via Norton Ghost PC herstarten

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\programdata\BF31EC6D50.sys

c:\program files\Application Updater\ApplicationUpdater.exe

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Driver::

Application Updater

FCOPY::

c:\windows\ServicePackFiles\i386\userinit.exe | c:\windows\system32\userinit.exe

Firefox::

FF - ProfilePath - c:\users\Pol\AppData\Roaming\Mozilla\Firefox\Profiles\0pkevk53.default\

FF - prefs.js: browser.search.selectedEngine –

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[PolH]

Beste Kape, zou het misschien niet beter zijn dat ik de situatie van vorig jaar via Norton Ghost terug zet?

of is er nog een probleem met mijn data?

maar hieronder zoals gevraagd:

ComboFix 11-05-17.03 - Pol 18/05/2011 18:03:55.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1976.831 [GMT 2:00]

Gestart vanuit: c:\users\Pol\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pol\Desktop\CFScript.txt

AV: McAfee® Total Protection™ Service *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee® Total Protection™ Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee® Total Protection™ Service *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\program files\Application Updater\ApplicationUpdater.exe"

"c:\programdata\BF31EC6D50.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Application Updater

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-18 to 2011-05-18 ))))))))))))))))))))))))))))))

.

.

2011-05-18 12:22 . 2011-05-18 12:22 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2011-05-18 08:45 . 2011-05-18 08:45 -------- d-----w- c:\users\Pol\AppData\Roaming\Malwarebytes

2011-05-18 08:45 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-18 08:45 . 2011-05-18 08:45 -------- d-----w- c:\programdata\Malwarebytes

2011-05-18 08:45 . 2011-05-18 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-18 08:45 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-17 16:29 . 2011-05-17 16:29 -------- d-----w- c:\users\Pol\AppData\Local\Symantec

2011-05-11 13:49 . 2011-05-11 13:49 -------- d-----w- c:\program files\CCleaner

2011-05-10 09:51 . 2011-05-10 09:51 388096 ----a-r- c:\users\Pol\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-10 09:51 . 2011-05-10 09:51 -------- d-----w- c:\program files\Trend Micro

2011-05-06 07:50 . 2011-05-06 07:50 -------- d-----w- c:\programdata\AVS4YOU

2011-05-06 07:50 . 2011-05-06 07:50 -------- d-----w- c:\users\Pol\AppData\Roaming\AVS4YOU

2011-05-06 07:49 . 2011-05-06 07:49 -------- d-----w- c:\program files\Common Files\AVSMedia

2011-05-06 07:49 . 2011-05-06 07:49 -------- d-----w- c:\program files\AVS4YOU

2011-05-06 07:49 . 2011-01-11 09:53 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2011-05-06 07:49 . 2011-01-11 09:53 24576 ----a-w- c:\windows\system32\msxml3a.dll

2011-05-06 07:34 . 2011-05-06 07:34 88 --sh--r- c:\programdata\BF31EC6D50.sys

2011-05-06 07:34 . 2011-05-06 07:34 -------- d-----w- c:\users\Pol\AppData\Roaming\Corel

2011-05-06 07:34 . 2011-05-06 07:34 2828 --sha-w- c:\programdata\KGyGaAvL.sys

2011-04-26 19:30 . 2011-04-26 19:30 -------- d-----w- c:\program files\File Scavenger 3.2

2011-04-22 11:17 . 2011-05-12 08:04 -------- d-----w- c:\users\Pol\AppData\Local\Microsoft Games

2011-04-21 13:36 . 2011-04-21 18:47 -------- d-----w- c:\users\Pol\AppData\Local\Meshin

2011-04-21 13:29 . 2011-04-21 13:29 -------- d-----w- c:\program files\PARC

2011-04-21 13:19 . 2011-04-21 13:19 -------- d-----w- c:\program files\Outlook on the Desktop

2011-04-21 13:18 . 2011-05-11 13:47 -------- d-----w- C:\Download

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-03-17 07:18 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-11 05:40 . 2011-04-15 19:32 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:40 . 2011-04-15 19:32 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-08 05:38 . 2011-04-15 19:32 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:29 . 2011-04-15 19:33 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27 . 2011-04-15 19:33 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:31 . 2011-04-15 19:32 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 05:32 . 2011-04-15 19:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 05:32 . 2011-04-15 19:33 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30 . 2011-04-15 19:32 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23 . 2011-04-15 19:32 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50 . 2011-04-15 19:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-23 05:06 . 2011-04-15 19:33 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-23 05:05 . 2011-04-15 19:33 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-23 05:05 . 2011-04-15 19:33 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-23 05:05 . 2011-04-15 19:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 05:05 . 2011-04-15 19:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 05:05 . 2011-04-15 19:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 05:05 . 2011-04-15 19:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

