paddepoel
-
Items
89 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door paddepoel
-
-
De foutmelding is inderdaad verdwenen. Moet ComboFix nu niet worden verwijderd ?
-
Heb Combofix herstart in veilige modus en nadien ook hijackThis gerund. Hierbij de logjes:
ComboFix 13-01-27.03 - pgadebac 27/01/2013 10:27:21.2.4 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3055.1783 [GMT 1:00]
Gestart vanuit: c:\users\pgadebac\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\pgadebac\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mvaservice
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-27 to 2013-01-27 ))))))))))))))))))))))))))))))
.
.
2013-01-27 09:32 . 2013-01-27 09:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-27 09:32 . 2013-01-27 09:32 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-27 08:25 . 2013-01-27 08:26 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-27 06:54 . 2013-01-27 06:54 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\offreg.dll
2013-01-26 14:31 . 2013-01-26 14:31 -------- d-----w- c:\users\pgadebac\AppData\Roaming\smkits
2013-01-20 11:59 . 2013-01-27 09:34 -------- d-----w- c:\users\pgadebac\AppData\Local\temp
2013-01-19 12:39 . 2013-01-19 12:39 -------- d-----w- c:\program files\ESET
2013-01-19 12:17 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\mpengine.dll
2013-01-19 12:17 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-18 14:16 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-18 14:15 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-12 09:54 . 2013-01-12 09:54 -------- d-----w- c:\users\pgadebac\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 16:34 . 2012-09-23 16:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-15 16:34 . 2012-07-03 07:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-19 08:48 . 2012-07-09 07:28 5995172 ----a-w- c:\windows\FramePkg.exe
2012-12-14 15:49 . 2012-07-07 06:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-17 12:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-17 12:55 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-14 12:16 . 2012-11-14 12:16 4608 ----a-w- c:\windows\system32\w95inf32.dll
2012-11-14 12:16 . 2012-11-14 12:16 2272 ----a-w- c:\windows\system32\w95inf16.dll
2012-03-13 04:38 . 2012-07-03 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search - Corporate"="c:\program files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2010-09-07 1743320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-26 13830760]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"LogonV2"="c:\mva-tools\loglogonV2.exe" [2013-01-07 310779]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416]
"LaCie Safe Manager Startup"="c:\program files\LaCie\Safe Manager\LSMDaemon.exe" [2010-04-02 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= -
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]
"Script"=\\finbel\findata\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-09-23 19:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey]
2011-06-26 19:57 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2012-10-30 10:20 1315400 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2012-10-19 22:02 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-05 13:43 116648 ----atw- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]
2005-09-29 18:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Safe Manager Startup]
2010-04-02 14:27 45568 ----a-w- c:\program files\LaCie\Safe Manager\LSMDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-06-14 16:39 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x]
R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x]
R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]
R3 Sb2.Printer;Sb2.Printer;c:\program files\Sb2\Sb2.Printer.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 UacCtl2;GN Netcom Control Driver;c:\windows\system32\DRIVERS\uacctl2.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x]
S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x]
S2 LNSUSvc;Lotus Notes Smart Upgrade-service;c:\program files\IBM\Lotus\Notes\SUService.exe [x]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostische Service;c:\program files\IBM\Lotus\Notes\nsd.exe [x]
S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [x]
S2 VmbService;Vodafone Mobile Broadband-service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - mfeavfk01
.
Inhoud van de 'Gedeelde Taken' map
.
2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 16:34]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job
- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job
- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://intranet
mStart Page = hxxp://intranet
TCP: DhcpNameServer = 195.130.130.130 195.130.131.130
TCP: Interfaces\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11
TCP: Interfaces\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11
TCP: Interfaces\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11
TCP: Interfaces\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11
TCP: Interfaces\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab
FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(5016)
c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
c:\program files\Copernic Desktop Search - Corporate\DeskbandIntegration304000026.dll
c:\program files\Copernic Desktop Search - Corporate\SearchPlatform-s.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\IBM\Lotus\Notes\ntmulti.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Teamviewer\Version7\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\program files\Teamviewer\Version7\tv_w32.exe
c:\windows\system32\msiexec.exe
c:\windows\System32\vds.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Philips Display\SmartControl\DTHtml.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
c:\program files\Portrait Displays\Pivot Pro Plugin\floater.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Voltooingstijd: 2013-01-27 10:38:07 - machine werd herstart
ComboFix-quarantined-files.txt 2013-01-27 09:38
ComboFix2.txt 2013-01-20 12:08
.
Pre-Run: 149.251.698.688 bytes beschikbaar
Post-Run: 149.046.054.912 bytes beschikbaar
.
- - End Of File - - F5222B3AE20659D0872BA643700ADA3C
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:41:35, on 27/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Teamviewer\Version7\TeamViewer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Philips Display\SmartControl\DTHtml.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\LaCie\Safe Manager\LSMDaemon.exe
C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pgadebac\Documents\onderhoud PC\HijackThis.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910080500.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [LogonV2] C:\MVA-Tools\loglogonV2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LaCie Safe Manager Startup] "C:\Program Files\LaCie\Safe Manager\LSMDaemon.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} (ALM Platfrom Loader v11) - http://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.minfin.be/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AgentService - Autonomy Corporation plc - c:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe
O23 - Service: Lotus Notes Smart Upgrade-service (LNSUSvc) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\SUService.exe
O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Sb2.Printer - Sb2 - C:\Program Files\Sb2\Sb2.Printer.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe
O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
--
End of file - 11334 bytes
- - - Updated - - -
Ik heb de indruk dat de portable vlotter draait. Wanneer ik op de McAfee > Info klik, heb ik volgende pop-up:
-
Hierbij het ComboFix logje:
Wanneer ik HijackThis wil opstarten krijg ik volgende foutmelding:
ComboFix 13-01-17.04 - pgadebac 20/01/2013 12:55:49.1.4 - x86 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3055.1841 [GMT 1:00]
Gestart vanuit: c:\users\pgadebac\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee VirusScan Enterprise Antispyware Module *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
C:\install.exe
c:\programdata\SEC7351.tmp
c:\windows\system32\ReadMe.txt
c:\windows\system32\spool\prtprocs\w32x86\x5pp.dll
c:\windows\system32\ZoomIt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mvaservice
-------\Service_uvnc_service
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-12-20 to 2013-01-20 ))))))))))))))))))))))))))))))
.
.
2013-01-20 11:59 . 2013-01-20 11:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-20 11:59 . 2013-01-20 11:59 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-01-19 12:39 . 2013-01-19 12:39 -------- d-----w- c:\program files\ESET
2013-01-19 12:17 . 2013-01-15 01:49 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{143E78F2-3223-4EDA-ADB0-DE12834B57EB}\mpengine.dll
2013-01-19 12:17 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2013-01-18 14:16 . 2012-11-30 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-18 14:15 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-12 09:54 . 2013-01-12 09:54 -------- d-----w- c:\users\pgadebac\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 16:34 . 2012-09-23 16:40 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-15 16:34 . 2012-07-03 07:25 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-19 08:48 . 2012-07-09 07:28 5995172 ----a-w- c:\windows\FramePkg.exe
2012-12-14 15:49 . 2012-07-07 06:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-17 12:55 . 2009-08-18 10:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-11-17 12:55 . 2009-08-18 10:24 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-11-14 12:16 . 2012-11-14 12:16 4608 ----a-w- c:\windows\system32\w95inf32.dll
2012-11-14 12:16 . 2012-11-14 12:16 2272 ----a-w- c:\windows\system32\w95inf16.dll
2012-03-13 04:38 . 2012-07-03 07:24 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copernic Desktop Search - Corporate"="c:\program files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" [2010-09-07 1743320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-26 13830760]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2012-08-14 215656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"LogonV2"="c:\mva-tools\loglogonV2.exe" [2013-01-07 310779]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT PLP"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2011-08-15 121648]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2012-08-21 333416]
"LaCie Safe Manager Startup"="c:\program files\LaCie\Safe Manager\LSMDaemon.exe" [2010-04-02 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= -
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]
"Script"=\\finbel\findata\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AgentUiRunKey]
2011-06-26 19:57 239104 ----a-w- c:\program files\Iron Mountain\Connected BackupPC\Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2012-10-30 10:20 1315400 ----a-w- c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2012-10-19 22:02 70728 ----a-w- c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-05 13:43 116648 ----atw- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]
2005-09-29 18:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Safe Manager Startup]
2010-04-02 14:27 45568 ----a-w- c:\program files\LaCie\Safe Manager\LSMDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileBroadband]
2011-06-14 16:39 279552 ----a-w- c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
.
R2 VmbService;Vodafone Mobile Broadband-service;c:\program files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [x]
R3 AWEAlloc;AWE Memory Allocation Driver;c:\windows\system32\DRIVERS\awealloc.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 EUBAKUP0;EUBAKUP0;c:\windows\system32\drivers\EUBAKUP0.sys [x]
R3 EUBKMON0;EUBKMON0;c:\windows\system32\drivers\EUBKMON0.sys [x]
R3 EUFDDISK0;EUFDDISK0;c:\windows\system32\drivers\EUFDDISK0.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 ImDskSvc;ImDisk Virtual Disk Driver Helper;c:\windows\system32\imdsksvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);c:\windows\system32\DRIVERS\OXSDIDRV_x32.sys [x]
R3 Sb2.Printer;Sb2.Printer;c:\program files\Sb2\Sb2.Printer.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 UacCtl2;GN Netcom Control Driver;c:\windows\system32\DRIVERS\uacctl2.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [x]
S2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\DRIVERS\CipcCdp.sys [x]
S2 EaseUS Agent;EaseUS Agent Service;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 Guard Agent;Guard Agent Service;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 ImDisk;ImDisk Virtual Disk Driver;c:\windows\system32\DRIVERS\imdisk.sys [x]
S2 LNSUSvc;Lotus Notes Smart Upgrade-service;c:\program files\IBM\Lotus\Notes\SUService.exe [x]
S2 Lotus Notes Diagnostics;Lotus Notes Diagnostische Service;c:\program files\IBM\Lotus\Notes\nsd.exe [x]
S2 LV_Tracker;LV_Tracker;c:\windows\system32\DRIVERS\LV_Tracker.sys [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\Teamviewer\Version7\TeamViewer_Service.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - mfeavfk01
.
Inhoud van de 'Gedeelde Taken' map
.
2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-23 16:34]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-31 08:11]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job
- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job
- c:\users\pgadebac\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-05 13:43]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://intranet
mStart Page = hxxp://intranet
TCP: DhcpNameServer = 195.130.130.130 195.130.131.130
TCP: Interfaces\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11
TCP: Interfaces\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11
TCP: Interfaces\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11
TCP: Interfaces\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11
TCP: Interfaces\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11
DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} - hxxp://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab
FF - ProfilePath - c:\users\pgadebac\AppData\Roaming\Mozilla\Firefox\Profiles\3itkizca.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
FF - ExtSQL: !HIDDEN! 2012-07-03 09:36; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be
.
.
------- Bestandsassociaties -------
.
inifile=%SystemRoot%\SciTE.exe "%1"
txtfile=%SystemRoot%\SciTE.exe "%1"
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4624)
c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
c:\program files\Copernic Desktop Search - Corporate\DeskbandIntegration304000026.dll
c:\program files\Copernic Desktop Search - Corporate\SearchPlatform-s.dll
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
- - - - - - - > 'explorer.exe'(3528)
c:\program files\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Juniper Networks\Common Files\dsNcService.exe
c:\program files\Common Files\Portrait Displays\Shared\dtsrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\IBM\Lotus\Notes\ntmulti.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\CCM\CcmExec.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Teamviewer\Version7\TeamViewer.exe
c:\windows\system32\conhost.exe
c:\program files\Teamviewer\Version7\tv_w32.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Philips Display\SmartControl\DTHtml.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
c:\program files\Portrait Displays\Pivot Pro Plugin\floater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\vds.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Voltooingstijd: 2013-01-20 13:08:08 - machine werd herstart
ComboFix-quarantined-files.txt 2013-01-20 12:08
.
Pre-Run: 151.077.576.704 bytes beschikbaar
Post-Run: 151.718.653.952 bytes beschikbaar
.
- - End Of File - - 4EB561EE3A9E6A7BF2DBC7C35E7C061D
-
Wanneer ik ComboFix wil installeren, krijg ik meerder malen foutmeldingen. Ik kan klikken op Afbreken, Negeren of Overslaan. Heb op Overslaan geklikt. Na installatie van ComboFix, opstarten en updtane krijg je het blauwe scherm, maar onmiddelijk de boodschap dat een bestand mist (wat logisch is). Hoe kan ik ComboFix volledig geïnstalleerd krijgen?
-
Het gaat niet over dezelfde laptop - het andere topic betrof een vorige laptop.
