))))))))))))))

.

.

2011-11-14 14:54 . 2011-11-15 06:45 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend

2011-11-14 14:26 . 2011-11-14 14:26 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits

2011-10-28 13:08 . 2011-04-12 20:41 406896 ----a-w- c:\winnt\system32\dsNcSmartCardProv.dll

2011-10-28 13:08 . 2011-04-12 20:41 361840 ----a-w- c:\winnt\system32\dsNcCredProv.dll

2011-10-24 13:46 . 2011-10-24 13:46 -------- d-----w- d:\documents and settings\pgadebac\Application Data\Foxit Software

2011-10-21 07:24 . 2010-06-19 06:30 14848 ----a-w- c:\winnt\system32\drivers\InputFilter_FlexDef2b.sys

2011-10-21 07:23 . 2011-10-21 07:24 -------- d-----w- c:\program files\SilverCrest OMC807 Driver

2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software

2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-14 14:55 . 2009-02-08 14:16 41272 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys

2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-03 04:06 . 2011-05-11 13:11 472808 ----a-w- c:\winnt\system32\deployJava1.dll

2011-10-03 01:37 . 2008-10-01 18:03 73728 ----a-w- c:\winnt\system32\javacpl.cpl

2011-08-31 16:00 . 2009-02-08 14:16 22216 ----a-w- c:\winnt\system32\drivers\mbam.sys

2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-21_06.06.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-11-15 06:22 . 2011-11-15 06:22 16384 c:\winnt\Temp\Perflib_Perfdata_72c.dat

- 2004-08-04 12:00 . 2011-08-27 11:18 87088 c:\winnt\system32\perfc009.dat

+ 2004-08-04 12:00 . 2011-11-15 06:26 87088 c:\winnt\system32\perfc009.dat

+ 2011-04-12 20:10 . 2011-04-12 20:10 26624 c:\winnt\system32\drivers\dsNcAdpt.sys

- 2009-03-27 02:41 . 2010-02-19 00:07 26624 c:\winnt\system32\drivers\dsNcAdpt.sys

+ 2011-10-04 09:02 . 2011-11-14 14:49 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2011-10-04 09:02 . 2011-10-20 11:03 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2011-10-04 09:02 . 2011-10-20 11:02 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2011-10-04 09:02 . 2011-11-14 14:49 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

+ 2011-10-04 09:02 . 2011-11-14 14:49 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2011-10-04 09:02 . 2011-10-20 11:03 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2011-08-16 08:55 . 2011-11-14 14:49 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2011-10-04 09:02 . 2011-11-14 14:49 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2011-10-04 09:02 . 2011-10-20 11:02 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2011-08-16 08:55 . 2011-11-14 14:49 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

- 2011-10-04 09:02 . 2011-10-20 11:03 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-10-04 09:02 . 2011-11-14 14:49 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2004-08-04 12:00 . 2011-11-15 06:26 554110 c:\winnt\system32\perfh013.dat

- 2004-08-04 12:00 . 2011-08-27 11:18 554110 c:\winnt\system32\perfh013.dat

- 2004-08-04 12:00 . 2011-08-27 11:18 480484 c:\winnt\system32\perfh009.dat

+ 2004-08-04 12:00 . 2011-11-15 06:26 480484 c:\winnt\system32\perfh009.dat

+ 2004-08-04 12:00 . 2011-11-15 06:26 111184 c:\winnt\system32\perfc013.dat

- 2004-08-04 12:00 . 2011-08-27 11:18 111184 c:\winnt\system32\perfc013.dat

+ 2011-11-07 07:10 . 2011-10-03 04:06 157472 c:\winnt\system32\javaws.exe

- 2011-05-11 13:11 . 2011-05-11 13:11 157472 c:\winnt\system32\javaws.exe

+ 2011-11-07 07:10 . 2011-10-03 04:06 145184 c:\winnt\system32\javaw.exe

- 2011-05-11 13:11 . 2011-05-11 13:11 145184 c:\winnt\system32\javaw.exe

- 2011-05-11 13:11 . 2011-05-11 13:11 145184 c:\winnt\system32\java.exe

+ 2011-11-07 07:10 . 2011-10-03 04:06 145184 c:\winnt\system32\java.exe

+ 2011-11-07 07:12 . 2011-11-07 07:12 203776 c:\winnt\Installer\55a63.msi

- 2011-08-16 08:55 . 2011-10-20 11:02 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2011-08-16 08:55 . 2011-11-14 14:49 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

+ 2011-08-16 08:55 . 2011-11-14 14:49 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2011-08-16 08:55 . 2011-11-14 14:49 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

- 2011-10-04 09:02 . 2011-10-20 11:03 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

+ 2011-10-04 09:02 . 2011-11-14 14:49 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2011-08-16 08:55 . 2011-11-14 14:49 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2011-08-16 08:55 . 2011-11-14 14:49 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]

"Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]

.

d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\

Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

.

d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214]

Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]

2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=deontologieLaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

backup=c:\winnt\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]

2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807]

2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]

2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=

"c:\\WINNT\\system32\\mmc.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

.