2011-02-19 05:33 . 2011-03-09 08:11 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 05:32 . 2011-03-09 08:11 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 05:32 . 2011-03-09 08:11 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 05:32 . 2011-04-15 19:33 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-02-19 03:37 . 2011-04-15 19:33 294912 ----a-w- c:\windows\system32\atmfd.dll

2011-02-18 05:36 . 2011-04-15 19:33 428032 ----a-w- c:\windows\system32\vbscript.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Pol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Pol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Pol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1515576]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-11 39408]

"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]

"OutlookOnDesktop"="c:\program files\Outlook on the Desktop\OutlookDesktop.exe" [2010-08-29 316928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-04 1791272]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708]

"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SignIn"="c:\program files\Microsoft Online Services\Sign In\SignIn.exe" [2010-03-09 1734512]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-08-12 2060288]

"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2010-10-21 760968]

"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-03-09 104416]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\users\Pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Pol\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, schannel.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray]

2010-02-17 20:07 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackup]

2010-05-03 20:48 923480 ----a-w- c:\program files\Symantec\Norton Online Backup\NOBuClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

2010-01-12 19:27 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 16:26 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]

2010-10-29 15:12 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 136176]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usbxp.sys [2004-04-30 24832]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2010-02-12 1574408]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-02-08 83912]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2010-08-20 107992]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2010-08-20 127352]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]

R3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [2008-01-19 41728]

R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168]

R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-02-08 160912]

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20110510.001\IDSvix86.sys [2010-09-15 287792]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdminService10.2B;AdminService for OpenEdge 10.2B;c:\program files\OpenEdge\bin\AdmSrvc.exe [2009-12-14 28672]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]

S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2010-08-26 1034208]

S2 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2010-08-26 1021920]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]

S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-08-07 222528]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-02-08 141792]

S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2010-02-17 282824]

S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe service [x]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-03-09 583648]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe service [x]

S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2010-10-21 1130120]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 57840]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 996896]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]

S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2010-02-11 1964528]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - COMHOST

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 08:34]

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 08:34]

.

2011-04-19 c:\windows\Tasks\HPCeeScheduleForPol.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.destandaard.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: kbc.be

Trusted Zone: kbcgroup.eu

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: cbc.be\cbc-pdf

Trusted Zone: cbc.be\cbconline

Trusted Zone: cbc.be\static

Trusted Zone: cbc.be\www

Trusted Zone: cbc.eu\www

Trusted Zone: isabel.be\*.IBS6

Trusted Zone: isabel.be\gotoIBS6

Trusted Zone: isabel.be\pki

Trusted Zone: isabel.be\www

Trusted Zone: isabel.eu\upgrade

Trusted Zone: isabel.eu\www

Trusted Zone: kbc.be\kbc-pdf

Trusted Zone: kbc.be\kbconline

Trusted Zone: kbc.be\static

Trusted Zone: kbc.be\www

Trusted Zone: kbc.com\www

Trusted Zone: kbc.eu\www

Trusted Zone: kbcam.be\www

Trusted Zone: kbcam.com\www

Trusted Zone: kbcbankingforbusiness.com\www

Trusted Zone: kbcgroup.eu\multimediafiles

Trusted Zone: kbcgroup.eu\www

Trusted Zone: kbcmerchantbanking.com\www

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

Trusted Zone: siteadvisor.com\www

DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab

FF - ProfilePath - c:\users\Pol\AppData\Roaming\Mozilla\Firefox\Profiles\0pkevk53.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'Explorer.exe'(2948)

c:\users\Pol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\System32\pnidui.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\STacSV.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\LSI SoftModem\agrsmsvc.exe

c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe

c:\program files\PC Tools Utilities\Tools\Defrag\DMDefragSrvProxy.exe

c:\program files\PC Tools Utilities\Tools\Repair\DMRepairSrvProxy.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe

c:\program files\Norton Ghost\Agent\VProSvc.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Fighters\SPAMfighter\sfus.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\OpenEdge\jre\bin\java.exe

c:\windows\system32\conhost.exe

c:\windows\system32\wbem\unsecapp.exe

c:\windows\system32\wbem\WmiApSrv.exe

c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\system32\conhost.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\sppsvc.exe

c:\windows\system32\taskhost.exe

.