-
De laptop reageert sedert enige tijd vrij traag - opstarten van bvb. Excel duurt lang - soms 'bevriest' een toepassing of IE - een snelle scan met Mamwarebyutes Anti-Malware heeft geen besmettingen aantgetoond - hierbij een Hijackthis logje.
pcLogfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:49:19, on 12/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Teamviewer\Version7\TeamViewer.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Philips Display\SmartControl\DTHtml.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\Program Files\Portrait Displays\Pivot Pro Plugin\floater.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\pgadebac\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
C:\Program Files\Borland\StarTeam Toolbar\SBToolbar.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\PROGRA~1\COPERN~1\DESKTO~3.EXE
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\pgadebac\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Users\pgadebac\Favorites\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120910080500.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Copernic Desktop Search - Corporate Toolbar - {B69A3268-DA39-49B0-B1A6-4E7E4B98BB45} - C:\Program Files\Copernic Desktop Search - Corporate\Toolbar\ToolbarContainer101000325.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [LogonV2] C:\MVA-Tools\loglogonV2.exe
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
O4 - HKLM\..\Run: [DT PLP] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -PLP
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [Copernic Desktop Search - Corporate] "C:\Program Files\Copernic Desktop Search - Corporate\DesktopSearchService.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {EBF1BFCB-F60B-4DCB-9C96-E53C543CB645} (ALM Platfrom Loader v11) - http://finvmsupdevp08.finbel.intra:8080/qcbin/ALM-Platform-Loader.11.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://extranet.minfin.be/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EE48897-9E34-46DC-88B7-2FC410AA00F5}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF5AB55B-F8AD-408D-901D-5462D1DF59FA}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1089859-150F-48FF-ABB2-FE205DF157BD}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CCS\Services\Tcpip\..\{E298C62B-DD22-4308-8A07-16083C7740DD}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F55A6DB-8E12-41D4-8B86-83051BCE66FD}: NameServer = 10.20.128.201 10.23.142.11
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AgentService - Autonomy Corporation plc - c:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ImDisk Virtual Disk Driver Helper (ImDskSvc) - Olof Lagerkvist - C:\Windows\system32\imdsksvc.exe
O23 - Service: Lotus Notes Smart Upgrade-service (LNSUSvc) - IBM Corp - C:\Program Files\IBM\Lotus\Notes\SUService.exe
O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\MVA-Tools\srvany.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Sb2.Printer - Sb2 - C:\Program Files\Sb2\Sb2.Printer.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\Teamviewer\Version7\TeamViewer_Service.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\VNC\winvnc.exe
O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
--
End of file - 12516 bytes
-
Hallo,
ik neem steeds een 'volledige' image van een schijf, dus, MBR, Recovery, ....
Dus, in principe zit ik goed. Ik veronderstel dat de nieuwe schijf wel groter mag zijn dan de oude. Vroeger werd reeds een schijf (voor een andere laptop) vervangen en die was merkelijk groter. De image werd teruggeplaatst en alles was OK.
Bij opstarten van deze laptop krijg ik een scherm waarop vermeld staat: Disk Failure is imminent. Please backup immediately data. Na drukken op F1 start de laptop op. De laptop is nog geen 3 jaar oud.
Bij het runnen van HD Tune krijg ik geen foutmeldingen. Ik heb enkel de quickScan gedraaid. Ik draai vananvond wel eens de volledige scan. Het gekke is dat delaptop soms heel lang nodig heeft om bvb. Chrome te openen of een toepassing. Na een tijdje werkt de laptop blijkbaar weer op 'normale' snelheid. Zou het ook niet een probleem van Malware of iets dergelijks kunnen zijn. (een volledige scan van Malwarebytes heeft 1 besmetting gevonden, die werd verwijderd).
-
Bedankt voor de snelle reacties. Ik laat HD Tune lopen en zal de resultaten posten. Vraagje: wanneer ik een volledige image van de harde schijf maak ik gebruik Easus ToDo Backup 3.0 Free) en die dan op een nieuwe HDD zet, is alles dan OK of loop ik het risico dat schijffouten worden gekopieerd ? Als de oude schijf 'fysiek' aan het begeven is, zou een teruggeplaatste image op een nieuwe schijf toch geen problemen mogen geven?
-
Hallo,
de laptop vertraagt enorm. Opstarten duurt lang en loop soms volledig vast.
Schijfcontrole heeft een hele reeks fouten aangegeven die werden gecorrigeerd. Heb vandaag bij opstarten een foutmelding gekregen dat er ernstige schijfproblemen (zouden) zijn. Heb Seagate SeaTools for Windows geïnstalleerd. Enkele testen falen: SMART Test, Short DST.
Wat kan het probleem zijn?
-
Hallo,
de laptop vertraagt enorm. Opstarten duurt lang en loop soms volledig vast.
Schijfcontrole heeft een hele reeks fouten aangegeven die werden gecorrigeerd. Heb vandaag bij opstarten een foutmelding gekregen dat er ernstige schijfproblemen (zouden) zijn. Heb Seagate SeaTools for Windows geïnstalleerd. Enkele testen falen: SMART Test, Short DST.
Wat kan het probleem zijn?
-
Hierbij het logje + een Speccy-logje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:38, on 6/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mfevtps.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\WINNT\System32\srvany.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINNT\system32\mvaservice.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINNT\system32\SearchIndexer.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINNT\system32\Drivers\ldlcserv.exe
C:\WINNT\system32\Drivers\ldlcserv6.exe
C:\Program Files\Connected\CBSysTray.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe
C:\WINNT\system32\ctfmon.exe
D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE
C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\WINNT\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EZ Notes Search] C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe
O4 - HKLM\..\Run: [Logon] C:\WINNT\system32\loglogon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user')
O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.intranet
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra
O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe
O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe
O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 13924 bytes
SPECCY:
Overzicht
Besturingssysteem
MS Windows XP Professional 32-bit SP3
Processor
AMD Turion 64 X2 Mobile TL-56 52 °C
Tyler 65nm Technologie
RAM
3,00 GB Single-Kanaal DDR2 @ 299MHz (5-5-5-15)
Moederbord
Dell Inc. 0PM233 (Microprocessor) 62 °C
Graphics
Standaardbeeldscherm (1280x800@60Hz)
ATI video (Dell)
Harde schijven
78GB Seagate ST980813ASG (SATA) 31 °C
Optische schijven
SONY CDRWDVD CRX880A
Audio
USB-audioapparaat
Besturingssysteem
MS Windows XP Professional 32-bit SP3
Installatie datum: 17 July 2008, 08:58
Serienummer: ********************************
Windows Security Center
Firewall Ingeschakeld
Windows Update
AutoUpdate Download automatisch en installeer op geplande tijd
Schema frequentie Elke dag
Antivirus
Antivirus Ingeschakeld
Bedrijfsnaam McAfee, Inc.
Weergavenaam McAfee VirusScan Enterprise
Product versie 8.7.0.570
Omgevingsvariabelen
USERPROFILE D:\Documents and Settings\pgadebac
SystemRoot C:\WINNT
Gebruikersvariabelen
TEMP D:\Documents and Settings\pgadebac\Local Settings\Temp
TMP D:\Documents and Settings\pgadebac\Local Settings\Temp
_settings_result 0
MOZ_PLUGIN_PATH C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\
Machine variabelen
ComSpec C:\WINNT\system32\cmd.exe
Path C:\WINNT\system32
C:\WINNT
C:\WINNT\system32\wbem
C:\Program Files\IBM\Personal Communications
C:\Program Files\IBM\Trace Facility
C:\Program Files\Borland\StarTeam SDK 9.3\Lib
C:\Program Files\Borland\StarTeam SDK 9.3\Bin
C:\Program Files\Common Files\Autodesk Shared
C:\Program Files\Borland\CaliberRM SDK 2005 R2\lib
C:\Program Files\Borland\StarTeam SDK 2005 R2\Lib
C:\Program Files\Borland\StarTeam SDK 2005 R2\Bin
C:\WINNT\system32\WindowsPowerShell\v1.0
C:\Program Files\Belgium Identity Card
C:\Program Files\IBM\Lotus\Notes
windir C:\WINNT
FP_NO_HOST_CHECK NO
OS Windows_NT
PROCESSOR_ARCHITECTURE x86
PROCESSOR_LEVEL 15
PROCESSOR_IDENTIFIER x86 Family 15 Model 104 Stepping 2, AuthenticAMD
PROCESSOR_REVISION 6802
NUMBER_OF_PROCESSORS 2
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
TEMP C:\WINNT\TEMP
TMP C:\WINNT\TEMP
PCOMM_Root C:\Program Files\IBM\Personal Communications\
CLASSPATH C:\Program Files\Belgium Identity Card;
DEFLOGDIR D:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
VSEDEFLOGDIR D:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
DEVMGR_SHOW_NONPRESENT_DEVICES 1
DEVMGR_SHOW_DETAILS 1
Batterij
AC lijn Online
Batterij volledige tijd Onbekend
Batterij lading % 100 %
Batterij staat Hoog
Resterende tijd (sec) Onbekend
Energieprofiel
Actief energiebeheerschema Maximum Performance (QuickSet)
Slaapstand Ingeschakeld
Geforceerd uitschakelen Ingeschakeld
Geforceerd stoppen Ingeschakeld
Schakel monitor uit na: (Bij het aansluiten van AC stroom) Nooit
Schakel monitor uit na: (Bij het aansluiten van de batterij) Nooit
Schakel harde schijf uit na: (Bij het aansluiten van AC stroom) Nooit
Schakel harde schijf uit na: (Bij het aansluiten van de batterij) Nooit
Stoppen na: (Bij het aansluiten van AC stroom) Nooit
Stoppen na: (Bij het aansluiten van de batterij) Nooit
Screensaver Uitgeschakeld
Uptime
Huidige sessie
Huidige tijd 6/02/2012 8:05:59
Huidige uptime 89137 sec (1 d, 00 h, 45 m, 37 s)
Laatste opstarttijd 5/02/2012 7:20:22
Tijdzone
Tijdzone GMT +1 uur
Taal Dutch
Land België
Munteenheid €
Datumnotatie d/MM/yyyy
Tijdnotatie H:mm:ss
Schema
GoogleUpdateTaskMachineUA 6/02/2012 8:33;elke 1 uur, vanaf 14:33 uur, gedurende 24 uur elke dag, te beginnen op 1/02/2012
GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA 6/02/2012 8:51;elke 1 uur, vanaf 16:51 uur, gedurende 24 uur elke dag, te beginnen op 17/05/2010
GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core 6/02/2012 8:57;om 8:57 uur, elke dag, te beginnen op 2/02/2012
GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA 6/02/2012 8:58;elke 1 uur, vanaf 8:58 uur, gedurende 24 uur elke dag, te beginnen op 2/02/2012
GoogleUpdateTaskMachineCore 6/02/2012 14:33;Uitvoeren bij aanmelden
GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core 6/02/2012 16:51;om 16:51 uur, elke dag, te beginnen op 17/05/2010
Proceslijst
agentsrv.exe
Proces ID 2004
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\Connected\AgentSrv.EXE
Geheugengebruik 280 kB
Piek Geheugengebruik 26 MB
alg.exe
Proces ID 2920
Gebruiker Lokale service
Domein NT AUTHORITY
Locatie C:\WINNT\System32\alg.exe
Geheugengebruik 3.69 MB
Piek Geheugengebruik 3.70 MB
ati2evxx.exe
Proces ID 1752
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\Ati2evxx.exe
Geheugengebruik 3.48 MB
Piek Geheugengebruik 3.49 MB