R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696]

R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592]

R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]

R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656]

R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016]

R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096]

R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216]

S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]

S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536]

S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]

S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152]

S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152]

S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152]

S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2011-11-15 c:\winnt\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

.

2011-11-15 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-11-15 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-11-10 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet/index.php?page=&langue=nl

uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: { - c:\program files\Messenger\msmsgs.exe

Trusted Zone: intranet

TCP: DhcpNameServer = 192.168.2.1

DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab

FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.http - http://intranet/proxy.pac

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.type - 2

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-11-15 07:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1288)

c:\winnt\system32\Ati2evxx.dll

c:\winnt\system32\pcsinst.dll

.

Voltooingstijd: 2011-11-15 08:01:03

ComboFix-quarantined-files.txt 2011-11-15 07:00

ComboFix2.txt 2011-10-24 16:53

ComboFix3.txt 2011-10-21 06:09

.

Pre-Run: 19.404.394.496 bytes beschikbaar

Post-Run: 19.380.170.752 bytes beschikbaar

.

- - End Of File - - 499170EFC5625BD9A790532E78EE7F02

Ik heb exact gedaan zoals gevraagd. Zie bestandje in bijlage.

Ik probeer nog eens.

CFScript.txt

Hallo,

de map adm_1sd21 is een map die wordt aangemaakt wanneer de helpdesk een probleem tracht op te lossen. Ze lijkt mij dus niet echt abnormaal.

Hierbij het logje van Combofix :

ComboFix 11-10-24.02 - pgadebac 24/10/2011 18:41:11.8.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2299 [GMT 2:00]

Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-24 to 2011-10-24 ))))))))))))))))))))))))))))))

.

.

2011-10-24 13:46 . 2011-10-24 13:46 -------- d-----w- d:\documents and settings\pgadebac\Application Data\Foxit Software

2011-10-21 07:24 . 2010-06-19 06:30 14848 ----a-w- c:\winnt\system32\drivers\InputFilter_FlexDef2b.sys

2011-10-21 07:23 . 2011-10-21 07:24 -------- d-----w- c:\program files\SilverCrest OMC807 Driver

2011-10-21 05:51 . 2011-10-24 16:40 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend

2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software

2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks

2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-04 13:16 . 2011-10-04 13:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Brother

2011-10-04 13:09 . 2010-05-10 08:45 103736 ----a-w- c:\winnt\system32\BRRBTOOL.EXE

2011-10-04 13:09 . 2005-01-17 07:10 45056 ----a-w- c:\winnt\system32\BRTCPCON.DLL

2011-10-04 13:09 . 2006-12-21 02:23 176128 ----a-w- c:\winnt\system32\BROSNMP.DLL

2011-10-04 13:09 . 2004-08-09 06:42 77824 ----a-w- c:\winnt\system32\BRLMW03A.DLL

2011-10-04 13:09 . 2010-04-02 05:33 25299 ----a-w- c:\winnt\system32\BRLM03A.DLL

2011-09-26 11:34 . 2011-09-26 11:34 -------- d-----w- d:\documents and settings\debacker\Application Data\McAfee

2011-09-26 10:03 . 2011-10-17 13:18 -------- d-----w- C:\Temp_Backup

2011-09-26 10:02 . 2011-09-26 10:03 -------- d-----w- d:\documents and settings\adm_1sd21

2011-09-26 08:37 . 2011-09-26 08:37 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE

2011-09-26 08:36 . 2011-09-26 08:36 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\IBM

2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\McAfee

2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\Stardock

2011-09-26 08:23 . 2011-09-26 08:23 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-10-21_06.06.48 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-10-21 09:27 . 2011-10-21 09:27 16384 c:\winnt\Temp\Perflib_Perfdata_790.dat

+ 2011-10-04 09:02 . 2011-10-24 13:26 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