**************************************************************************

.

Voltooingstijd: 2011-05-18 18:32:20 - machine werd herstart

ComboFix-quarantined-files.txt 2011-05-18 16:32

ComboFix2.txt 2011-05-18 12:52

.

Pre-Run: 236.333.305.856 bytes beschikbaar

Post-Run: 236.251.717.632 bytes beschikbaar

.

- - End Of File - - 26D04A5637061FAD23F5582A125F15D9

[kape]

Hoe gedraagt de PC zich nu ?

[PolH]

Beste Kape,

ik heb nog niet veel gedaan, was weg.

schijnbaar gaat het nu goed, na morgen kan ik zien of alles terug goed funcitoneert. Ik laat je iets weten

[PolH]

Beste Kape,

oulook loopt soms nog vast, ik moet naar taakbeheer gaan om het te beeindigen!

ik heb ooit "Meshin" geinstalleerd kan dat de reden zijn? en hoe krijg ik die eruit?

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\programdata\BF31EC6D50.sys

Folder::

c:\users\Pol\AppData\Local\Meshin

Firefox::

FF - ProfilePath - c:\users\Pol\AppData\Roaming\Mozilla\Firefox\Profiles\0pkevk53.default\

FF - prefs.js: browser.search.selectedEngine -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[PolH]

er gebeuren toch rare dingen,

soms vraagt hij om mijn netwerk verbinding via Bluetooth te doen en als ik op annuleren klop ben ik mijn internet kwijt

na de herstelling via Ghost zie ik nu nog 2 bijkomende schijven zonder naam en zonder data d: e:

zou het dan toch niet beter zijn alles terug te zetten naar de situatie van een jaar geleden? de data heb ik op mijn ander computer

hier het comboFix bestand:

ComboFix 11-05-19.01 - Pol 20/05/2011 14:47:36.3.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.1976.745 [GMT 2:00]

Gestart vanuit: c:\users\Pol\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pol\Desktop\CFScript.txt

AV: McAfee® Total Protection™ Service *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee® Total Protection™ Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee® Total Protection™ Service *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\programdata\BF31EC6D50.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Pol\AppData\Local\Meshin

c:\users\Pol\AppData\Local\Meshin\index.038e648f69b23b2a59daf262d8122a24\data.0.5.db3

c:\users\Pol\AppData\Local\Meshin\index.038e648f69b23b2a59daf262d8122a24\fts.name.0.5.db3

c:\users\Pol\AppData\Local\Meshin\index.038e648f69b23b2a59daf262d8122a24\fts.text.0.5.db3

c:\users\Pol\AppData\Local\Meshin\LinkedIn\linkedIn_session.2.bin

c:\windows\system32\~.inf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-20 to 2011-05-20 ))))))))))))))))))))))))))))))

.

.

2011-05-20 13:07 . 2011-05-20 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-05-20 09:49 . 2011-05-20 10:45 82527 ----a-w- c:\windows\system32\~.tmp

2011-05-18 12:22 . 2011-05-20 12:41 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS

2011-05-18 08:45 . 2011-05-18 08:45 -------- d-----w- c:\users\Pol\AppData\Roaming\Malwarebytes

2011-05-18 08:45 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-18 08:45 . 2011-05-18 08:45 -------- d-----w- c:\programdata\Malwarebytes

2011-05-18 08:45 . 2011-05-18 08:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-18 08:45 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-17 16:29 . 2011-05-17 16:29 -------- d-----w- c:\users\Pol\AppData\Local\Symantec

2011-05-11 13:49 . 2011-05-11 13:49 -------- d-----w- c:\program files\CCleaner

2011-05-11 11:31 . 2011-04-09 06:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-05-11 11:31 . 2011-04-09 06:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-05-10 09:51 . 2011-05-10 09:51 388096 ----a-r- c:\users\Pol\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-05-10 09:51 . 2011-05-10 09:51 -------- d-----w- c:\program files\Trend Micro

2011-05-06 07:50 . 2011-05-06 07:50 -------- d-----w- c:\programdata\AVS4YOU

2011-05-06 07:50 . 2011-05-06 07:50 -------- d-----w- c:\users\Pol\AppData\Roaming\AVS4YOU