ati2evxx.exe
Proces ID 6028
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\Ati2evxx.exe
Geheugengebruik 4.14 MB
Piek Geheugengebruik 4.15 MB
cbsystray.exe
Proces ID 840
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\Connected\CBSysTray.exe
Geheugengebruik 1.23 MB
Piek Geheugengebruik 2.38 MB
ccmexec.exe
Proces ID 3396
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\CCM\CcmExec.exe
Geheugengebruik 20 MB
Piek Geheugengebruik 21 MB
chrome.exe
Proces ID 824
Gebruiker pgadebac
Domein FINBEL
Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Geheugengebruik 43 MB
Piek Geheugengebruik 44 MB
chrome.exe
Proces ID 4240
Gebruiker pgadebac
Domein FINBEL
Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Geheugengebruik 16 MB
Piek Geheugengebruik 16 MB
chrome.exe
Proces ID 5124
Gebruiker pgadebac
Domein FINBEL
Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Geheugengebruik 49 MB
Piek Geheugengebruik 50 MB
csrss.exe
Proces ID 1488
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie \??\C:\WINNT\system32\csrss.exe
Geheugengebruik 6.54 MB
Piek Geheugengebruik 12 MB
ctfmon.exe
Proces ID 6036
Gebruiker pgadebac
Domein FINBEL
Locatie C:\WINNT\system32\ctfmon.exe
Geheugengebruik 3.50 MB
Piek Geheugengebruik 3.50 MB
dsncservice.exe
Proces ID 280
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
Geheugengebruik 11 MB
Piek Geheugengebruik 12 MB
engineserver.exe
Proces ID 1396
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
Geheugengebruik 385 MB
Piek Geheugengebruik 581 MB
explorer.exe
Proces ID 2084
Gebruiker pgadebac
Domein FINBEL
Locatie C:\WINNT\Explorer.EXE
Geheugengebruik 27 MB
Piek Geheugengebruik 58 MB
eznconnector.exe
Proces ID 1036
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\IBM\Lotus\Notes\EZNConnector.exe
Geheugengebruik 33 MB
Piek Geheugengebruik 33 MB
frameworkservice.exe
Proces ID 1412
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\McAfee\Common Framework\FrameworkService.exe
Geheugengebruik 6.12 MB
Piek Geheugengebruik 13 MB
googlecrashhandler.exe
Proces ID 480
Gebruiker pgadebac
Domein FINBEL
Locatie D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
Geheugengebruik 504 kB
Piek Geheugengebruik 1.97 MB
ioloservicemanager.exe
Proces ID 504
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\iolo\common\lib\ioloServiceManager.exe
Geheugengebruik 5.68 MB
Piek Geheugengebruik 5.70 MB
jqs.exe
Proces ID 888
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\Java\jre7\bin\jqs.exe
Geheugengebruik 1.41 MB
Piek Geheugengebruik 18 MB
ldlcserv.exe
Proces ID 3508
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\Drivers\ldlcserv.exe
Geheugengebruik 1.27 MB
Piek Geheugengebruik 1.28 MB
ldlcserv6.exe
Proces ID 3556
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\Drivers\ldlcserv6.exe
Geheugengebruik 1.29 MB
Piek Geheugengebruik 1.29 MB
lsass.exe
Proces ID 1576
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\lsass.exe
Geheugengebruik 3.71 MB
Piek Geheugengebruik 7.73 MB
mbamservice.exe
Proces ID 976
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Geheugengebruik 7.20 MB
Piek Geheugengebruik 7.31 MB
mcshield.exe
Proces ID 3424
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
Geheugengebruik 48 MB
Piek Geheugengebruik 240 MB
mctray.exe
Proces ID 856
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\McAfee\Common Framework\McTray.exe
Geheugengebruik 1.22 MB
Piek Geheugengebruik 7.36 MB
mdm.exe
Proces ID 1464
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Geheugengebruik 3.29 MB
Piek Geheugengebruik 3.31 MB
mfeann.exe
Proces ID 3536
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
Geheugengebruik 4.03 MB
Piek Geheugengebruik 6.43 MB
mfevtps.exe
Proces ID 1940
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\mfevtps.exe
Geheugengebruik 404 kB
Piek Geheugengebruik 2.35 MB
msaccess.exe
Proces ID 4384
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
Geheugengebruik 34 MB
Piek Geheugengebruik 34 MB
msaccess.exe
Proces ID 3908
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
Geheugengebruik 34 MB
Piek Geheugengebruik 34 MB
mvaservice.exe
Proces ID 2144
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\mvaservice.exe
Geheugengebruik 6.82 MB
Piek Geheugengebruik 6.84 MB
naprdmgr.exe
Proces ID 2392
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
Geheugengebruik 1.00 MB
Piek Geheugengebruik 8.51 MB
nicconfigsvc.exe
Proces ID 2136
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
Geheugengebruik 7.79 MB
Piek Geheugengebruik 22 MB
nlnotes.exe
Proces ID 3732
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE
Geheugengebruik 69 MB
Piek Geheugengebruik 69 MB
notepad.exe
Proces ID 876
Gebruiker pgadebac
Domein FINBEL
Locatie C:\WINNT\system32\NOTEPAD.EXE
Geheugengebruik 728 kB
Piek Geheugengebruik 3.68 MB
notes2.exe
Proces ID 4308
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
Geheugengebruik 179 MB
Piek Geheugengebruik 200 MB
nsd.exe
Proces ID 688
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\IBM\Lotus\Notes\nsd.exe
Geheugengebruik 4.11 MB
Piek Geheugengebruik 4.12 MB
nslsvice.exe
Proces ID 960
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
Geheugengebruik 1.34 MB
Piek Geheugengebruik 1.35 MB
ntaskldr.exe
Proces ID 2536
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE
Geheugengebruik 17 MB
Piek Geheugengebruik 45 MB
ntmulti.exe
Proces ID 2104
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
Geheugengebruik 1.83 MB
Piek Geheugengebruik 2.01 MB
pcs_agnt.exe
Proces ID 1960
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
Geheugengebruik 5.14 MB
Piek Geheugengebruik 5.27 MB
powerpnt.exe
Proces ID 5760
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
Geheugengebruik 2.38 MB
Piek Geheugengebruik 34 MB
quickset.exe
Proces ID 2416
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\Dell\QuickSet\Quickset.exe
Geheugengebruik 7.77 MB
Piek Geheugengebruik 7.78 MB
scardsvr.exe
Proces ID 1168
Gebruiker Lokale service
Domein NT AUTHORITY
Locatie C:\WINNT\System32\SCardSvr.exe
Geheugengebruik 2.73 MB
Piek Geheugengebruik 2.75 MB
searchfilterhost.exe
Proces ID 1196
Gebruiker Lokale service
Domein NT AUTHORITY
Locatie C:\WINNT\system32\SearchFilterHost.exe
Geheugengebruik 5.24 MB
Piek Geheugengebruik 5.24 MB
searchindexer.exe
Proces ID 3236
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\SearchIndexer.exe
Geheugengebruik 17 MB
Piek Geheugengebruik 54 MB
searchprotocolhost.exe
Proces ID 2856
Gebruiker pgadebac
Domein FINBEL
Locatie C:\WINNT\system32\SearchProtocolHost.exe
Geheugengebruik 2.45 MB
Piek Geheugengebruik 27 MB
services.exe
Proces ID 1564
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\services.exe
Geheugengebruik 6.42 MB
Piek Geheugengebruik 9.50 MB
smss.exe
Proces ID 1128
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie \SystemRoot\System32\smss.exe
Geheugengebruik 420 kB
Piek Geheugengebruik 504 kB
speccy.exe
Proces ID 4920
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\Speccy\Speccy.exe
Geheugengebruik 13 MB
Piek Geheugengebruik 13 MB
spoolsv.exe
Proces ID 1108
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\spoolsv.exe
Geheugengebruik 10 MB
Piek Geheugengebruik 73 MB
srvany.exe
Proces ID 2120
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\System32\srvany.exe
Geheugengebruik 1.41 MB
Piek Geheugengebruik 1.42 MB
stacsv.exe
Proces ID 2280
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
Geheugengebruik 4.17 MB
Piek Geheugengebruik 4.19 MB
stsystra.exe
Proces ID 2256
Gebruiker pgadebac
Domein FINBEL
Locatie C:\WINNT\stsystra.exe
Geheugengebruik 8.29 MB
Piek Geheugengebruik 8.29 MB
svchost.exe
Proces ID 4320
Gebruiker Netwerkservice
Domein NT AUTHORITY
Locatie C:\WINNT\system32\svchost.exe
Geheugengebruik 7.82 MB
Piek Geheugengebruik 8.18 MB
svchost.exe
Proces ID 668
Gebruiker Lokale service
Domein NT AUTHORITY
Locatie C:\WINNT\system32\svchost.exe
Geheugengebruik 5.17 MB
Piek Geheugengebruik 5.18 MB
svchost.exe
Proces ID 2024
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\svchost.exe
Geheugengebruik 3.39 MB
Piek Geheugengebruik 3.39 MB
svchost.exe
Proces ID 1984
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\System32\svchost.exe
Geheugengebruik 33 MB
Piek Geheugengebruik 47 MB
svchost.exe
Proces ID 1772
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\svchost.exe
Geheugengebruik 5.77 MB
Piek Geheugengebruik 5.83 MB
svchost.exe
Proces ID 3072
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\svchost.exe
Geheugengebruik 4.36 MB
Piek Geheugengebruik 4.52 MB
svchost.exe
Proces ID 1820
Locatie C:\WINNT\system32\svchost.exe
Geheugengebruik 5.08 MB
Piek Geheugengebruik 5.25 MB
system
Proces ID 4
Gebruiker Administrators
Domein INGEBOUWD
Geheugengebruik 244 kB
Piek Geheugengebruik 2.93 MB
system idle process
Proces ID 0
tosbtsrv.exe
Proces ID 3092
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Geheugengebruik 2.67 MB
Piek Geheugengebruik 2.83 MB
trcboot.exe
Proces ID 1924
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\Drivers\trcboot.exe
Geheugengebruik 1.52 MB
Piek Geheugengebruik 2.99 MB
udaterui.exe
Proces ID 5436
Gebruiker pgadebac
Domein FINBEL
Locatie C:\Program Files\McAfee\Common Framework\udaterui.exe
Geheugengebruik 3.21 MB
Piek Geheugengebruik 6.62 MB
vstskmgr.exe
Proces ID 1456
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
Geheugengebruik 1.69 MB
Piek Geheugengebruik 83 MB
winlogon.exe
Proces ID 1520
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie \??\C:\WINNT\system32\winlogon.exe
Geheugengebruik 6.34 MB
Piek Geheugengebruik 16 MB
winvnc.exe
Proces ID 3208
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\Program Files\UltraVNC\WinVNC.exe
Geheugengebruik 4.37 MB
Piek Geheugengebruik 4.41 MB
wmiprvse.exe
Proces ID 3656
Locatie C:\WINNT\system32\wbem\wmiprvse.exe
Geheugengebruik 6.43 MB
Piek Geheugengebruik 6.45 MB
wmiprvse.exe
Proces ID 4084
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\wbem\wmiprvse.exe
Geheugengebruik 5.46 MB
Piek Geheugengebruik 5.63 MB
wmiprvse.exe
Proces ID 4140
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\wbem\wmiprvse.exe
Geheugengebruik 6.00 MB
Piek Geheugengebruik 6.68 MB
wmiprvse.exe
Proces ID 4756
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\wbem\wmiprvse.exe
Geheugengebruik 5.63 MB
Piek Geheugengebruik 6.35 MB
wuser32.exe
Proces ID 3368
Gebruiker SYSTEM
Domein NT AUTHORITY
Locatie C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
Geheugengebruik 808 kB
Piek Geheugengebruik 4.13 MB
Hotfixes
Systeem folders
Path for burning CD D:\Documents and Settings\pgadebac\Local Settings\Application Data\Microsoft\CD Burning
Application Data D:\Documents and Settings\All Users\Application Data
Public Desktop D:\Documents and Settings\All Users\Bureaublad
Documents D:\Documents and Settings\All Users\Documenten
Global Favorites D:\Documents and Settings\All Users\Favorieten
Music D:\Documents and Settings\All Users\Documenten\Mijn muziek
Pictures D:\Documents and Settings\All Users\Documenten\Mijn afbeeldingen
Start Menu Programs D:\Documents and Settings\All Users\Menu Start\Programma's
Start Menu D:\Documents and Settings\All Users\Menu Start
Startup D:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
Templates D:\Documents and Settings\All Users\Sjablonen