- 2011-10-04 09:02 . 2011-10-20 11:03 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe

+ 2011-10-04 09:02 . 2011-10-24 13:26 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2011-10-04 09:02 . 2011-10-20 11:02 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe

- 2011-10-04 09:02 . 2011-10-20 11:03 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

+ 2011-10-04 09:02 . 2011-10-24 13:26 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

+ 2011-08-16 08:55 . 2011-10-24 13:26 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe

- 2011-10-04 09:02 . 2011-10-20 11:02 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

+ 2011-10-04 09:02 . 2011-10-24 13:26 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2011-08-16 08:55 . 2011-10-24 13:26 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe

+ 2011-10-04 09:02 . 2011-10-24 13:26 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

- 2011-10-04 09:02 . 2011-10-20 11:03 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe

+ 2011-08-16 08:55 . 2011-10-24 13:26 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe

+ 2011-08-16 08:55 . 2011-10-24 13:26 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2011-08-16 08:55 . 2011-10-24 13:26 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe

+ 2011-10-04 09:02 . 2011-10-24 13:26 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2011-10-04 09:02 . 2011-10-20 11:03 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

+ 2011-08-16 08:55 . 2011-10-24 13:26 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe

- 2011-08-16 08:55 . 2011-10-20 11:02 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

+ 2011-08-16 08:55 . 2011-10-24 13:26 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]

"Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"Launch SilverCrest OMC807"="c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe" [2010-06-28 860160]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]

.

d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\

Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

.

d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214]

Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]

2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=deontologieLaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

backup=c:\winnt\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-07-06 17:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]

2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=

"c:\\WINNT\\system32\\mmc.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

.

R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 18:37 691696]

R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 9:54 14592]

R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 18:47 35692]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048]

R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 16:13 70656]

R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 9:12 6016]

R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 21:11 4096]

S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]

S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]

S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]

S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 20:55 33536]

S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 15:32 37120]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]

S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 14:47 65152]

S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 14:47 65152]

S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 14:47 65152]

S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 19:50 19840]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 18:02 67240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-21 c:\winnt\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

.

2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-10-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet/index.php?page=&langue=nl

mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google

uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: { - c:\program files\Messenger\msmsgs.exe

Trusted Zone: intranet

TCP: DhcpNameServer = 192.168.2.1

DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab

FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.http - http://intranet/proxy.pac

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.type - 2

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-24 18:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1364)

c:\winnt\system32\Ati2evxx.dll

c:\winnt\system32\pcsinst.dll

c:\winnt\system32\beidcsp.dll

c:\winnt\system32\beidCSPLib.dll

c:\winnt\system32\beid35DlgsWin32.dll

c:\winnt\system32\beid35common.dll

c:\winnt\system32\beid35cardlayer.dll

.

- - - - - - - > 'explorer.exe'(1876)

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\winnt\system32\webcheck.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\program files\stardock\fences\DesktopDock.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2011-10-24 18:53:43

ComboFix-quarantined-files.txt 2011-10-24 16:53

ComboFix2.txt 2011-10-21 06:09

.

Pre-Run: 19.373.723.648 bytes beschikbaar

Post-Run: 19.349.856.256 bytes beschikbaar

.

- - End Of File - - E53FF81428BB22F73CD7FCAD2D77C8B5

Ik heb ComboFix gedraaid. Hierbij het logje:

ComboFix 11-10-20.08 - pgadebac 21/10/2011 7:58.7.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2216 [GMT 2:00]

Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe

AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* Aanwezig AV is actief

.

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-09-21 to 2011-10-21 ))))))))))))))))))))))))))))))

.

.

2011-10-21 05:51 . 2011-10-21 05:51 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend

2011-10-18 07:26 . 2011-10-18 07:26 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits

2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software

2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks

2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-04 13:16 . 2011-10-04 13:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Brother

2011-10-04 13:09 . 2010-05-10 08:45 103736 ----a-w- c:\winnt\system32\BRRBTOOL.EXE

2011-10-04 13:09 . 2005-01-17 07:10 45056 ----a-w- c:\winnt\system32\BRTCPCON.DLL

2011-10-04 13:09 . 2006-12-21 02:23 176128 ----a-w- c:\winnt\system32\BROSNMP.DLL

2011-10-04 13:09 . 2004-08-09 06:42 77824 ----a-w- c:\winnt\system32\BRLMW03A.DLL