2011-05-06 07:49 . 2011-05-06 07:49 -------- d-----w- c:\program files\Common Files\AVSMedia

2011-05-06 07:49 . 2011-05-06 07:49 -------- d-----w- c:\program files\AVS4YOU

2011-05-06 07:49 . 2011-01-11 09:53 1700352 ----a-w- c:\windows\system32\GdiPlus.dll

2011-05-06 07:49 . 2011-01-11 09:53 24576 ----a-w- c:\windows\system32\msxml3a.dll

2011-05-06 07:34 . 2011-05-06 07:34 88 --sh--r- c:\programdata\BF31EC6D50.sys

2011-05-06 07:34 . 2011-05-06 07:34 -------- d-----w- c:\users\Pol\AppData\Roaming\Corel

2011-05-06 07:34 . 2011-05-06 07:34 2828 --sha-w- c:\programdata\KGyGaAvL.sys

2011-04-26 19:30 . 2011-04-26 19:30 -------- d-----w- c:\program files\File Scavenger 3.2

2011-04-22 11:17 . 2011-05-12 08:04 -------- d-----w- c:\users\Pol\AppData\Local\Microsoft Games

2011-04-21 13:29 . 2011-04-21 13:29 -------- d-----w- c:\program files\PARC

2011-04-21 13:19 . 2011-04-21 13:19 -------- d-----w- c:\program files\Outlook on the Desktop

2011-04-21 13:18 . 2011-05-11 13:47 -------- d-----w- C:\Download

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

2011-03-17 07:18 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-11 05:40 . 2011-04-15 19:32 1137664 ----a-w- c:\windows\system32\mfc42.dll

2011-03-11 05:40 . 2011-04-15 19:32 1164288 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-08 05:38 . 2011-04-15 19:32 740864 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-03 05:29 . 2011-04-15 19:33 132608 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-03-03 05:27 . 2011-04-15 19:33 28672 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-03-03 03:31 . 2011-04-15 19:32 2331136 ----a-w- c:\windows\system32\win32k.sys

2011-02-24 05:32 . 2011-04-15 19:32 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-24 05:32 . 2011-04-15 19:33 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-24 05:30 . 2011-04-15 19:32 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-24 04:23 . 2011-04-15 19:32 386048 ----a-w- c:\windows\system32\html.iec

2011-02-24 03:50 . 2011-04-15 19:32 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-02-23 05:06 . 2011-04-15 19:33 311296 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-23 05:05 . 2011-04-15 19:33 309760 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-02-23 05:05 . 2011-04-15 19:33 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-02-23 05:05 . 2011-04-15 19:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-02-23 05:05 . 2011-04-15 19:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-02-23 05:05 . 2011-04-15 19:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-23 05:05 . 2011-04-15 19:32 69632 ----a-w- c:\windows\system32\drivers\bowser.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Pol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Pol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2009-12-09 01:19 94208 ----a-w- c:\users\Pol\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPAdvisorDock"="c:\program files\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1515576]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-11 39408]

"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2011-01-31 703360]

"OutlookOnDesktop"="c:\program files\Outlook on the Desktop\OutlookDesktop.exe" [2010-08-29 316928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-01-28 256056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-04 1791272]

"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-12 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-12 175640]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-12 166936]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-01-29 495708]

"Norton Ghost 15.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2010-03-03 2598760]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"SignIn"="c:\program files\Microsoft Online Services\Sign In\SignIn.exe" [2010-03-09 1734512]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-08-12 2060288]

"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2010-10-21 760968]

"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-10-20 2192752]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-03-09 104416]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]

.

c:\users\Pol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Pol\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders credssp.dll, schannel.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Managed Services Tray]

2010-02-17 20:07 476480 ----a-w- c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackup]

2010-05-03 20:48 923480 ----a-w- c:\program files\Symantec\Norton Online Backup\NOBuClient.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

2010-01-12 19:27 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-10-09 16:26 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]

2010-10-29 15:12 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 AdminService10.2B;AdminService for OpenEdge 10.2B;c:\program files\OpenEdge\bin\AdmSrvc.exe [2009-12-14 28672]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 136176]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usbxp.sys [2004-04-30 24832]

R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]

R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2010-02-12 1574408]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-02-08 83912]

R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-07-26 137600]

R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-07-26 8576]

R3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2010-08-20 107992]

R3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2010-08-20 127352]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]

R3 stusb2ir;USB 2.0 IrDA Bridge;c:\windows\system32\DRIVERS\stusb2ir.sys [2008-01-19 41728]