Videos D:\Documents and Settings\All Users\Documenten\Mijn video's
Cookies D:\Documents and Settings\pgadebac\Cookies
Desktop D:\Documents and Settings\pgadebac\Bureaublad
Physical Desktop D:\Documents and Settings\pgadebac\Bureaublad
User Favorites D:\Documents and Settings\pgadebac\Favorieten
Fonts C:\WINNT\Fonts
Internet History D:\Documents and Settings\pgadebac\Local Settings\Geschiedenis
Temporary Internet Files D:\Documents and Settings\pgadebac\Local Settings\Temporary Internet Files
Local Application Data D:\Documents and Settings\pgadebac\Local Settings\Application Data
Windows directory C:\WINNT
Windows/System C:\WINNT\system32
Program Files C:\Program Files
Device Tree
ACPI Multiprocessor-pc
Systeem dat voldoet aan Microsoft ACPI
AMD Turion 64 X2 Mobile Technology TL-56
AMD Turion 64 X2 Mobile Technology TL-56
ACPI-thermale zone
Systeemkaart
ACPI-deksel
ACPI-aan/uit-knop
ACPI-slaapstandknop
Microsoft AC-adapter
Accu die voldoet aan Microsoft ACPI-besturingsmethode
Accu die voldoet aan Microsoft ACPI-besturingsmethode
Microsoft Windows Beheerinterface voor ACPI
Basisstation
PCI-bus
PCI standard host CPU bridge
ATI SMBus
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
PCI standard host CPU bridge
Uitgebreide I/O-bus
Systeemkaart
Systeemkaart
PCI standard PCI-to-PCI bridge
ATI Radeon X1270
Standaardbeeldscherm
Standaardbeeldscherm
Standaardbeeldscherm
Standaardbeeldscherm
Standaardbeeldscherm
PCI standard PCI-to-PCI bridge
Dell draadloze 1390 WLAN Mini-kaart
PCI standard PCI-to-PCI bridge
Broadcom NetXtreme 57xx Gigabit Controller
Standaard Dual Channel PCI IDE Controller
Secundair IDE-kanaal
Primair IDE-kanaal
ST980813ASG
Standard OpenHCD USB Host-controller
USB-hoofdhub
USB-HID
HID-compliant muis
Standard OpenHCD USB Host-controller
USB-hoofdhub
Standard OpenHCD USB Host-controller
USB-hoofdhub
Generic USB Hub
O2Micro OZ776 USB CCID Smartcard Reader
Standard OpenHCD USB Host-controller
USB-hoofdhub
Dell Wireless 360 Bluetooth Module
Bluetooth RFBUS
Bluetooth RFHID
Bluetooth RFBNEP
Bluetooth Personal Area Network
Standard OpenHCD USB Host-controller
USB-hoofdhub
Standard Enhanced PCI naar USB-hostcontroller
USB-hoofdhub
Generic USB Hub
Ondersteuning voor USB-afdrukken
Samsung ML-3470 Series
USB-apparaat voor massaopslag
USB Device
Algemeen volume
Samengesteld USB-apparaat
USB-audioapparaat
USB-HID
HID-compliant besturingsapparaat van gebruikers
Standaard Dual Channel PCI IDE Controller
Secundair IDE-kanaal
Primair IDE-kanaal
SONY CDRWDVD CRX880A
Microsoft UAA Bus Driver for High Definition Audio
SigmaTel High Definition Audio CODEC
Conexant HDA D330 MDC V.92 Modem
PCI standard ISA bridge
ISAPNP Read Data-poort
PS/2-compatibele muis
Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
Systeem-CMOS/Real-timeklok
Systeemtimer
Systeemluidspreker
Systeemkaart
Controller voor directe geheugentoegang
Numerieke-gegevensprocessor
Gebeurtenistimer met hoge precisie
Communicatiepoort (COM1)
Systeemkaart
ECP-printerpoort (LPT1)
Printer Poort logische interface
PCI standard PCI-to-PCI bridge
Algemene CardBus Controller
Basisstation
OHCI Compliant IEEE 1394 Host Controller
1394-netwerkkaart #2
Diensten
Opgestart Application Layer Gateway-service
Opgestart Ati HotKey Poller
Opgestart COM+-gebeurtenissysteem
Opgestart Computer Browser
Opgestart Connected Agent Service
Opgestart CryptSvc
Opgestart DCOM Server Process Launcher
Opgestart DHCP Client
Opgestart DNS Client
Opgestart Event Log
Opgestart Help en ondersteuning
Opgestart HID Input Service
Opgestart IBM Enterprise Extender (IPv4)
Opgestart IBM Enterprise Extender (IPv6)
Opgestart IBM Traceerfunctie
Opgestart Intelligente achtergrondsoverdrachtservice
Opgestart iolo FileInfoList Service
Opgestart iolo System Service
Opgestart Java Quick Starter
Opgestart Juniper Network Connect Service
Opgestart Lotus Notes Diagnostische Service
Opgestart Lotus Notes Single Logon
Opgestart Machine Debug Manager
Opgestart MBAMService
Opgestart McAfee Engine Service
Opgestart McAfee Framework Service
Opgestart McAfee McShield
Opgestart McAfee Task Manager
Opgestart McAfee Validation Trust Protection Service
Opgestart Multi-user Cleanup Service
Opgestart MVA-Team Service
Opgestart Net Logon
Opgestart Network Connections
Opgestart Network Location Awareness (NLA)
Opgestart NICCONFIGSVC
Opgestart Plug and Play
Opgestart Print Spooler
Opgestart Protected Storage
Opgestart Remote Procedure Call (RPC)
Opgestart Secondary Logon
Opgestart Security Accounts Manager
Opgestart Server
Opgestart Service voor het rapporteren van fouten
Opgestart Shell Hardware Detection
Opgestart SigmaTel Audio Service
Opgestart Smart Card
Opgestart SMS Agent Host
Opgestart SMS Remote Control Agent
Opgestart SSDP Discovery-service
Opgestart System Event Notification
Opgestart Task Scheduler
Opgestart TCP/IP NetBIOS Helper
Opgestart Telephony
Opgestart Terminal Services
Opgestart Thema's
Opgestart TOSHIBA Bluetooth Service
Opgestart Verbindingsbeheer voor RAS
Opgestart VNC Server
Opgestart Windows Audio
Opgestart Windows Driver Foundation - User-mode Driver Framework
Opgestart Windows Firewall (WF) / Internet-verbinding delen (ICS)
Opgestart Windows Image Acquisition (WIA)
Opgestart Windows Management Instrumentation
Opgestart Windows Search
Opgestart Wireless Zero Configuration-service
Opgestart Workstation
Gestopt .NET Runtime Optimization Service v2.0.50727_X86
Gestopt Alerter
Gestopt Application Management
Gestopt AppnNode
Gestopt ASP.NET-statusservice
Gestopt Automatic Updates
Gestopt ClipBook
Gestopt COM+-systeemtoepassing
Gestopt COM-service voor IMAPI cd-branders
Gestopt Compatibiliteit voor Snelle gebruikerswisseling
Gestopt Delen van Extern bureaublad met NetMeeting
Gestopt Distributed Link Tracking Client
Gestopt Distributed Transaction Coordinator
Gestopt Extensible Authentication Protocol-service
Gestopt Google Update-service (gupdatem)
Gestopt Google Updater Service
Gestopt Google Updateservice (gupdate)
Gestopt Google Updateservice (gupdate1c9c883e3eb492)
Gestopt Health Key and Certificate Management-service
Gestopt Helpsessiebeheer voor Extern bureaublad
Gestopt HTTP SSL
Gestopt Indexing-service
Gestopt InstallDriver Table Manager
Gestopt IPSEC-services
Gestopt Logical Disk Manager
Gestopt Logical Disk Manager Administrative-service
Gestopt Messenger
Gestopt Microsoft Automated Troubleshooting Service
Gestopt Microsoft Office Diagnostics Service
Gestopt Microsoft Office Groove Audit Service
Gestopt MS Software Shadow Copy Provider
Gestopt NAP-agent (Network Access Protection)
Gestopt Net.Tcp service voor het delen van poorten
Gestopt Network DDE
Gestopt Network DDE DSDM
Gestopt Network Provisioning Service
Gestopt NT LM Security Support Provider
Gestopt Office Source Engine
Gestopt Performance Logs and Alerts
Gestopt Pml Driver HPZ12
Gestopt PuranDefrag
Gestopt QoS RSVP
Gestopt Remote Access Auto Connection Manager
Gestopt Remote Procedure Call (RPC) Locator
Gestopt Remote Registry
Gestopt Routing and Remote Access
Gestopt Sb2.Printer
Gestopt Security Center
Gestopt Serienummerservice voor draagbare media
Gestopt System Restore-service
Gestopt Telnet
Gestopt Uitbreidingen van het stuurprogramma voor Windows Management Instrumentation
Gestopt Uninterruptible Power Supply
Gestopt Universele Plug en Play-apparaathost
Gestopt Verwisselbare opslag
Gestopt Volume Shadow Copy
Gestopt WebClient
Gestopt Windows CardSpace
Gestopt Windows Installer
Gestopt Windows Media Player Network Sharing-service
Gestopt Windows Presentation Foundation Font Cache 3.0.0.0
Gestopt Wired AutoConfig
Gestopt WMI-prestatieadapter
Processor
AMD Turion 64 X2 Mobile TL-56
Cores 2
Threads 2
Naam AMD Turion 64 X2 Mobile TL-56
Codenaam Tyler
Package Socket S1 (638)
Technologie 65nm
Specificatie AMD Turion 64 X2 Mobile Technology TL-56
Familie F
Uitgebreide familie F
Model 8
Uitgebreid Model 68
Stepping 2
Instructies MMX (+), 3DNow! (+), SSE, SSE2, SSE3, AMD 64
Virtualisatie Ondersteund, Uitgeschakeld
Hyperthreading Not supported
Bussnelheid 199.5 MHZ
Rated bussnelheid 798.1 MHZ
Stock Core snelheid 1800 MHZ
Stock Bus Snelheid 200 MHZ
Gemiddelde Temperatuur 52 °C
Caches
L1 Data Cachegrootte 2 x 64 KBytes
L1 Instructies Cachegrootte 2 x 64 KBytes
L2 Unified Cachegrootte 2 x 512 KBytes
Core 0
Coresnelheid 1795.4 MHZ
Multiplier x 9.0
Bussnelheid 199.5 MHZ
Rated bussnelheid 798.1 MHZ
Temperatuur 52 °C
Thread 1
APIC ID 0
Core 1
Coresnelheid 1795.4 MHZ
Multiplier x 9.0
Bussnelheid 199.5 MHZ
Rated bussnelheid 798.1 MHZ
Temperatuur 53 °C
Thread 1
APIC ID 1
RAM
Geheugenslots
Totaal geheugenslots 2
Gebruikte geheugenslots 2
Vrije geheugenslots 0
Geheugen
Type DDR2
Grootte 3072 MBytes
Kanalen # Single
DRAM Frequentie 299.3 MHZ
CAS# Latency (CL) 5 clocks
RAS# naar CAS# vertraging (tRCD) 5 clocks
RAS# Precharge (tRP) 5 clocks
Cyclustijd (tRAS) 15 clocks
Bank Cycle Time (tRC) 21 clocks
Command Rate (CR) 2T
Fysiek geheugen
Geheugengebruik 39 %
Fysiek totaal 2.87 GB
Fysiek beschikbaar 1.74 GB
Virtueel totaal 4.03 GB
Virtueel beschikbaar 2.91 GB
SPD
Aantal SPD modules 2
Slot #1
Type DDR2
Grootte 2048 MBytes
Fabrikant Hyundai Electronics
Maximale bandbreedte PC2-6400 (400 MHZ)
Onderdeel nummer HYMP125S64CP8-S6
Serial nummer 4661061F
Week/jaar 28 / 09
SPD Ext. EPP
JEDEC #3
Frequentie 400.0 MHZ
CAS# vertraging 6.0
RAS# naar CAS# 6
RAS# voorladen 6
tRAS 18
tRC 24
Spanning 1.800 V
JEDEC #2
Frequentie 333.3 MHZ
CAS# vertraging 5.0
RAS# naar CAS# 6
RAS# voorladen 6
tRAS 16
tRC 21
Spanning 1.800 V
JEDEC #1
Frequentie 266.7 MHZ
CAS# vertraging 4.0
RAS# naar CAS# 4
RAS# voorladen 4
tRAS 12
tRC 16
Spanning 1.800 V
Slot #2
Type DDR2
Grootte 1024 MBytes
Fabrikant Samsung
Maximale bandbreedte PC2-5300 (333 MHZ)
Onderdeel nummer M4 70T2864QZ3-CE6
Serial nummer 762DD666
Week/jaar 05 / 08
SPD Ext. EPP
JEDEC #3
Frequentie 333.3 MHZ
CAS# vertraging 5.0
RAS# naar CAS# 6
RAS# voorladen 6
tRAS 16
tRC 21
Spanning 1.800 V
JEDEC #2
Frequentie 266.7 MHZ
CAS# vertraging 4.0
RAS# naar CAS# 4
RAS# voorladen 4
tRAS 12
tRC 16
Spanning 1.800 V
JEDEC #1
Frequentie 200.0 MHZ
CAS# vertraging 3.0
RAS# naar CAS# 3
RAS# voorladen 3
tRAS 9
tRC 12
Spanning 1.800 V
Moederbord
Fabrikant Dell Inc.
Model 0PM233 (Microprocessor)
Chipset verkoper ATI
Chipset model RS690/RS690M
Chipset herziening 00
Southbridge verkoper ATI
Southbridge model SB600
Southbridge herziening 00
Systeem temperatuur 62 °C
BIOS
Merk Dell Inc.
Versie A04
Datum 01/14/2008
PCI data
Slot ONBEKEND
Slot type ONBEKEND
Slot gebruik Beschikbaar
Bus breedte 32 bit
Slot benaming PCMCIA 0
Slot nummer 0
Graphics
Monitor
Naam Standaardbeeldscherm op ATI Radeon X1270
Huidige resolutie 1280x800 pixels
Werkresolutie 1280x766 pixels
Status ingeschakeld, primaire
Monitorbreedte 1280
Monitorhoogte 800
Monitor Bpp 32 bits per pixel
Monitorfrequentie 60 Hz
Apparaat \\.\DISPLAY1\Monitor0
ATI video
GPU RS690M
Apparaat ID 1002-791F
Subvendor Dell (1028)
Huidig prestatieniveau Level 1
'Die' grootte 49 nm²
Releasedatum Feb 28, 2007
DirextX ondersteuning 9.0b
DirectX shader model 2.0
OpenGL ondersteuning 2.0
Bios core clock 400.00
Bios memory clock 400.00
Stuurprogramma ati2mtag.sys
Versie stuurprogramma 6.14.10.6666
ROPs 4
Shaders Vertex 4/Pixel 4
Type geheugen System
Aantal prestatieniveau's: 1
Level 1
OpenGL
Version 2.0.6347 WinXP Release
Vendor ATI Technologies Inc.