2011-10-04 13:09 . 2010-04-02 05:33 25299 ----a-w- c:\winnt\system32\BRLM03A.DLL

2011-09-26 11:34 . 2011-09-26 11:34 -------- d-----w- d:\documents and settings\debacker\Application Data\McAfee

2011-09-26 10:03 . 2011-10-17 13:18 -------- d-----w- C:\Temp_Backup

2011-09-26 10:02 . 2011-09-26 10:03 -------- d-----w- d:\documents and settings\adm_1sd21

2011-09-26 08:37 . 2011-09-26 08:37 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE

2011-09-26 08:36 . 2011-09-26 08:36 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\IBM

2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\McAfee

2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\Stardock

2011-09-26 08:23 . 2011-09-26 08:23 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache

2011-09-23 18:01 . 2006-10-26 17:56 33104 ----a-w- c:\winnt\system32\Spool\prtprocs\w32x86\msonpppr.dll

2011-09-23 18:01 . 2006-10-26 17:56 32592 ----a-w- c:\winnt\system32\msonpmon.dll

2011-09-23 17:59 . 2011-09-23 17:59 -------- d-----w- c:\program files\Microsoft Works

2011-09-23 17:54 . 2011-09-23 17:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8

2011-09-23 17:52 . 2011-09-23 17:52 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Microsoft Help

2011-09-23 17:52 . 2011-10-18 11:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]

"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]

"Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]

.

d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\

Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]

.

d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214]

Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"SoftwareSASGeneration"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoFileAssociate"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]

2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]

"Script"=deontologieLaunch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]

"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]

"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]

backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]

backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]

backup=c:\winnt\pss\Windows Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]

2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]

2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2011-07-06 17:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]

2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]

2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=

"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=

"c:\\WINNT\\system32\\mmc.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

.

R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 18:37 691696]

R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 9:54 14592]

R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 18:47 35692]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048]

R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 16:13 70656]

R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 9:12 6016]

R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 21:11 4096]

S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]

S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]

S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]

S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]

S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 20:55 33536]

S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 15:32 37120]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]

S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 14:47 65152]

S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 14:47 65152]

S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 14:47 65152]

S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 19:50 19840]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 18:02 67240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Inhoud van de 'Gedeelde Taken' map

.

2011-10-21 c:\winnt\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]

.

2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]

.

2011-10-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job

- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]

.

2011-10-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job

- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://intranet/index.php?page=&langue=nl

mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google

uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200

IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: { - c:\program files\Messenger\msmsgs.exe

Trusted Zone: intranet

TCP: DhcpNameServer = 192.168.2.1

DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab

FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be

FF - prefs.js: network.proxy.http - http://intranet/proxy.pac

FF - prefs.js: network.proxy.http_port - 80

FF - prefs.js: network.proxy.type - 2

FF - user.js: browser.blink_allowed - true

FF - user.js: network.prefetch-next - true

FF - user.js: layout.spellcheckDefault - 1

FF - user.js: browser.urlbar.autoFill - false

FF - user.js: browser.search.openintab - false

FF - user.js: browser.tabs.closeButtons - 1

FF - user.js: browser.tabs.opentabfor.middleclick - true

FF - user.js: browser.tabs.tabMinWidth - 100

FF - user.js: browser.urlbar.hideGoButton - true

.

- - - - ORPHANS VERWIJDERD - - - -

.

MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

MSConfigStartUp-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-10-21 08:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1364)

c:\winnt\system32\Ati2evxx.dll

c:\winnt\system32\pcsinst.dll

.

- - - - - - - > 'explorer.exe'(3392)

c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll

c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll

c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll

c:\winnt\system32\webcheck.dll

c:\winnt\system32\WPDShServiceObj.dll

c:\winnt\system32\PortableDeviceTypes.dll

c:\winnt\system32\PortableDeviceApi.dll

c:\program files\Stardock\Fences\FencesMenu.dll

c:\program files\stardock\fences\DesktopDock.dll

.

Voltooingstijd: 2011-10-21 08:09:39

ComboFix-quarantined-files.txt 2011-10-21 06:09

.

Pre-Run: 19.438.383.104 bytes beschikbaar

Post-Run: 19.509.719.040 bytes beschikbaar

.

- - End Of File - - 16C39F9DEBB8DFADC3B8DF6E2B8C34BC

Ik heb dus een map onder:\Documents and Settings\pgadebac\Application Data\Schmap, maar niet onder Program files (de program files staan trouwens onder C: en niet D:).

Mag ik de map onder Application Data gewoon wissen ?

Nadien draai ik dan wel Combofix.