R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 7168]

R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-14 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-02-08 160912]

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20110510.001\IDSvix86.sys [2010-09-15 287792]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\aestsrv.exe [2009-03-03 81920]

S2 DMDefragService;Performance Toolkit Disk Defrag Service;c:\program files\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [2010-08-26 1034208]

S2 DMRepairService;Performance Toolkit Disk Repair Service;c:\program files\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [2010-08-26 1021920]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-01-28 265272]

S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]

S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-08-07 222528]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-02-08 141792]

S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [2010-02-17 282824]

S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe service [x]

S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-03-09 583648]

S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2010-01-12 635416]

S2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\Fighters\SPAMfighter\sfus.exe service [x]

S2 Suite Service;Suite Service;c:\program files\Fighters\FighterSuiteService.exe [2010-10-21 1130120]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 29472]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592]

S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 57840]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 122880]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-01-12 257568]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-01-20 996896]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2009-02-19 41008]

S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2010-02-11 1964528]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - COMHOST

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-01-22 18:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 08:34]

.

2011-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-11 08:34]

.

2011-05-18 c:\windows\Tasks\HPCeeScheduleForPol.job

- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.destandaard.be/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: kbc.be

Trusted Zone: kbcgroup.eu

Trusted Zone: //about.htm/

Trusted Zone: //Exclude.htm/

Trusted Zone: //FWEvent.htm/

Trusted Zone: //LanguageSelection.htm/

Trusted Zone: //Message.htm/

Trusted Zone: //MyAgttryCmd.htm/

Trusted Zone: //MyAgttryNag.htm/

Trusted Zone: //MyNotification.htm/

Trusted Zone: //NOCLessUpdate.htm/

Trusted Zone: //quarantine.htm/

Trusted Zone: //ScanNow.htm/

Trusted Zone: //strings.vbs/

Trusted Zone: //Template.htm/

Trusted Zone: //Update.htm/

Trusted Zone: //VirFound.htm/

Trusted Zone: cbc.be\cbc-pdf

Trusted Zone: cbc.be\cbconline

Trusted Zone: cbc.be\static

Trusted Zone: cbc.be\www

Trusted Zone: cbc.eu\www

Trusted Zone: isabel.be\*.IBS6

Trusted Zone: isabel.be\gotoIBS6

Trusted Zone: isabel.be\pki

Trusted Zone: isabel.be\www

Trusted Zone: isabel.eu\upgrade

Trusted Zone: isabel.eu\www

Trusted Zone: kbc.be\kbc-pdf

Trusted Zone: kbc.be\kbconline

Trusted Zone: kbc.be\static

Trusted Zone: kbc.be\www

Trusted Zone: kbc.com\www

Trusted Zone: kbc.eu\www

Trusted Zone: kbcam.be\www

Trusted Zone: kbcam.com\www

Trusted Zone: kbcbankingforbusiness.com\www

Trusted Zone: kbcgroup.eu\multimediafiles

Trusted Zone: kbcgroup.eu\www

Trusted Zone: kbcmerchantbanking.com\www

Trusted Zone: mcafee.com\*

Trusted Zone: mcafeeasap.com\betavscan

Trusted Zone: mcafeeasap.com\vs

Trusted Zone: mcafeeasap.com\www

Trusted Zone: siteadvisor.com\www

DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab

FF - ProfilePath - c:\users\Pol\AppData\Roaming\Mozilla\Firefox\Profiles\0pkevk53.default\

FF - prefs.js: network.proxy.type - 0

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2011-05-20 15:14:00

ComboFix-quarantined-files.txt 2011-05-20 13:13

ComboFix2.txt 2011-05-18 16:32

ComboFix3.txt 2011-05-18 12:52

.

Pre-Run: 234.476.244.992 bytes beschikbaar

Post-Run: 234.573.520.896 bytes beschikbaar

.

- - End Of File - - 4CB23C3BF23A940BD09FB4E91AED5AC2

[kape]

Mogelijke malware is nu allemaal verwijderd. Indien je inderdaad beschikt over alle info om je gegevens terug te zetten naar een toestand waarvan je zeker bent dat hij probleemloos was, kan je dit zeker als optie nemen.

[PolH]

ik ga nu zien of hij goed werkt, indien ik terug problemen heb neem ik de versie van vorig jaar bij de opstart

hartelijk dank voor uw medewerking