Renderer ATI Radeon X1270 x86/MMX/3DNow!/SSE2
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL_MAX_LIGHTS 8
GL_MAX_TEXTURE_SIZE 2048
GL_MAX_TEXTURE_STACK_DEPTH 10
GL Extensions
GL_ARB_multitexture
GL_EXT_texture_env_add
GL_EXT_compiled_vertex_array
GL_S3_s3tc
GL_ARB_depth_texture
GL_ARB_fragment_program
GL_ARB_fragment_program_shadow
GL_ARB_fragment_shader
GL_ARB_multisample
GL_ARB_occlusion_query
GL_ARB_point_parameters
GL_ARB_point_sprite
GL_ARB_shader_objects
GL_ARB_shading_language_100
GL_ARB_shadow
GL_ARB_shadow_ambient
GL_ARB_texture_border_clamp
GL_ARB_texture_compression
GL_ARB_texture_cube_map
GL_ARB_texture_env_add
GL_ARB_texture_env_combine
GL_ARB_texture_env_crossbar
GL_ARB_texture_env_dot3
GL_ARB_texture_float
GL_ARB_texture_mirrored_repeat
GL_ARB_texture_rectangle
GL_ARB_transpose_matrix
GL_ARB_vertex_blend
GL_ARB_vertex_buffer_object
GL_ARB_pixel_buffer_object
GL_ARB_vertex_program
GL_ARB_vertex_shader
GL_ARB_window_pos
GL_ARB_draw_buffers
GL_ATI_draw_buffers
GL_ATI_envmap_bumpmap
GL_ATI_fragment_shader
GL_ATI_separate_stencil
GL_ATI_shader_texture_lod
GL_ATI_texture_env_combine3
GL_ATI_texture_float
GL_ATI_texture_mirror_once
GL_ATI_vertex_streams
GL_ATIX_texture_env_combine3
GL_ATIX_texture_env_route
GL_ATIX_vertex_shader_output_point_size
GL_EXT_abgr
GL_EXT_bgra
GL_EXT_blend_color
GL_EXT_blend_func_separate
GL_EXT_blend_minmax
GL_EXT_blend_subtract
GL_EXT_clip_volume_hint
GL_EXT_draw_range_elements
GL_EXT_fog_coord
GL_EXT_framebuffer_object
GL_EXT_multi_draw_arrays
GL_EXT_packed_pixels
GL_EXT_point_parameters
GL_EXT_rescale_normal
GL_EXT_secondary_color
GL_EXT_separate_specular_color
GL_EXT_shadow_funcs
GL_EXT_stencil_wrap
GL_EXT_texgen_reflection
GL_EXT_texture3D
GL_EXT_texture_compression_s3tc
GL_EXT_texture_cube_map
GL_EXT_texture_edge_clamp
GL_EXT_texture_env_combine
GL_EXT_texture_env_dot3
GL_EXT_texture_filter_anisotropic
GL_EXT_texture_lod_bias
GL_EXT_texture_mirror_clamp
GL_EXT_texture_object
GL_EXT_texture_rectangle
GL_EXT_vertex_array
GL_EXT_vertex_shader
GL_HP_occlusion_test
GL_NV_blend_square
GL_NV_occlusion_query
GL_NV_texgen_reflection
GL_SGI_color_matrix
GL_SGIS_generate_mipmap
GL_SGIS_multitexture
GL_SGIS_texture_border_clamp
GL_SGIS_texture_edge_clamp
GL_SGIS_texture_lod
GL_SUN_multi_draw_arrays
GL_WIN_swap_hint
WGL_EXT_extensions_string
WGL_EXT_swap_control
GLU Extensions
GL_EXT_bgra
Harde schijven
ST980813ASG
Fabrikant Seagate
Vorm factor 2.5"
Heads 16
Cylinders 16383
SATA type SATA-II 3.0Gb/s
Apparaat type Vast
ATA standaard ATA/ATAPI-7
LBA grootte 48-bit LBA
Inschakelen op tel 4485 keren
Inschakelen op tijd 285.8 days
Functies S.M.A.R.T., APM, AAM, NCQ
Overdrachtsmodus SATA II
Interface SATA
Capaciteit 78GB
Ware grootte 80.026.361.856 bytes
RAID Type None
S.M.A.R.T.
01 Lees foutenpercentage 100 (253ergste) Data 0000000000
03 Spin-up tijd 099 (099) Data 0000000000
04 Start/stop aantal 096 (096) Data 000000120B
05 Herverdeelde sectoren aantal 100 (100) Data 0000000000
07 Zoek foutenpercentage 087 (060) Data 001C754427
09 Power-on uren (POH) 093 (093) Data 0000001ACB
0A Spin opnieuw tellen 100 (100) Data 0000000000
0C Apparaat vermogings cyclus aantal 096 (096) Data 0000001185
BB Gerapporteerde oncorigeerbare fouten 001 (001) Data 000000C9BD
BD High Fly Writes (WDC) 100 (100) Data 0000000000
BE Verschil in temperatuur van 100 070 (039) Data 001E11001E
BF G-sense foutenpercentage 100 (100) Data 0000000001
C0 Power-off Retract aantal 099 (099) Data 0000000AAA
C1 Laden/lossen cyclus aantal 095 (095) Data 00000029FF
C2 Temperatuur 030 (061) Data 000000001E
C3 Hardware ECC hersteld 060 (056) Data 00003FA5B2
C5 Huidige afwachting aantal sectoren 100 (100) Data 0000000002
C6 Oncorrigeerbaar aantal sectoren 100 (100) Data 0000000002
C7 UltraDMA CRC Error aantal 200 (200) Data 0000000003
C8 Schrijf foutenpercentage / Multi-zone foutenpercentage 100 (253) Data 0000000000
CA Gegevens adresmarkering fouten 100 (253) Data 0000000000
F0 Hoofd vlieguren 000 (000) Data 0000001AE9
F1 Totaal aantal LBA's geschreven 000 (000) Data 0094FBA861
F2 Totaal aantal LBA's gelezen 000 (000) Data 000039C162
FE Vrije val bescherming 001 (001) Data 000000009D
Temperatuur 31 °C
Temperatuur omvang OK (minder dan 50 °C)
Status Goed
Partitie 0
Partitie ID Disk #0, Partition #0
Schijfletter C:
Bestandssysteem NTFS
Volume serienummer 04D40BB2
Grootte 39.1GB
Gebruikte ruimte 18.9GB (49%)
Vrije ruimte 20.3GB (51%)
Partitie 1
Partitie ID Disk #0, Partition #1
Schijfletter D:
Bestandssysteem NTFS
Volume serienummer B4D60A19
Grootte 35.4GB
Gebruikte ruimte 19.7GB (56%)
Vrije ruimte 15.7GB (44%)
Optische schijven
SONY CDRWDVD CRX880A
Media type CD-ROM
Naam SONY CDRWDVD CRX880A
Beschikbaarheid Werkend/Volle kracht
Mogelijkheden Random toegang, Ondersteunt verwijderbare media
Configuratiemanager error code Apparaat werkt correct
Configuratiemanager gebruikersconfiguratie VALS
Schijf E:
Geladen media VALS
SCSI bus 0
SCSI Logische eenheid 0
SCSI Poort 3
SCSI Target ID 0
Status OK
Audio
Geluidskaarten
USB-audioapparaat
SigmaTel High Definition Audio CODEC
Afspeelapparatuur
GN 4800 USB
SigmaTel Audio
Opname apparatuur
GN 4800 USB
SigmaTel Audio
Speaker configuratie
Speaker configuratie
Speaker type Stereo
Randapparatuur
Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
Apparaat soort Keyboard
Apparaat naam Standaardtoetsenbord (101/102 toetsen) of Microsoft Natural PS/2-toetsenbord
Locatie Op toetsenbordpoort aangesloten
Stuurprogramma
Datum 7-1-2001
Versie 5.1.2600.2180
Bestand C:\WINNT\system32\DRIVERS\i8042prt.sys
Bestand C:\WINNT\system32\DRIVERS\kbdclass.sys
SMS Virtual Keyboard
Apparaat soort Keyboard
Apparaat naam SMS Virtual Keyboard
Stuurprogramma
Datum 11-23-2005
Versie 2.50.4136.2000
Bestand C:\WINNT\system32\DRIVERS\kbstuff5.sys
PS/2-compatibele muis
Apparaat soort Muis
Apparaat naam PS/2-compatibele muis
Locatie Aangesloten op de PS/2-muispoort
Stuurprogramma
Datum 7-1-2001
Versie 5.1.2600.0
Bestand C:\WINNT\system32\DRIVERS\i8042prt.sys
Bestand C:\WINNT\system32\DRIVERS\mouclass.sys
HID-compliant muis
Apparaat soort Muis
Apparaat naam HID-compliant muis
Verkoper Onbekend
Locatie Locatie 0
Stuurprogramma
Datum 7-1-2001
Versie 5.1.2600.0
Bestand C:\WINNT\system32\DRIVERS\mouclass.sys
Bestand C:\WINNT\system32\DRIVERS\mouhid.sys
SMS Virtual Mouse
Apparaat soort Muis
Apparaat naam SMS Virtual Mouse
Stuurprogramma
Datum 11-23-2005
Versie 2.50.4136.2000
Bestand C:\WINNT\system32\DRIVERS\kbstuff5.sys
Samsung ML-3470 Series
Apparaat soort Printer
Apparaat naam Samsung ML-3470 Series
Locatie Ondersteuning voor USB-afdrukken
Stuurprogramma
Datum 7-4-2007
Versie 3.4.32.0
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347P.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdu.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppp.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu2.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Po.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcm.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Plf.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pum.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pum.xml
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcm.ctd
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppp.ver
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.ini
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pua.bmp
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pub.bmp
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pul.bmp
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu.bmp
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pu1.bmp
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pio.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pn.dll
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pab.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcp.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pct.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcz.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdn.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdt.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pen.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfi.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfn.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pgr.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phb.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phu.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pit.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pkr.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pnr.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppo.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pru.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psp.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psw.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ptk.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pel.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppt.dat
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pab.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcp.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pct.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pcz.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdn.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pdt.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pen.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfi.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pfn.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pgr.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phb.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Phu.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pit.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pkr.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pnr.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppo.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pru.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psp.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Psw.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ptk.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Pel.chm
Bestand C:\WINNT\System32\spool\DRIVERS\W32X86\samsungml_3470_serie1673\ml347Ppt.chm
Bestand C:\WINNT\system32\SecSNMP.dll
Bestand C:\WINNT\system32\ml347Pl3.dll
Bestand C:\WINNT\system32\ml347Pl3.smt
Bestand C:\WINNT\system32\ml347Pci.dll
Bestand C:\WINNT\system32\ml347Pci.exe
Bestand C:\WINNT\System32\spool\PRTPROCS\W32X86\ml347Ppc.dll
USB-audioapparaat
Apparaat soort Audio apparaat
Apparaat naam USB-audioapparaat
Verkoper Onbekend
Locatie GN 4800 USB (Locatie 0)
Stuurprogramma
Datum 7-1-2001
Versie 5.1.2535.0
Bestand C:\WINNT\system32\drivers\USBAUDIO.sys
Bestand C:\WINNT\system32\drivers\drmk.sys
Bestand C:\WINNT\system32\drivers\portcls.sys
Bestand C:\WINNT\system32\drivers\stream.sys
Bestand C:\WINNT\system32\wdmaud.drv
Bestand C:\WINNT\system32\ksuser.dll
Schijfstation
Apparaat soort USB opslag
Apparaat naam Schijfstation
Opmerking USB Device
Locatie Locatie 0
Stuurprogramma
Datum 7-1-2001
Versie 5.1.2535.0
Bestand C:\WINNT\system32\DRIVERS\disk.sys
Printers
\\fngsvfps01\Danka B13 a
Gedeelde naam DankaB13
Printer poort IP_10.11.13.20
Print processor WinPrint
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 600 * 600 dpi Zwart-wit
Status Onbekend
Driver
Driver naam infotec IS 2145 PCL 6 (v3.010)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\INF634K.DLL
Adobe PDF
Printer poort Mijn documenten\*.pdf
Print processor WinPrint
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 1200 * 1200 dpi Kleur
Status Onbekend
Driver
Driver naam Adobe PDF Converter (v6.00)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
Brother HL-3040CN series
Printer poort IP_10.10.15.48
Print processor WinPrint
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 600 * 600 dpi Kleur
Status Onbekend
Driver
Driver naam Brother HL-3040CN series (v1.05)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\BROCH08A.DLL
Canon iP100 draagbare printer
Printer poort USB001
Print processor Canon iP100 series Print Processor
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 4294967293 dpi Kleur
Status Onbekend
Driver
Driver naam Canon iP100 series (v12.04)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\CNMDR8F.DLL
Canon iP4300
Printer poort USB004
Print processor Canon iP4300 Print Processor
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 4294967293 dpi Kleur
Status Onbekend
Driver
Driver naam Canon iP4300 (v12.02)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\CNMDR86.DLL
Microsoft Office Document Image Writer
Printer poort Microsoft Document Imaging Writer Port:
Print processor ModiPrint
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 200 * 200 dpi Zwart-wit
Status Onbekend
Driver
Driver naam Microsoft Office Document Image Writer Driver (v4.00)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\mdigraph.dll
Microsoft XPS Document Writer
Printer poort XPSPort:
Print processor WinPrint
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 600 * 600 dpi Kleur
Status Onbekend
Driver
Driver naam Microsoft XPS Document Writer (v6.00)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Samsung ML-3470 AI (10.11.13.95)
Printer poort IP_10.11.13.31
Print processor WinPrint
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 600 * 600 dpi Zwart-wit
Status Onbekend
Driver
Driver naam Samsung ML-3470 Series PS (v6.00)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL
Samsung ML-3470 PDB (Standaardprinter )
Printer poort USB002
Print processor ml347PPC
Beschikbaarheid Altijd
Prioriteit 1
Dubbelzijdig Geen
Print kwaliteit 600 * 600 dpi Kleur
Status Onbekend
Driver
Driver naam Samsung ML-3470 Series (v4.00)
Driver pad C:\WINNT\System32\spool\DRIVERS\W32X86\3\ml347P.dll
Netwerk
U bent niet verbonden met het internet
Computer naam
NetBIOS naam G176L3J
DNS naam G176L3J.finbel.intra
Domeinnaam
Remote desktop
Console
Staat Actief
Domein FINBEL
WinInet info
LAN-verbinding
Het lokale systeem maakt gebruik van een local area network (LAN) om verbinding te maken met het internet
Het lokale systeem heeft RAS om verbinding te maken met het internet
Wi-Fi info
U gebruikt de oorspronkelijke Wi-Fi API versie 1
Aantal beschikbare access points 1
Wi-Fi ()
SSID
Naam
Signaal sterkte/kwaliteit 60
Beveiliging Uitgeschakeld
Staat De interface is niet verbonden met een netwerk
Dot11 type Onafhankelijk BSS (IBSS) netwerk
Netwerk Aansluitbaar
Netwerk Flags Er is een profiel voor dit netwerk
Een cijfer coderingssysteem moet worden gebruikt om te verbinden met dit netwerk Geen versleutelingssysteem ingeschakeld / ondersteund
Standaard authenticatie wordt gebruikt om voor de eerste keer met dit netwerk te verbinden IEEE 8020.11 Open System authenticatie versleuteling
WinHTTPInfo
WinHTTPSessionProxyType Geen proxt
Session Proxy
Session Proxy omzeiling
Aansluitpogingen 5
Aansluit time-out 60000
HTTP versie HTTP 1.1
Maximale connecties per 1.0 servers ONEINDIG
Maximale connecties per servers ONEINDIG
Maximale HTTP automatische doorverwijzingen 10
Maximale HTTP status verdergaan 10
Verzend time-out 30000
IEProxy automatische detectie Ja
IEProxy automatische configuratie http://intranet/proxy.pac
IEProxy
IEProxy omzeiling
Standaard proxy configuratie toegang type Geen proxt
Standaard configuratie proxy
Standaard configuratie proxy omzeiling
Adapterlijst
Juniper Network Connect Virtual Adapter - Pakketplanner-minipoort
IP adres 0.0.0.0
Subnet mask 0.0.0.0
Bluetooth Personal Area Network - Pakketplanner-minipoort
IP adres 0.0.0.0
Subnet mask 0.0.0.0
Dell draadloze 1390 WLAN Mini-kaart - Pakketplanner-minipoort
IP adres 0.0.0.0
Subnet mask 0.0.0.0
Broadcom NetXtreme 57xx Gigabit Controller - Pakketplanner-minipoort
IP adres 10.11.13.57
Subnet mask 255.255.255.0
Gateway server 10.11.13.1
Netwerk delen
No network shares
-
Hallo,
hier ben ik terug. De topic was nog niet afgesloten, maar na het uitvoeren van alle hogervermelde stappen, blijft de laptop tergend traag. Klikken op mappen, bestanden, browsers, .... Het duurt makkelijk 5 tot 10 seconden eer de laptop reageert. soms gaat het wel vlot; soms bevriest de laptop midden in een actie. Precies of de laptop het gevraagde niet meer kan verwerken. Deze toestand is echt niet meer werkbaar; frustraties:thumpdown: alom. Kunnen jullie nog eens depanneren ?
-
hierbij het logje:
ComboFix 11-12-20.04 - pgadebac 20/12/2011 18:05:36.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2214 [GMT 1:00]
Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-20 to 2011-12-20 ))))))))))))))))))))))))))))))
.
.
2011-12-20 08:31 . 2011-12-20 08:31 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits
2011-12-19 15:09 . 2011-12-20 14:56 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend
2011-12-16 07:37 . 2011-12-16 07:37 -------- d-----w- d:\documents and settings\All Users\Application Data\A-PDF
2011-12-16 07:37 . 2011-12-16 10:58 -------- d-----w- c:\program files\A-PDF To Excel
2011-12-15 10:50 . 2011-12-15 10:50 -------- d-----w- c:\program files\Speccy
2011-12-03 09:21 . 2011-12-03 09:21 -------- d-----w- c:\program files\ToniArts
2011-12-03 09:08 . 2011-12-03 09:08 -------- d-----w- d:\documents and settings\pgadebac\Application Data\JAM Software
2011-12-03 09:07 . 2011-12-03 09:07 -------- d-----w- c:\program files\JAM Software
2011-12-02 14:22 . 2011-12-02 14:22 -------- d-----w- d:\documents and settings\pgadebac\Application Data\f-secure
2011-12-02 13:50 . 2009-06-30 09:37 28552 ----a-w- c:\winnt\system32\drivers\pavboot.sys
2011-12-02 13:43 . 2011-12-02 13:43 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Sun
2011-12-02 13:31 . 2011-12-18 09:45 -------- d-----w- d:\documents and settings\pgadebac\Application Data\QuickScan
2011-11-22 09:37 . 2011-11-22 09:58 -------- d-----w- d:\documents and settings\All Users\Application Data\JetFlash220x
2011-11-22 08:31 . 2011-11-22 09:35 -------- d-----w- d:\documents and settings\pgadebac\ARIS71
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 13:41 . 2008-10-01 18:03 128000 ----a-w- c:\winnt\system32\javacpl.cpl
2011-12-02 13:41 . 2011-05-11 13:11 544656 ----a-w- c:\winnt\system32\deployJava1.dll
2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-19_17.58.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-20 16:52 . 2011-12-20 16:52 16384 c:\winnt\Temp\Perflib_Perfdata_138.dat
+ 2011-10-04 09:02 . 2011-12-20 14:15 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2011-10-04 09:02 . 2011-12-19 14:35 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2011-10-04 09:02 . 2011-12-20 14:15 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2011-10-04 09:02 . 2011-12-19 14:35 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2011-10-04 09:02 . 2011-12-19 14:35 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-10-04 09:02 . 2011-12-20 14:15 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2011-08-16 08:55 . 2011-12-19 14:35 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2011-08-16 08:55 . 2011-12-20 14:15 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2011-10-04 09:02 . 2011-12-19 14:35 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2011-10-04 09:02 . 2011-12-20 14:15 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2011-08-16 08:55 . 2011-12-19 14:35 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-08-16 08:55 . 2011-12-20 14:15 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-10-04 09:02 . 2011-12-20 14:15 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-10-04 09:02 . 2011-12-19 14:35 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-08-16 08:55 . 2011-12-20 14:15 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2011-08-16 08:55 . 2011-12-19 14:35 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2011-08-16 08:55 . 2011-12-20 14:15 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2011-08-16 08:55 . 2011-12-19 14:35 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2011-08-16 08:55 . 2011-12-19 14:35 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-08-16 08:55 . 2011-12-20 14:15 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-10-04 09:02 . 2011-12-20 14:15 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-10-04 09:02 . 2011-12-19 14:35 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-08-16 08:55 . 2011-12-19 14:35 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-08-16 08:55 . 2011-12-20 14:15 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2011-08-16 08:55 . 2011-12-19 14:35 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-08-16 08:55 . 2011-12-20 14:15 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]
.
d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]
.
d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]
"Script"=deontologieLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]
backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
backup=c:\winnt\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]
2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807]
2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]
2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=
"c:\\WINNT\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2/12/2011 14:50 28552]
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696]
R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656]
R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016]
R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216]
S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]
S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536]
S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-20 c:\winnt\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]
.
2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-12-05 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
2011-12-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://intranet/index.php?page=&langue=nl
uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: intranet
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: network.proxy.http - http://intranet/proxy.pac
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 2
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-20 18:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\pcsinst.dll
.
- - - - - - - > 'explorer.exe'(1888)
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Voltooingstijd: 2011-12-20 18:28:49
ComboFix-quarantined-files.txt 2011-12-20 17:28
ComboFix2.txt 2011-12-19 18:04
.
Pre-Run: 21.031.587.840 bytes beschikbaar
Post-Run: 21.008.269.312 bytes beschikbaar
.
- - End Of File - - 326AF83DE09AE1E6DA81DE873DA49D11
-
hierbij het logje :
ComboFix 11-12-19.01 - pgadebac 19/12/2011 18:43:12.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2212 [GMT 1:00]
Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-19 to 2011-12-19 ))))))))))))))))))))))))))))))
.
.
2011-12-19 15:09 . 2011-12-19 17:28 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend
2011-12-19 08:24 . 2011-12-19 08:24 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits
2011-12-16 07:37 . 2011-12-16 07:37 -------- d-----w- d:\documents and settings\All Users\Application Data\A-PDF
2011-12-16 07:37 . 2011-12-16 10:58 -------- d-----w- c:\program files\A-PDF To Excel
2011-12-15 10:50 . 2011-12-15 10:50 -------- d-----w- c:\program files\Speccy
2011-12-03 09:21 . 2011-12-03 09:21 -------- d-----w- c:\program files\ToniArts
2011-12-03 09:08 . 2011-12-03 09:08 -------- d-----w- d:\documents and settings\pgadebac\Application Data\JAM Software
2011-12-03 09:07 . 2011-12-03 09:07 -------- d-----w- c:\program files\JAM Software
2011-12-02 14:22 . 2011-12-02 14:22 -------- d-----w- d:\documents and settings\pgadebac\Application Data\f-secure
2011-12-02 13:50 . 2009-06-30 09:37 28552 ----a-w- c:\winnt\system32\drivers\pavboot.sys
2011-12-02 13:43 . 2011-12-02 13:43 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Sun
2011-12-02 13:31 . 2011-12-18 09:45 -------- d-----w- d:\documents and settings\pgadebac\Application Data\QuickScan
2011-11-22 09:37 . 2011-11-22 09:58 -------- d-----w- d:\documents and settings\All Users\Application Data\JetFlash220x
2011-11-22 08:31 . 2011-11-22 09:35 -------- d-----w- d:\documents and settings\pgadebac\ARIS71
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-02 13:41 . 2008-10-01 18:03 128000 ----a-w- c:\winnt\system32\javacpl.cpl
2011-12-02 13:41 . 2011-05-11 13:11 544656 ----a-w- c:\winnt\system32\deployJava1.dll
2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]
.
d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]
.
d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]
"Script"=deontologieLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]
backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
backup=c:\winnt\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]
2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807]
2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]
2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 12:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=
"c:\\WINNT\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 pavboot;pavboot;c:\winnt\system32\drivers\pavboot.sys [2/12/2011 14:50 28552]
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696]
R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656]
R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016]
R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216]
S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]
S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536]
S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-12-19 c:\winnt\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]
.
2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-12-05 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-12-16 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
2011-12-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://intranet/index.php?page=&langue=nl
uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: intranet
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: network.proxy.http - http://intranet/proxy.pac
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 2
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-12-19 18:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1476)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\pcsinst.dll
.
- - - - - - - > 'explorer.exe'(3548)
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Voltooingstijd: 2011-12-19 19:04:30
ComboFix-quarantined-files.txt 2011-12-19 18:04
.
Pre-Run: 20.756.639.744 bytes beschikbaar
Post-Run: 20.731.359.232 bytes beschikbaar
.
- - End Of File - - 5E4FA89FEC0AE1F3B5B4E2CB57831579
-
Heb niet de indruk dat er veel verbetering is .....
By the way, na (meermaals) uitvoeren van Fix Checked op O18 - Protocol: schmap-help - (no CLSID) - (no file) blijft deze regel toch opduiken in het logje.
Wanneer ik Bitdefender Quik Scan run (via Extensie in Google Chrome) krijg ik een waarschuwing dat de PC geïnfecteerd is, maar MBAM vindt blijkbaar niets !
QuickScan 32-bit v0.9.9.100
---------------------------
Datum van de analyse: Sun Dec 18 10:45:07 2011
ID van de machine: 4D40BB2
er is 1 geïnfecteerd bestand gedetecteerd!
------------------------------------------
C:\WINNT\system32\loglogon.exe --> Trojan.Generic.4980699
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Logon"
-
hierbij de logjes:
1- MBaM
Malwarebytes' Anti-Malware 1.51.2.1300
Databaseversie: 8384
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
17/12/2011 9:58:07
mbam-log-2011-12-17 (09-58-07).txt
Scantype: Snelle scan
Objecten gescand: 288587
Verstreken tijd: 9 minuut/minuten, 23 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 0
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
2- HiJackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:00:59, on 17/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mfevtps.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\WINNT\System32\srvany.exe
C:\WINNT\system32\mvaservice.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINNT\system32\Drivers\ldlcserv.exe
C:\WINNT\system32\Drivers\ldlcserv6.exe
C:\WINNT\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE
C:\Program Files\IBM\Lotus\Notes\NCDaemon.exe
C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
D:\Documents and Settings\pgadebac\Local Settings\Application Data\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Cisco Systems\Cisco IP Communicator\communicatork9.exe
C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.intranet
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra
O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe
O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe
O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 13643 bytes
-
Hallo,
hierbij Speccy-link:
http://speccy.piriform.com/results/ZB7TW3PwSa0mMt2ts87zCVf
logje HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:49:23, on 15/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mfevtps.exe
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\WINNT\System32\srvany.exe
C:\WINNT\system32\mvaservice.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINNT\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINNT\system32\CCM\CcmExec.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINNT\system32\Drivers\ldlcserv.exe
C:\WINNT\system32\Drivers\ldlcserv6.exe
C:\WINNT\stsystra.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Stickies\stickies.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE
C:\Program Files\IBM\Lotus\Notes\NCDaemon.exe
C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/index.php?page=&langue=nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://10.2.31.212/homenl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://intranet/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DWABrowserHlprObj Class - {2709D830-B643-4e72-9A1E-701CFFFCF30C} - C:\WINNT\system32\dwabho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Logon] C:\WINNT\system32\loglogon.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINNT\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINNT\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -update activex (User 'Default user')
O4 - Startup: Stickies.lnk = C:\Program Files\Stickies\stickies.exe
O4 - Global Startup: Adobe Acrobat Snelle start.lnk = ?
O4 - Global Startup: Taakbalkpictogram van Connected.LNK = C:\Program Files\Connected\CBSysTray.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINNT\system32\GPhotos.scr/200
O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Koppelingsdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Koppelingsdoel converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Selectie converteren naar bestaande PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.intranet
O15 - Trusted IP range: http://192.168.2.1
O15 - ESC Trusted IP range: http://192.168.2.1
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\Software\..\Telephony: DomainName = finbel.intra
O17 - HKLM\System\CCS\Services\Tcpip\..\{534DD674-1692-4B1B-A718-DAF433AFFF26}: Domain = finbel.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = finbel.intra
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = finbel.intra
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = finbel.intra
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = finbel.intra
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: AppnNode - IBM Corporation - C:\WINNT\system32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updateservice (gupdate1c9c883e3eb492) (gupdate1c9c883e3eb492) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: IBM Enterprise Extender (IPv4) (ldlcserv) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv.exe
O23 - Service: IBM Enterprise Extender (IPv6) (ldlcserv6) - IBM Corporation - C:\WINNT\system32\Drivers\ldlcserv6.exe
O23 - Service: Lotus Notes Diagnostische Service (Lotus Notes Diagnostics) - IBM - C:\Program Files\IBM\Lotus\Notes\nsd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINNT\system32\mfevtps.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: MVA-Team Service (mvaservice) - Unknown owner - C:\WINNT\System32\srvany.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Sb2.Printer - Sb2 - C:\WINNT\system32\Sb2.Printer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: IBM Traceerfunctie (TrcBoot) - IBM Corporation - C:\WINNT\system32\Drivers\trcboot.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
--
End of file - 13639 bytes
-
Hallo,
hier ben ik terug.
Ik heb recent weer nogal wat problemen. Het toestel 'bevriest' gemakkelijk 10 tot 15 seconden tijdens het werken. Dit kan bvb. gebeuren bij het openen van een Word-bestand, openen tabblad browser, ....
Een volledig scan met Malwarebytes levert niets op. McAfee heeft Generic.dx!bb3r gedetecteerd en in quarantaine geplaatst.
-
Heb de indruk dat het toestel vlotter draait.
-
Sorry voor het wel heel laattijdige antwoord. Hierbij het logje:
ComboFix 11-11-14.03 - pgadebac 15/11/2011 7:50.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2329 [GMT 1:00]
Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Nieuw herstelpunt werd aangemaakt
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\winnt\system32\PowerToyReadme.htm
d:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-10-15 to 2011-11-15 ))))))))))))))))))))))))))))))
.
.
2011-11-14 14:54 . 2011-11-15 06:45 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend
2011-11-14 14:26 . 2011-11-14 14:26 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits
2011-10-28 13:08 . 2011-04-12 20:41 406896 ----a-w- c:\winnt\system32\dsNcSmartCardProv.dll
2011-10-28 13:08 . 2011-04-12 20:41 361840 ----a-w- c:\winnt\system32\dsNcCredProv.dll
2011-10-24 13:46 . 2011-10-24 13:46 -------- d-----w- d:\documents and settings\pgadebac\Application Data\Foxit Software
2011-10-21 07:24 . 2010-06-19 06:30 14848 ----a-w- c:\winnt\system32\drivers\InputFilter_FlexDef2b.sys
2011-10-21 07:23 . 2011-10-21 07:24 -------- d-----w- c:\program files\SilverCrest OMC807 Driver
2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software
2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 14:55 . 2009-02-08 14:16 41272 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-03 04:06 . 2011-05-11 13:11 472808 ----a-w- c:\winnt\system32\deployJava1.dll
2011-10-03 01:37 . 2008-10-01 18:03 73728 ----a-w- c:\winnt\system32\javacpl.cpl
2011-08-31 16:00 . 2009-02-08 14:16 22216 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-21_06.06.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-15 06:22 . 2011-11-15 06:22 16384 c:\winnt\Temp\Perflib_Perfdata_72c.dat
- 2004-08-04 12:00 . 2011-08-27 11:18 87088 c:\winnt\system32\perfc009.dat
+ 2004-08-04 12:00 . 2011-11-15 06:26 87088 c:\winnt\system32\perfc009.dat
+ 2011-04-12 20:10 . 2011-04-12 20:10 26624 c:\winnt\system32\drivers\dsNcAdpt.sys
- 2009-03-27 02:41 . 2010-02-19 00:07 26624 c:\winnt\system32\drivers\dsNcAdpt.sys
+ 2011-10-04 09:02 . 2011-11-14 14:49 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2011-10-04 09:02 . 2011-10-20 11:03 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2011-10-04 09:02 . 2011-10-20 11:02 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2011-10-04 09:02 . 2011-11-14 14:49 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2011-10-04 09:02 . 2011-11-14 14:49 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2011-10-04 09:02 . 2011-10-20 11:03 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-08-16 08:55 . 2011-11-14 14:49 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2011-10-04 09:02 . 2011-11-14 14:49 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2011-10-04 09:02 . 2011-10-20 11:02 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2011-08-16 08:55 . 2011-11-14 14:49 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2011-10-04 09:02 . 2011-10-20 11:03 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-10-04 09:02 . 2011-11-14 14:49 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2004-08-04 12:00 . 2011-11-15 06:26 554110 c:\winnt\system32\perfh013.dat
- 2004-08-04 12:00 . 2011-08-27 11:18 554110 c:\winnt\system32\perfh013.dat
- 2004-08-04 12:00 . 2011-08-27 11:18 480484 c:\winnt\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-11-15 06:26 480484 c:\winnt\system32\perfh009.dat
+ 2004-08-04 12:00 . 2011-11-15 06:26 111184 c:\winnt\system32\perfc013.dat
- 2004-08-04 12:00 . 2011-08-27 11:18 111184 c:\winnt\system32\perfc013.dat
+ 2011-11-07 07:10 . 2011-10-03 04:06 157472 c:\winnt\system32\javaws.exe
- 2011-05-11 13:11 . 2011-05-11 13:11 157472 c:\winnt\system32\javaws.exe
+ 2011-11-07 07:10 . 2011-10-03 04:06 145184 c:\winnt\system32\javaw.exe
- 2011-05-11 13:11 . 2011-05-11 13:11 145184 c:\winnt\system32\javaw.exe
- 2011-05-11 13:11 . 2011-05-11 13:11 145184 c:\winnt\system32\java.exe
+ 2011-11-07 07:10 . 2011-10-03 04:06 145184 c:\winnt\system32\java.exe
+ 2011-11-07 07:12 . 2011-11-07 07:12 203776 c:\winnt\Installer\55a63.msi
- 2011-08-16 08:55 . 2011-10-20 11:02 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2011-08-16 08:55 . 2011-11-14 14:49 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2011-08-16 08:55 . 2011-11-14 14:49 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-08-16 08:55 . 2011-11-14 14:49 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2011-10-04 09:02 . 2011-10-20 11:03 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2011-10-04 09:02 . 2011-11-14 14:49 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-08-16 08:55 . 2011-11-14 14:49 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-08-16 08:55 . 2011-11-14 14:49 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]
"Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]
.
d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]
.
d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214]
Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]
"Script"=deontologieLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]
backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
backup=c:\winnt\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 00:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]
2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch SilverCrest OMC807]
2010-06-28 07:01 860160 ----a-w- c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 16:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]
2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=
"c:\\WINNT\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 17:37 691696]
R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 8:54 14592]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 17:47 35692]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 18:10 712048]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 15:13 70656]
R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 8:12 6016]
R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 20:11 4096]
R3 MBAMProtector;MBAMProtector;c:\winnt\system32\drivers\mbam.sys [8/02/2009 15:16 22216]
S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]
S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 19:55 33536]
S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 14:32 37120]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 6:39 135664]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 13:47 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 13:47 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 13:47 65152]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 18:50 19840]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 17:02 67240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-11-15 c:\winnt\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]
.
2011-11-15 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-11-15 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-11-10 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
2011-11-14 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://intranet/index.php?page=&langue=nl
uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: intranet
TCP: DhcpNameServer = 192.168.2.1
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab
FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: network.proxy.http - http://intranet/proxy.pac
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 2
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-11-15 07:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\pcsinst.dll
.
Voltooingstijd: 2011-11-15 08:01:03
ComboFix-quarantined-files.txt 2011-11-15 07:00
ComboFix2.txt 2011-10-24 16:53
ComboFix3.txt 2011-10-21 06:09
.
Pre-Run: 19.404.394.496 bytes beschikbaar
Post-Run: 19.380.170.752 bytes beschikbaar
.
- - End Of File - - 499170EFC5625BD9A790532E78EE7F02
-
-
Hallo,
de map adm_1sd21 is een map die wordt aangemaakt wanneer de helpdesk een probleem tracht op te lossen. Ze lijkt mij dus niet echt abnormaal.
Hierbij het logje van Combofix :
ComboFix 11-10-24.02 - pgadebac 24/10/2011 18:41:11.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2299 [GMT 2:00]
Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: d:\documents and settings\pgadebac\Bureaublad\CFScript.txt
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-09-24 to 2011-10-24 ))))))))))))))))))))))))))))))
.
.
2011-10-24 13:46 . 2011-10-24 13:46 -------- d-----w- d:\documents and settings\pgadebac\Application Data\Foxit Software
2011-10-21 07:24 . 2010-06-19 06:30 14848 ----a-w- c:\winnt\system32\drivers\InputFilter_FlexDef2b.sys
2011-10-21 07:23 . 2011-10-21 07:24 -------- d-----w- c:\program files\SilverCrest OMC807 Driver
2011-10-21 05:51 . 2011-10-24 16:40 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend
2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software
2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks
2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-04 13:16 . 2011-10-04 13:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Brother
2011-10-04 13:09 . 2010-05-10 08:45 103736 ----a-w- c:\winnt\system32\BRRBTOOL.EXE
2011-10-04 13:09 . 2005-01-17 07:10 45056 ----a-w- c:\winnt\system32\BRTCPCON.DLL
2011-10-04 13:09 . 2006-12-21 02:23 176128 ----a-w- c:\winnt\system32\BROSNMP.DLL
2011-10-04 13:09 . 2004-08-09 06:42 77824 ----a-w- c:\winnt\system32\BRLMW03A.DLL
2011-10-04 13:09 . 2010-04-02 05:33 25299 ----a-w- c:\winnt\system32\BRLM03A.DLL
2011-09-26 11:34 . 2011-09-26 11:34 -------- d-----w- d:\documents and settings\debacker\Application Data\McAfee
2011-09-26 10:03 . 2011-10-17 13:18 -------- d-----w- C:\Temp_Backup
2011-09-26 10:02 . 2011-09-26 10:03 -------- d-----w- d:\documents and settings\adm_1sd21
2011-09-26 08:37 . 2011-09-26 08:37 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE
2011-09-26 08:36 . 2011-09-26 08:36 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\IBM
2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\McAfee
2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\Stardock
2011-09-26 08:23 . 2011-09-26 08:23 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-21_06.06.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-21 09:27 . 2011-10-21 09:27 16384 c:\winnt\Temp\Perflib_Perfdata_790.dat
+ 2011-10-04 09:02 . 2011-10-24 13:26 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2011-10-04 09:02 . 2011-10-20 11:03 23040 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2011-10-04 09:02 . 2011-10-24 13:26 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2011-10-04 09:02 . 2011-10-20 11:02 61440 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2011-10-04 09:02 . 2011-10-20 11:03 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2011-10-04 09:02 . 2011-10-24 13:26 27136 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2011-08-16 08:55 . 2011-10-24 13:26 11264 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2011-10-04 09:02 . 2011-10-20 11:02 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2011-10-04 09:02 . 2011-10-24 13:26 86016 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-08-16 08:55 . 2011-10-24 13:26 12288 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2011-10-04 09:02 . 2011-10-24 13:26 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2011-10-04 09:02 . 2011-10-20 11:03 4096 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2011-08-16 08:55 . 2011-10-24 13:26 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 409600 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2011-08-16 08:55 . 2011-10-24 13:26 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 286720 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-08-16 08:55 . 2011-10-24 13:26 249856 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2011-10-04 09:02 . 2011-10-24 13:26 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-10-04 09:02 . 2011-10-20 11:03 794624 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2011-08-16 08:55 . 2011-10-24 13:26 135168 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2011-08-16 08:55 . 2011-10-20 11:02 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2011-08-16 08:55 . 2011-10-24 13:26 593920 c:\winnt\Installer\{90110413-6000-11D3-8CFE-0150048383C9}\accicons.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]
"Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"Launch SilverCrest OMC807"="c:\program files\SilverCrest OMC807 Driver\MouClient_FD2_9063RL.exe" [2010-06-28 860160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]
.
d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]
.
d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214]
Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]
"Script"=deontologieLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]
backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
backup=c:\winnt\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]
2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 17:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]
2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=
"c:\\WINNT\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 18:37 691696]
R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 9:54 14592]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 18:47 35692]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 16:13 70656]
R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 9:12 6016]
R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 21:11 4096]
S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]
S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]
S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]
S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 20:55 33536]
S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 15:32 37120]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 14:47 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 14:47 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 14:47 65152]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 19:50 19840]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 18:02 67240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-10-21 c:\winnt\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]
.
2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-10-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
2011-10-24 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://intranet/index.php?page=&langue=nl
mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google
uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: intranet
TCP: DhcpNameServer = 192.168.2.1
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab
FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: network.proxy.http - http://intranet/proxy.pac
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 2
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-24 18:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\pcsinst.dll
c:\winnt\system32\beidcsp.dll
c:\winnt\system32\beidCSPLib.dll
c:\winnt\system32\beid35DlgsWin32.dll
c:\winnt\system32\beid35common.dll
c:\winnt\system32\beid35cardlayer.dll
.
- - - - - - - > 'explorer.exe'(1876)
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\winnt\system32\webcheck.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2011-10-24 18:53:43
ComboFix-quarantined-files.txt 2011-10-24 16:53
ComboFix2.txt 2011-10-21 06:09
.
Pre-Run: 19.373.723.648 bytes beschikbaar
Post-Run: 19.349.856.256 bytes beschikbaar
.
- - End Of File - - E53FF81428BB22F73CD7FCAD2D77C8B5
-
Ik heb ComboFix gedraaid. Hierbij het logje:
ComboFix 11-10-20.08 - pgadebac 21/10/2011 7:58.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2942.2216 [GMT 2:00]
Gestart vanuit: d:\documents and settings\pgadebac\Bureaublad\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Aanwezig AV is actief
.
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-09-21 to 2011-10-21 ))))))))))))))))))))))))))))))
.
.
2011-10-21 05:51 . 2011-10-21 05:51 -------- d--h--r- d:\documents and settings\pgadebac\Onlangs geopend
2011-10-18 07:26 . 2011-10-18 07:26 -------- d-----w- d:\documents and settings\pgadebac\Application Data\smkits
2011-10-17 08:00 . 2011-10-17 08:00 -------- d-----w- c:\program files\Foxit Software
2011-10-17 05:57 . 2011-10-17 07:56 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Solid State Networks
2011-10-04 15:40 . 2011-10-04 15:40 388096 ----a-r- d:\documents and settings\pgadebac\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-04 13:16 . 2011-10-04 13:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Brother
2011-10-04 13:09 . 2010-05-10 08:45 103736 ----a-w- c:\winnt\system32\BRRBTOOL.EXE
2011-10-04 13:09 . 2005-01-17 07:10 45056 ----a-w- c:\winnt\system32\BRTCPCON.DLL
2011-10-04 13:09 . 2006-12-21 02:23 176128 ----a-w- c:\winnt\system32\BROSNMP.DLL
2011-10-04 13:09 . 2004-08-09 06:42 77824 ----a-w- c:\winnt\system32\BRLMW03A.DLL
2011-10-04 13:09 . 2010-04-02 05:33 25299 ----a-w- c:\winnt\system32\BRLM03A.DLL
2011-09-26 11:34 . 2011-09-26 11:34 -------- d-----w- d:\documents and settings\debacker\Application Data\McAfee
2011-09-26 10:03 . 2011-10-17 13:18 -------- d-----w- C:\Temp_Backup
2011-09-26 10:02 . 2011-09-26 10:03 -------- d-----w- d:\documents and settings\adm_1sd21
2011-09-26 08:37 . 2011-09-26 08:37 -------- d-sh--w- d:\documents and settings\Administrator\PrivacIE
2011-09-26 08:36 . 2011-09-26 08:36 -------- d-----w- d:\documents and settings\Administrator\Local Settings\Application Data\IBM
2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\McAfee
2011-09-26 08:25 . 2011-09-26 08:25 -------- d-----w- d:\documents and settings\Administrator\Application Data\Stardock
2011-09-26 08:23 . 2011-09-26 08:23 -------- d-sh--w- d:\documents and settings\Administrator\IETldCache
2011-09-23 18:01 . 2006-10-26 17:56 33104 ----a-w- c:\winnt\system32\Spool\prtprocs\w32x86\msonpppr.dll
2011-09-23 18:01 . 2006-10-26 17:56 32592 ----a-w- c:\winnt\system32\msonpmon.dll
2011-09-23 17:59 . 2011-09-23 17:59 -------- d-----w- c:\program files\Microsoft Works
2011-09-23 17:54 . 2011-09-23 17:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2011-09-23 17:52 . 2011-09-23 17:52 -------- d-----w- d:\documents and settings\pgadebac\Local Settings\Application Data\Microsoft Help
2011-09-23 17:52 . 2011-10-18 11:22 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 12:01 . 2011-03-24 05:08 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-02-04 18:07 . 2010-06-18 16:02 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 303104]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-02-04 124224]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2007-02-20 1191936]
"Logon"="c:\winnt\system32\loglogon.exe" [2008-07-23 199989]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-06-08 333120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\winnt\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\winnt\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe" [2010-10-12 232912]
.
d:\documents and settings\pgadebac\Menu Start\Programma's\Opstarten\
Stickies.lnk - c:\program files\Stickies\stickies.exe [2008-8-28 765952]
.
d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Acrobat Snelle start.lnk - c:\winnt\Installer\{AC76BA86-1030-D700-7760-100000000002}\SC_Acrobat.exe [2008-10-22 25214]
Taakbalkpictogram van Connected.LNK - c:\program files\Connected\CBSysTray.exe [2008-9-30 114688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2008-02-20 14:13 49152 ----a-w- c:\winnt\system32\pcsinst.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-12977\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-28925\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\0\0]
"Script"=deontologieLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-6869\Scripts\Logon\1\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83173\Scripts\Logon\0\0]
"Script"=\\10.20.129.10\backuppc\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-667808998-3646381641-2365837644-83611\Scripts\Logon\0\0]
"Script"=\\finbel\findata\minfin\Deployment\BackupPC\Installpcbackup.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=c:\winnt\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Bluetooth Manager.lnk]
backup=c:\winnt\pss\Bluetooth Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Windows Search.lnk]
backup=c:\winnt\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2010-02-05 11:29 2056192 ----a-w- c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-02-20 10:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-01 05:12 133104 ----atw- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intoan]
2005-09-29 17:34 4549632 ----a-w- c:\program files\Intoan\Agent\IntoanAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 02:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 17:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NOTESMON]
2006-12-12 15:39 80896 ----a-w- c:\program files\AddInForLotusNotes\notesmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2011-02-04 18:07 124224 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Cisco Systems\\Cisco IP Communicator\\communicatork9.exe"=
"c:\\WINNT\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"d:\\Data\\Mijn documenten\\PATRICK NIOD\\ONDERHOUD PC\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 sptd;sptd;c:\winnt\system32\drivers\sptd.sys [26/08/2010 18:37 691696]
R1 HttpDisk;HttpDisk;c:\winnt\system32\drivers\httpdisk.sys [17/07/2008 9:54 14592]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\winnt\system32\drivers\CdpPacket.sys [24/01/2008 18:47 35692]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [19/03/2009 19:10 712048]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\winnt\system32\drivers\pdlndldl6.sys [20/02/2008 16:13 70656]
R2 vnccom;vnccom;c:\winnt\system32\drivers\vnccom.SYS [17/07/2008 9:12 6016]
R3 bbcap;bbcap;c:\winnt\system32\drivers\bbcap.sys [15/01/2009 21:11 4096]
S0 crpf;crpf;c:\winnt\system32\drivers\crpf.sys --> c:\winnt\system32\drivers\crpf.sys [?]
S0 csdf;cdsf;c:\winnt\system32\drivers\csdf.sys --> c:\winnt\system32\drivers\csdf.sys [?]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]
S2 gupdate1c9c883e3eb492;Google Updateservice (gupdate1c9c883e3eb492);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]
S2 SSPORT;SSPORT;\??\c:\winnt\system32\Drivers\SSPORT.sys --> c:\winnt\system32\Drivers\SSPORT.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\winnt\system32\drivers\a38usb.sys [29/09/2008 20:55 33536]
S3 GTUQBUS;GT UQ BUS;c:\winnt\system32\drivers\gtuqbus.sys [13/02/2009 15:32 37120]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [15/01/2010 7:39 135664]
S3 hwcdcmdm0;HUAWEI Mobile Connect - 3G Modem;c:\winnt\system32\drivers\ewusbmdm.sys [12/02/2009 14:47 65152]
S3 hwusbapp;HUAWEI Mobile Connect - 3G PC UI Interface;c:\winnt\system32\drivers\ewusbapp.sys [12/02/2009 14:47 65152]
S3 hwusbser;HUAWEI Mobile Connect - 3G Application Interface;c:\winnt\system32\drivers\ewusbser.sys [12/02/2009 14:47 65152]
S3 ImDisk;ImDisk Virtual Disk Driver;c:\winnt\system32\drivers\imdisk.sys [17/03/2008 19:50 19840]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\winnt\system32\drivers\massfilter.sys --> c:\winnt\system32\drivers\massfilter.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\winnt\system32\drivers\mferkdet.sys [18/06/2010 18:02 67240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhoud van de 'Gedeelde Taken' map
.
2011-10-21 c:\winnt\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-11-21 09:47]
.
2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-15 05:39]
.
2011-10-19 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006Core.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-3712614485-1044013603-244294945-1006UA.job
- d:\documents and settings\debacker\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-10-01 20:08]
.
2011-10-20 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869Core.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
2011-10-21 c:\winnt\Tasks\GoogleUpdateTaskUserS-1-5-21-667808998-3646381641-2365837644-6869UA.job
- d:\documents and settings\pgadebac\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-01 05:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://intranet/index.php?page=&langue=nl
mStart Page = hxxp://dutch.toggle.com/nl/index.php?rvs=google
uInternet Connection Wizard,ShellNext = hxxp://10.2.31.212/homenl
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Add to Google Photos Screensa&ver - c:\winnt\system32\GPhotos.scr/200
IE: Converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Geselecteerde koppelingen converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Geselecteerde koppelingen converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Koppelingsdoel converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Koppelingsdoel converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Selectie converteren naar Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Selectie converteren naar bestaande PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: intranet
TCP: DhcpNameServer = 192.168.2.1
DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} - hxxps://mail07-57.finbel.intra/dwa85W.cab
FF - ProfilePath - d:\documents and settings\pgadebac\Application Data\Mozilla\Firefox\Profiles\mn9m13ub.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be
FF - prefs.js: network.proxy.http - http://intranet/proxy.pac
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 2
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - true
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-Advanced SystemCare 4 - c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-21 08:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5d,56,2c,24,e9,d7,d5,43,9c,d4,1b,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINNT\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(1364)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\system32\pcsinst.dll
.
- - - - - - - > 'explorer.exe'(3392)
c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll
c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll
c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll
c:\winnt\system32\webcheck.dll
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Voltooingstijd: 2011-10-21 08:09:39
ComboFix-quarantined-files.txt 2011-10-21 06:09
.
Pre-Run: 19.438.383.104 bytes beschikbaar
Post-Run: 19.509.719.040 bytes beschikbaar
.
- - End Of File - - 16C39F9DEBB8DFADC3B8DF6E2B8C34BC
-
Ik heb dus een map onder:\Documents and Settings\pgadebac\Application Data\Schmap, maar niet onder Program files (de program files staan trouwens onder C: en niet D:).
Mag ik de map onder Application Data gewoon wissen ?
Nadien draai ik dan wel Combofix.
laptop woordt traag - opstarten duurt heel lang
in Archief Bestrijding malware & virussen
Geplaatst:
Hallo,
de laptop wordt nogal traag. Vooral het opstarten neemt nogal wat tijd in beslag.
Een snelle scan met MalwareBytes heeft niets opgeleverd.
Hierbij een HijackThis logje:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:04:30, on 24/08/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
CHROME: 28.0.1500.95
Boot mode: Normal
Running processes:
C:\Windows\PLFSetI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe
C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Nele\Desktop\onderhoud PC\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: YTD Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\7.4\ytdToolbarIE.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [F-Secure Hoster (44163)] "C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe" -app -hosterid:1
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
O4 - HKLM\..\Run: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Nele\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B1D8BE1-18A3-40BC-8D0B-D94E936B151C}: NameServer = 81.169.60.107 81.169.60.107
O17 - HKLM\System\CS1\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107
O17 - HKLM\System\CS2\Services\Tcpip\..\{3DAAF3D0-17F6-4DDE-8FFD-1C27AB5CB9F4}: NameServer = 81.169.60.107 81.169.60.107
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\apps\CCF_Reputation\fsorsp.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
O23 - Service: Guard Agent Service (Guard Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sierra Wireless Card Detection Service (SwiCardDetectSvc) - Sierra Wireless, Inc. - C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Vodafone Mobile Broadband-service (VmbService) - Vodafone - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13108 bytes